Picketlink SVN: r622 - in federation/trunk: picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util and 18 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-30 14:30:38 -0500 (Thu, 30 Dec 2010)
New Revision: 622
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/common/SAMLProtocolContext.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java
Removed:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java
Log:
use of saml spec token provider
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -78,26 +78,27 @@
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
-import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.IDPWebRequestUtil;
+import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
-import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder;
import org.w3c.dom.Document;
@@ -919,6 +920,10 @@
throw new RuntimeException(e);
}
+ //Ensure that the Core STS has the SAML20 Token Provider
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.installDefaultConfiguration();
+
if(this.signOutgoingMessages)
{
KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -27,8 +27,8 @@
import junit.framework.TestCase;
+import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
import org.picketlink.identity.federation.core.util.KeyStoreUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
@@ -47,7 +47,9 @@
*/
public void testSigUseCase() throws Exception
{
- AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ SAML2Request samlRequest = new SAML2Request();
+
+ AuthnRequestType authnRequest = samlRequest.createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp", "http://idp", "http://sp");
KeyPair kp = KeyStoreUtil.generateKeyPair("RSA");
Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -29,7 +29,6 @@
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
@@ -47,7 +46,7 @@
*/
public void testRegularRedirectBindingUseCaseWithStringWriter() throws Exception
{
- AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ AuthnRequestType authnRequest = (new SAML2Request()).createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp", "http://idp", "http://sp");
StringWriter sw = new StringWriter();
@@ -69,7 +68,7 @@
*/
public void testRegularRedirectBindingUseCaseWithByteArray() throws Exception
{
- AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ AuthnRequestType authnRequest = (new SAML2Request()).createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp", "http://idp", "http://sp");
ByteArrayOutputStream baos = new ByteArrayOutputStream();
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -27,11 +27,13 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
+import java.net.URI;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.parsers.ParserConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
@@ -41,7 +43,6 @@
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
@@ -81,8 +82,24 @@
String destination,
String issuerValue) throws ConfigurationException
{
- return JBossSAMLAuthnRequestFactory.createAuthnRequestType(
- id, assertionConsumerURL, destination, issuerValue);
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
+ String version = JBossSAMLConstants.VERSION_2_0.get();
+ AuthnRequestType authnRequest = new AuthnRequestType( id, version, issueInstant );
+ authnRequest.setAssertionConsumerServiceURL( URI.create( assertionConsumerURL ));
+ authnRequest.setProtocolBinding( URI.create( JBossSAMLConstants.HTTP_POST_BINDING.get() ));
+ if( destination != null )
+ {
+ authnRequest.setDestination( URI.create( destination ));
+ }
+
+ //Create an issuer
+ NameIDType issuer = new NameIDType();
+ issuer.setValue(issuerValue);
+
+ authnRequest.setIssuer(issuer);
+
+ return authnRequest;
}
/**
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -42,6 +42,7 @@
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.picketlink.identity.federation.core.saml.v2.common.SAMLProtocolContext;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
@@ -50,7 +51,9 @@
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ActionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
@@ -62,6 +65,9 @@
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EvidenceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
@@ -140,11 +146,62 @@
* @param issuerInfo holder with information on the issuer
* @return
* @throws ConfigurationException
+ * @throws ProcessingException
*/
public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo)
- throws ConfigurationException
+ throws ConfigurationException, ProcessingException
{
- return JBossSAMLAuthnResponseFactory.createResponseType(ID, sp, idp, issuerInfo);
+ String responseDestinationURI = sp.getResponseDestinationURI();
+
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
+ //Create an assertion
+ //String id = IDGenerator.create( "ID_" );
+
+ //Create assertion -> subject
+ SubjectType subjectType = new SubjectType();
+
+ //subject -> nameid
+ NameIDType nameIDType = new NameIDType();
+ nameIDType.setFormat( URI.create( idp.getNameIDFormat() ));
+ nameIDType.setValue(idp.getNameIDFormatValue());
+
+ SubjectType.STSubType subType = new SubjectType.STSubType();
+ subType.addBaseID(nameIDType);
+ subjectType.setSubType(subType);
+
+ SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
+ subjectConfirmation.setMethod( idp.getSubjectConfirmationMethod());
+
+ SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
+ subjectConfirmationData.setInResponseTo( sp.getRequestID() );
+ subjectConfirmationData.setRecipient( responseDestinationURI );
+ subjectConfirmationData.setNotBefore(issueInstant);
+ subjectConfirmationData.setNotOnOrAfter(issueInstant);
+
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subjectType.addConfirmation(subjectConfirmation);
+
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ SAMLProtocolContext samlProtocolContext = new SAMLProtocolContext();
+ samlProtocolContext.setSubjectType( subjectType );
+ samlProtocolContext.setIssuerID(nameIDType);
+ sts.issueToken( samlProtocolContext );
+
+ AssertionType assertionType = samlProtocolContext.getIssuedAssertion();
+
+ /*AssertionType assertionType = SAMLAssertionFactory.createAssertion(id,
+ nameIDType , issueInstant, (ConditionsType) null, subjectType, (List<StatementAbstractType>)null );
+ */
+
+ ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
+ //InResponseTo ID
+ responseType.setInResponseTo(sp.getRequestID());
+ //Destination
+ responseType.setDestination(responseDestinationURI);
+
+ return responseType;
}
/**
Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -31,8 +31,7 @@
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.util.DeflateUtil;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
-import org.picketlink.identity.federation.core.util.Base64;
+import org.picketlink.identity.federation.core.util.Base64;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
/**
@@ -45,7 +44,7 @@
{
public void testDeflateEncoding() throws Exception
{
- AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ AuthnRequestType authnRequest = (new SAML2Request()).createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp",
"http://localhost:8080/idp","http://sp");
Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -23,15 +23,16 @@
import java.io.ByteArrayOutputStream;
-import junit.framework.TestCase;
+import junit.framework.Assert;
+import org.junit.Test;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
@@ -40,21 +41,27 @@
* @author Anil.Saldhana(a)redhat.com
* @since Dec 9, 2008
*/
-public class SAML2AuthnResponseUnitTestCase extends TestCase
+public class SAML2AuthnResponseUnitTestCase
{
+ @Test
public void testResponseTypeCreation() throws Exception
{
+ //Initialize the Core STS
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.installDefaultConfiguration();
+
IssuerInfoHolder issuerHolder = new IssuerInfoHolder("http://idp");
issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
IDPInfoHolder idp = new IDPInfoHolder();
idp.setNameIDFormatValue(IDGenerator.create());
+
+ SAML2Response saml2Response = new SAML2Response();
- ResponseType rt = JBossSAMLAuthnResponseFactory.createResponseType("response111",
+ ResponseType rt = saml2Response.createResponseType("response111",
new SPInfoHolder(), idp, issuerHolder);
- assertNotNull(rt);
+ Assert.assertNotNull(rt);
- SAML2Response saml2Response = new SAML2Response();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
saml2Response.marshall(rt, baos);
}
Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -43,6 +43,7 @@
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
@@ -66,6 +67,9 @@
public void testEncryptAssertion() throws Exception
{
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.installDefaultConfiguration();
+
KeyPair kp = this.getKeyPair("RSA");
SecretKey sk = this.getSecretKey();
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -51,6 +51,12 @@
* @return
*/
public boolean supports( String namespace );
+
+ /**
+ * Token Type
+ * @return
+ */
+ public String tokenType();
/**
* <p>
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/common/SAMLProtocolContext.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/common/SAMLProtocolContext.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/common/SAMLProtocolContext.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.saml.v2.common;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+
+/**
+ * <p>
+ * A SAML2 specification based instance of {@code ProtocolContext}
+ * </p>
+ * <p>
+ * This instance is used to pass information from the IDP to the Core STS.
+ * </p>
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 30, 2010
+ */
+public class SAMLProtocolContext implements ProtocolContext
+{
+ protected NameIDType issuerID;
+
+ protected SubjectType subjectType;
+
+ protected ConditionsType conditions;
+
+ protected List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
+
+ protected AssertionType issuedAssertion;
+
+ public NameIDType getIssuerID()
+ {
+ return issuerID;
+ }
+
+ public void setIssuerID( NameIDType issuerID)
+ {
+ this.issuerID = issuerID;
+ }
+
+ public SubjectType getSubjectType()
+ {
+ return subjectType;
+ }
+
+ public void setSubjectType(SubjectType subjectType)
+ {
+ this.subjectType = subjectType;
+ }
+
+ public ConditionsType getConditions()
+ {
+ return conditions;
+ }
+
+ public void setConditions(ConditionsType conditions)
+ {
+ this.conditions = conditions;
+ }
+
+ public List<StatementAbstractType> getStatements()
+ {
+ return Collections.unmodifiableList( statements );
+ }
+
+ public void setStatements(List<StatementAbstractType> statements)
+ {
+ this.statements = statements;
+ }
+
+ public AssertionType getIssuedAssertion()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ return issuedAssertion;
+ }
+
+ public void setIssuedAssertion(AssertionType issuedAssertion)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ this.issuedAssertion = issuedAssertion;
+ }
+
+ public String serviceName()
+ {
+ return null;
+ }
+
+ public String tokenType()
+ {
+ return JBossSAMLURIConstants.ASSERTION_NSURI.get();
+ }
+
+ public QName getQName()
+ {
+ String localPart = JBossSAMLConstants.ASSERTION.get();
+ String ns = tokenType();
+ return new QName( ns, localPart );
+ }
+}
\ No newline at end of file
Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -1,109 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.saml.v2.factories;
-
-import java.net.URI;
-
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.datatype.XMLGregorianCalendar;
-
-import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
-import org.xml.sax.SAXException;
-
-/**
- * Factory for SAML2 AuthnRequest
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 9, 2008
- */
-public class JBossSAMLAuthnRequestFactory
-{
- private static String pkgName = "org.picketlink.identity.federation.saml.v2.protocol:org.picketlink.identity.xmlsec.w3.xmldsig";
- private static String schemaLocation = "schema/saml/v2/saml-schema-protocol-2.0.xsd";
-
- /**
- * Create an AuthnRequestType
- * @param id Id of the request
- * @param assertionConsumerURL URL of the requestor where the response assertion is requested
- * @param issuerValue URL of the issuer
- * @return
- * @throws ConfigurationException
- */
- public static AuthnRequestType createAuthnRequestType(String id,
- String assertionConsumerURL, String destination, String issuerValue) throws ConfigurationException
- {
- XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
-
- String version = JBossSAMLConstants.VERSION_2_0.get();
- AuthnRequestType authnRequest = new AuthnRequestType( id, version, issueInstant );
- authnRequest.setAssertionConsumerServiceURL( URI.create( assertionConsumerURL ));
- authnRequest.setProtocolBinding( URI.create( JBossSAMLConstants.HTTP_POST_BINDING.get() ));
- if( destination != null )
- {
- authnRequest.setDestination( URI.create( destination ));
- }
-
- //Create an issuer
- NameIDType issuer = new NameIDType();
- issuer.setValue(issuerValue);
-
- authnRequest.setIssuer(issuer);
-
- return authnRequest;
- }
-
- /**
- * Get the validating marshaller
- * @param schemaValidation Whether schema validation is needed
- * @return
- * @throws JAXBException
- * @throws SAXException
- */
- public static Marshaller getValidatingMarshaller(boolean schemaValidation) throws SAXException, JAXBException
- {
- if(schemaValidation)
- return JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation);
- else
- return JAXBUtil.getMarshaller(pkgName);
- }
-
- /**
- * Get the validating unmarshaller
- * @param schemaValidation whether schema validation is needed
- * @return
- * @throws SAXException
- * @throws JAXBException
- */
- public static Unmarshaller getValidatingUnmarshaller(boolean schemaValidation) throws JAXBException, SAXException
- {
- if(schemaValidation)
- return JAXBUtil.getValidatingUnmarshaller(pkgName, schemaLocation);
- else
- return JAXBUtil.getUnmarshaller(pkgName);
- }
-}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -24,9 +24,6 @@
import java.net.URI;
import java.util.List;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.XMLGregorianCalendar;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
@@ -35,7 +32,6 @@
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
@@ -47,7 +43,6 @@
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusCodeType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
-import org.xml.sax.SAXException;
/**
* Factory for the SAML v2 Authn Response
@@ -55,10 +50,7 @@
* @since Dec 9, 2008
*/
public class JBossSAMLAuthnResponseFactory
-{
- private static String pkgName = "org.picketlink.identity.federation.saml.v2.protocol:org.picketlink.identity.xmlsec.w3.xmldsig:org.picketlink.identity.xmlsec.w3.xmlenc";
- private static String schemaLocation = "schema/saml/v2/saml-schema-protocol-2.0.xsd";
-
+{
/**
* Create a StatusType given the status code uri
* @param statusCodeURI
@@ -175,54 +167,5 @@
responseType.addAssertion( new RTChoiceType( assertionType ));
return responseType;
- }
-
- /**
- * Get the JAXB2 marshaller
- * @return
- * @throws JAXBException
- * @throws SAXException
- */
- public static Marshaller getMarshaller() throws SAXException, JAXBException
- {
- return JAXBUtil.getMarshaller(pkgName);
- }
-
- /**
- * Get the JAXB2 Unmarshaller
- * @return
- * @throws SAXException
- * @throws JAXBException
- */
- public static Unmarshaller getUnmarshaller() throws JAXBException, SAXException
- {
- return JAXBUtil.getUnmarshaller(pkgName);
- }
-
- /**
- * Get the validating marshaller
- *
- * @param schemaValidation Whether schema validation is needed
- * @return
- * @throws JAXBException
- * @throws SAXException
- */
- public static Marshaller getValidatingMarshaller(boolean schemaValidation) throws SAXException, JAXBException
- {
- if (schemaValidation)
- return JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation);
- else
- return JAXBUtil.getMarshaller(pkgName);
- }
-
- /**
- * Get the JAXB2 Unmarshaller
- * @return
- * @throws SAXException
- * @throws JAXBException
- */
- public static Unmarshaller getValidatingUnmarshaller() throws JAXBException, SAXException
- {
- return JAXBUtil.getValidatingUnmarshaller(pkgName, schemaLocation);
- }
+ }
}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -0,0 +1,262 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.saml.v2.providers;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.common.SAMLProtocolContext;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+
+/**
+ * <p>
+ * A {@code SecurityTokenProvider} implementation for the SAML2 Specification.
+ * </p>
+ * <p>
+ * This token provider does not handle the SAML20 Token Profile of the Oasis WS-Trust Specification.
+ * @see {@code SAML20TokenProvider}
+ * </p>
+ * <p>
+ * Configurable Properties are:
+ * </p>
+ * <p>
+ * ASSERTION_VALIDITY: specify the validity of the assertion in miliseconds. (Example: 5000 = 5secs)
+ * </p>
+ * <p>
+ * CLOCK_SKEW: specify the clock skew of the conditions for assertion in miliseconds. (Example: 2000 = 2secs)
+ * </p>
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 30, 2010
+ */
+public class SAML20AssertionTokenProvider implements SecurityTokenProvider
+{
+ public static final String NS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
+
+ private static Map<String, AssertionType> issuedAssertions = new HashMap<String, AssertionType>();
+
+ private Map<String, String> properties;
+
+ private long ASSERTION_VALIDITY = 5000; //5secs in milis
+
+ private long CLOCK_SKEW = 2000; //2secs
+
+ public void initialize(Map<String, String> props)
+ {
+ this.properties = props;
+
+ String validity = this.properties.get( "ASSERTION_VALIDITY" );
+ if( validity != null )
+ {
+ ASSERTION_VALIDITY = Long.parseLong( validity );
+ }
+ String skew = this.properties.get( "CLOCK_SKEW" );
+ if( skew != null )
+ {
+ CLOCK_SKEW = Long.parseLong( skew );
+ }
+ }
+
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+ */
+ public boolean supports(String namespace)
+ {
+ return NS.equals( namespace ) ;
+ }
+
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void issueToken( ProtocolContext context ) throws ProcessingException
+ {
+ if( !(context instanceof SAMLProtocolContext ))
+ return;
+
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+
+ SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
+
+ NameIDType issuerID = samlProtocolContext.getIssuerID();
+ XMLGregorianCalendar issueInstant;
+ try
+ {
+ issueInstant = XMLTimeUtil.getIssueInstant();
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+ ConditionsType conditions = samlProtocolContext.getConditions();
+ SubjectType subject = samlProtocolContext.getSubjectType();
+ List<StatementAbstractType> statements = samlProtocolContext.getStatements();
+
+ // generate an id for the new assertion.
+ String assertionID = IDGenerator.create("ID_");
+
+ AssertionType assertionType = SAMLAssertionFactory.createAssertion( assertionID,
+ issuerID , issueInstant, conditions, subject, statements );
+
+ try
+ {
+ AssertionUtil.createTimedConditions( assertionType, ASSERTION_VALIDITY, CLOCK_SKEW );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+ catch (IssueInstantMissingException e)
+ {
+ throw new ProcessingException( e );
+ }
+
+ issuedAssertions.put( assertionID, assertionType );
+ samlProtocolContext.setIssuedAssertion( assertionType );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void renewToken( ProtocolContext context ) throws ProcessingException
+ {
+ if( !(context instanceof SAMLProtocolContext ))
+ return;
+
+
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
+
+ AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();
+
+ try
+ {
+ XMLGregorianCalendar currentTime = XMLTimeUtil.getIssueInstant();
+ issuedAssertion.updateIssueInstant( currentTime );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+
+ try
+ {
+ AssertionUtil.createTimedConditions( issuedAssertion, ASSERTION_VALIDITY, CLOCK_SKEW );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+ catch (IssueInstantMissingException e)
+ {
+ throw new ProcessingException( e );
+ }
+ issuedAssertions.put( issuedAssertion.getID(), issuedAssertion );
+
+ samlProtocolContext.setIssuedAssertion( issuedAssertion );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void cancelToken( ProtocolContext context ) throws ProcessingException
+ {
+ if( !(context instanceof SAMLProtocolContext ))
+ return;
+
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
+ AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();
+ issuedAssertions.remove( issuedAssertion.getID() );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void validateToken( ProtocolContext context ) throws ProcessingException
+ {
+ if( !(context instanceof SAMLProtocolContext ))
+ return;
+
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+
+ SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
+
+ AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();
+
+ try
+ {
+ if( !AssertionUtil.hasExpired( issuedAssertion ) )
+ throw new ProcessingException( "Assertion has expired" );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+
+ if( issuedAssertion == null )
+ throw new ProcessingException( "Assertion is null" );
+ if( issuedAssertions.get( issuedAssertion.getID() ) == null )
+ throw new ProcessingException( "Invalid Assertion" );
+ }
+
+
+ /**
+ *
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return NS;
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -88,7 +88,13 @@
}
/**
+ * <p>
* Add validity conditions to the SAML2 Assertion
+ * </p>
+ * <p>
+ * There is no clock skew added.
+ * @see {{@link #createTimedConditions(AssertionType, long, long)}
+ * </p>
* @param assertion
* @param durationInMilis
* @throws ConfigurationException
@@ -109,6 +115,31 @@
}
/**
+ * Add validity conditions to the SAML2 Assertion
+ * @param assertion
+ * @param durationInMilis
+ * @throws ConfigurationException
+ * @throws IssueInstantMissingException
+ */
+ public static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew )
+ throws ConfigurationException, IssueInstantMissingException
+ {
+ XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
+ if(issueInstant == null)
+ throw new IssueInstantMissingException("assertion does not have issue instant");
+ XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add( issueInstant, durationInMilis + clockSkew );
+
+ ConditionsType conditionsType = new ConditionsType();
+
+ XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew );
+
+ conditionsType.setNotBefore( beforeInstant );
+ conditionsType.setNotOnOrAfter(assertionValidityLength);
+
+ assertion.setConditions(conditionsType);
+ }
+
+ /**
* Check whether the assertion has expired
* @param assertion
* @return
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -21,11 +21,15 @@
*/
package org.picketlink.identity.federation.core.sts;
+import java.util.List;
+
import javax.xml.namespace.QName;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider;
+import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration;
/**
* <p>
@@ -41,7 +45,7 @@
*/
public class PicketLinkCoreSTS
{
- private RuntimePermission rte = new RuntimePermission( "org.picketlink.sts" );
+ public static final RuntimePermission rte = new RuntimePermission( "org.picketlink.sts" );
protected STSCoreConfig configuration;
@@ -61,9 +65,25 @@
public void initialize( STSCoreConfig config )
{
- this.configuration = config;
+ if( this.configuration != null )
+ {
+ List<SecurityTokenProvider> providers = config.getTokenProviders();
+ for( SecurityTokenProvider provider: providers )
+ this.configuration.addTokenProvider( provider.tokenType(), provider );
+ }
+ else
+ this.configuration = config;
}
+ public void installDefaultConfiguration()
+ {
+ if( configuration == null )
+ configuration = new PicketLinkSTSConfiguration();
+
+ //SAML2 Specification Provider
+ configuration.addTokenProvider( SAML20AssertionTokenProvider.NS, new SAML20AssertionTokenProvider() );
+ }
+
/**
* Issue a security token
* @param protocolContext
@@ -158,6 +178,9 @@
private SecurityTokenProvider getProvider( ProtocolContext protocolContext )
{
+ if( configuration == null )
+ throw new RuntimeException( "Configuration is not set" );
+
SecurityTokenProvider provider = null;
//Special Case: WST Applies To
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -24,6 +24,7 @@
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.Certificate;
+import java.util.List;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
@@ -153,11 +154,23 @@
* @return the {@code Certificate} obtained from the keystore, or {@code null} if no certificate was found.
*/
public Certificate getCertificate(String alias);
-
+
/**
* Allows you to add a token provider to handle a particular namespace
- * @param str
+ * @param key
* @param provider
*/
- public void addTokenProvider( String str, SecurityTokenProvider provider );
+ public void addTokenProvider( String key, SecurityTokenProvider provider );
+
+ /**
+ * Get an unmodifiable list of token providers
+ * @return
+ */
+ public List<SecurityTokenProvider> getTokenProviders();
+
+ /**
+ * Remove a token provider with the passed key
+ * @param key
+ */
+ public void removeTokenProvider( String key );
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -25,6 +25,8 @@
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -41,6 +43,7 @@
import org.picketlink.identity.federation.core.config.TokenProvidersType;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
/**
@@ -181,7 +184,7 @@
throw new RuntimeException("Unable to construct the key manager:", e);
}
}
- }
+ }
/*
* (non-Javadoc)
@@ -386,6 +389,32 @@
*/
public void addTokenProvider(String key, SecurityTokenProvider provider)
{
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
tokenProviders.put(key, provider);
}
+
+ /**
+ * @see {@code STSCoreConfig#removeTokenProvider(String)}
+ */
+ public void removeTokenProvider(String key)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ tokenProviders.remove(key);
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.sts.STSCoreConfig#getTokenProviders()
+ */
+ public List<SecurityTokenProvider> getTokenProviders()
+ {
+ List<SecurityTokenProvider> list = new ArrayList<SecurityTokenProvider>();
+ list.addAll( tokenProviders .values());
+ return Collections.unmodifiableList(list);
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -17,7 +17,6 @@
*/
package org.picketlink.identity.federation.core.wstrust.plugins.saml;
-import java.net.URI;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
@@ -466,5 +465,13 @@
public boolean supports(String namespace)
{
return WSTrustConstants.BASE_NAMESPACE.equals(namespace);
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return WSTrustConstants.BASE_NAMESPACE;
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -148,8 +148,21 @@
return this.properties;
}
+ /**
+ *
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+ */
public boolean supports(String namespace)
{
return WSTrustConstants.BASE_NAMESPACE.equals(namespace);
}
+
+ /**
+ *
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return WSTrustConstants.BASE_NAMESPACE;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -27,7 +27,7 @@
import java.util.Set;
import javax.xml.datatype.XMLGregorianCalendar;
-
+
import org.w3c.dom.Element;
/**
@@ -157,4 +157,13 @@
{
this.signature = signature;
}
+
+ public void updateIssueInstant( XMLGregorianCalendar xg )
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( new RuntimePermission( "org.picketlink.sts") );
+
+ this.issueInstant = xg;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -189,7 +189,7 @@
String identityURL,
Map<String, Object> attribs,
long assertionValidity, String requestID)
- throws ConfigurationException, IssueInstantMissingException
+ throws ConfigurationException, IssueInstantMissingException, ProcessingException
{
Document samlResponseDocument = null;
@@ -221,8 +221,8 @@
AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
assertion.addStatement( attrStatement );
- //Add timed conditions
- saml2Response.createTimedConditions(assertion, assertionValidity);
+ /*//Add timed conditions
+ saml2Response.createTimedConditions(assertion, assertionValidity);*/
//Add in the attributes information
if(attribs != null && attribs.size() > 0 )
@@ -359,6 +359,9 @@
/*JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0);
NameIDType nameID = jnameID.getValue();
*/
+ if( subject == null )
+ throw new ProcessingException( "Subject in the assertion is null" );
+
STSubType subType = subject.getSubType();
if( subType == null )
throw new RuntimeException( "Unable to find subtype via subject" );
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -72,6 +72,7 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
@@ -251,6 +252,10 @@
identityServer = new IdentityServer();
context.setAttribute(GeneralConstants.IDENTITY_SERVER, identityServer);
}
+
+ //Ensure the configuration in the STS
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.installDefaultConfiguration();
}
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java 2010-12-30 16:49:15 UTC (rev 621)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java 2010-12-30 19:30:38 UTC (rev 622)
@@ -192,7 +192,7 @@
String identityURL,
long assertionValidity,
boolean supportSignature)
- throws ConfigurationException, IssueInstantMissingException
+ throws ConfigurationException, IssueInstantMissingException, ProcessingException
{
Document samlResponseDocument = null;
@@ -498,11 +498,11 @@
* @param status
* @param identityURL
* @param supportSignature
- * @return
+ * @return
* @throws ConfigurationException
*/
public Document getErrorResponse(String responseURL, String status,
- String identityURL, boolean supportSignature)
+ String identityURL, boolean supportSignature)
{
Document samlResponse = null;
ResponseType responseType = null;
@@ -529,6 +529,11 @@
{
if(trace) log.trace(e1);
responseType = saml2Response.createResponseType();
+ }
+ catch (ProcessingException e)
+ {
+ if(trace) log.trace( e );
+ responseType = saml2Response.createResponseType();
}
//Lets see how the response looks like
13 years, 11 months
Picketlink SVN: r621 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml and 8 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-30 11:49:15 -0500 (Thu, 30 Dec 2010)
New Revision: 621
Removed:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/NetworkUtil.java
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
Log:
get rid of the redundant NetworkUtil class
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -29,6 +29,7 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
+import java.net.URI;
import java.util.Arrays;
import javax.xml.bind.JAXBException;
@@ -49,8 +50,7 @@
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ActionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
@@ -100,7 +100,7 @@
AuthnStatementType authnStatement = new AuthnStatementType( issueInstant );
AuthnContextType act = new AuthnContextType();
String authContextDeclRef = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();
- act.addAuthenticatingAuthority( NetworkUtil.createURI( authContextDeclRef ));
+ act.addAuthenticatingAuthority( URI.create( authContextDeclRef ));
authnStatement.setAuthnContext(act);
return authnStatement;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.core.parsers.saml;
+import java.net.URI;
+
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.Attribute;
@@ -30,8 +32,7 @@
import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
@@ -121,7 +122,7 @@
if( assertionConsumerServiceURL != null )
{
String uri = StaxParserUtil.getAttributeValue( assertionConsumerServiceURL );
- authnRequest.setAssertionConsumerServiceURL( NetworkUtil.createURI(uri));
+ authnRequest.setAssertionConsumerServiceURL( URI.create(uri));
}
@@ -131,7 +132,7 @@
Attribute protocolBinding = startElement.getAttributeByName( new QName( "ProtocolBinding" ));
if( protocolBinding != null )
- authnRequest.setProtocolBinding( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( protocolBinding )));
+ authnRequest.setProtocolBinding( URI.create( StaxParserUtil.getAttributeValue( protocolBinding )));
Attribute providerName = startElement.getAttributeByName( new QName( "ProviderName" ));
if( providerName != null )
@@ -166,7 +167,7 @@
NameIDPolicyType nameIDPolicy = new NameIDPolicyType();
Attribute format = startElement.getAttributeByName( new QName( "Format" ));
if( format != null )
- nameIDPolicy.setFormat( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( format )));
+ nameIDPolicy.setFormat( URI.create( StaxParserUtil.getAttributeValue( format )));
Attribute allowCreate = startElement.getAttributeByName( new QName( "AllowCreate" ));
if( allowCreate != null )
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.core.parsers.saml;
+import java.net.URI;
+
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.Attribute;
@@ -33,8 +35,7 @@
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AudienceRestrictionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
@@ -158,7 +159,7 @@
throw new ParsingException( "audienceValue is expected ahead" );
String audienceValue = StaxParserUtil.getElementText( xmlEventReader );
- audience.addAudience( NetworkUtil.createURI( audienceValue ));
+ audience.addAudience( URI.create( audienceValue ));
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if( xmlEvent instanceof EndElement )
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.core.parsers.saml;
+import java.net.URI;
+
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
@@ -30,8 +32,7 @@
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
@@ -75,7 +76,7 @@
{
Attribute destinationAttr = startElement.getAttributeByName( new QName( "Destination" ));
if( destinationAttr != null )
- request.setDestination( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( destinationAttr ) ));
+ request.setDestination( URI.create( StaxParserUtil.getAttributeValue( destinationAttr ) ));
Attribute consent = startElement.getAttributeByName( new QName( "Consent" ));
if( consent != null )
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.core.parsers.saml;
+import java.net.URI;
+
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.Attribute;
@@ -31,8 +33,7 @@
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusCodeType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
@@ -115,7 +116,7 @@
Attribute valueAttr = startElement.getAttributeByName( new QName( "Value" ));
if( valueAttr != null )
{
- statusCode.setValue( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( valueAttr ) ));
+ statusCode.setValue( URI.create( StaxParserUtil.getAttributeValue( valueAttr ) ));
}
status.setStatusCode( statusCode );
@@ -128,7 +129,7 @@
Attribute subValueAttr = startElement.getAttributeByName( new QName( "Value" ));
if( subValueAttr != null )
{
- subStatusCodeType.setValue( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( subValueAttr )));
+ subStatusCodeType.setValue( URI.create( StaxParserUtil.getAttributeValue( subValueAttr )));
}
statusCode.setStatusCode( subStatusCodeType );
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.core.parsers.saml.metadata;
+import java.net.URI;
import java.util.List;
import javax.xml.namespace.QName;
@@ -35,8 +36,7 @@
import org.picketlink.identity.federation.core.parsers.util.SAMLParserUtil;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.AttributeAuthorityDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
@@ -155,8 +155,8 @@
Attribute locationAttr = startElement.getAttributeByName( new QName( JBossSAMLConstants.LOCATION.get() ) );
String location = StaxParserUtil.getAttributeValue( locationAttr );
- IndexedEndpointType endpoint = new IndexedEndpointType( NetworkUtil.createURI( binding ),
- NetworkUtil.createURI( location ));
+ IndexedEndpointType endpoint = new IndexedEndpointType( URI.create( binding ),
+ URI.create( location ));
Attribute isDefault = startElement.getAttributeByName( new QName( JBossSAMLConstants.ISDEFAULT.get() ));
if( isDefault != null )
{
@@ -217,12 +217,12 @@
Attribute locationAttr = startElement.getAttributeByName( new QName( JBossSAMLConstants.LOCATION.get() ) );
String location = StaxParserUtil.getAttributeValue( locationAttr );
- EndpointType endpoint = new IndexedEndpointType( NetworkUtil.createURI( binding ),
- NetworkUtil.createURI( location ));
+ EndpointType endpoint = new IndexedEndpointType( URI.create( binding ),
+ URI.create( location ));
Attribute responseLocation = startElement.getAttributeByName( new QName( JBossSAMLConstants.RESPONSE_LOCATION.get() ));
if( responseLocation != null )
{
- endpoint.setResponseLocation( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( responseLocation )));
+ endpoint.setResponseLocation( URI.create( StaxParserUtil.getAttributeValue( responseLocation )));
}
return endpoint;
}
@@ -256,8 +256,8 @@
Attribute locationAttr = startElement.getAttributeByName( new QName( JBossSAMLConstants.LOCATION.get() ) );
String location = StaxParserUtil.getAttributeValue( locationAttr );
- IndexedEndpointType endpoint = new IndexedEndpointType( NetworkUtil.createURI( binding ),
- NetworkUtil.createURI( location ));
+ IndexedEndpointType endpoint = new IndexedEndpointType( URI.create( binding ),
+ URI.create( location ));
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate( endElement, JBossSAMLConstants.ATTRIBUTE_SERVICE.get() );
@@ -327,7 +327,7 @@
Attribute lang = startElement.getAttributeByName( new QName( JBossSAMLURIConstants.XML.get(), "lang" ));
String langVal = StaxParserUtil.getAttributeValue(lang);
LocalizedURIType localName = new LocalizedURIType( langVal );
- localName.setValue( NetworkUtil.createURI( StaxParserUtil.getElementText( xmlEventReader )));
+ localName.setValue( URI.create( StaxParserUtil.getElementText( xmlEventReader )));
org.addOrganizationURL( localName ) ;
}
else
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.core.parsers.util;
+import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
@@ -36,8 +37,7 @@
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
@@ -242,7 +242,7 @@
{
String text = StaxParserUtil.getElementText( xmlEventReader );
- AuthnContextDeclRefType aAuthnContextDeclType = new AuthnContextDeclRefType( NetworkUtil.createURI(text));
+ AuthnContextDeclRefType aAuthnContextDeclType = new AuthnContextDeclRefType( URI.create(text));
authnContextType.addURIType(aAuthnContextDeclType);
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(endElement, JBossSAMLConstants.AUTHN_CONTEXT.get() );
@@ -251,7 +251,7 @@
{
String text = StaxParserUtil.getElementText( xmlEventReader );
- AuthnContextClassRefType aAuthnContextClassRefType = new AuthnContextClassRefType( NetworkUtil.createURI(text));
+ AuthnContextClassRefType aAuthnContextClassRefType = new AuthnContextClassRefType( URI.create(text));
authnContextType.addURIType( aAuthnContextClassRefType );
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(endElement, JBossSAMLConstants.AUTHN_CONTEXT.get() );
@@ -282,7 +282,7 @@
Attribute format = nameIDElement.getAttributeByName( new QName( JBossSAMLConstants.FORMAT.get() ));
if( format != null )
{
- nameID.setFormat( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( format )) );
+ nameID.setFormat( URI.create( StaxParserUtil.getAttributeValue( format )) );
}
Attribute spProvidedID = nameIDElement.getAttributeByName( new QName( JBossSAMLConstants.SP_PROVIDED_ID.get() ));
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,11 +21,11 @@
*/
package org.picketlink.identity.federation.core.saml.md.providers;
+import java.net.URI;
import java.util.ArrayList;
import java.util.List;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
@@ -56,9 +56,9 @@
public static EndpointType createEndpoint(String binding, String location,
String responseLocation)
{
- EndpointType endpoint = new EndpointType( NetworkUtil.createURI(binding),
- NetworkUtil.createURI(location));
- endpoint.setResponseLocation( NetworkUtil.createURI( responseLocation ));
+ EndpointType endpoint = new EndpointType( URI.create(binding),
+ URI.create(location));
+ endpoint.setResponseLocation( URI.create( responseLocation ));
return endpoint;
}
@@ -92,7 +92,7 @@
//orgURL
LocalizedURIType orgURL = new LocalizedURIType( lang );
- orgURL.setValue( NetworkUtil.createURI( organizationURL ));
+ orgURL.setValue( URI.create( organizationURL ));
OrganizationType orgType = new OrganizationType();
orgType.addOrganizationName( orgName );
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.core.saml.v2.factories;
+import java.net.URI;
+
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
@@ -29,8 +31,7 @@
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.xml.sax.SAXException;
@@ -60,11 +61,11 @@
String version = JBossSAMLConstants.VERSION_2_0.get();
AuthnRequestType authnRequest = new AuthnRequestType( id, version, issueInstant );
- authnRequest.setAssertionConsumerServiceURL( NetworkUtil.createURI( assertionConsumerURL ));
- authnRequest.setProtocolBinding( NetworkUtil.createURI( JBossSAMLConstants.HTTP_POST_BINDING.get() ));
+ authnRequest.setAssertionConsumerServiceURL( URI.create( assertionConsumerURL ));
+ authnRequest.setProtocolBinding( URI.create( JBossSAMLConstants.HTTP_POST_BINDING.get() ));
if( destination != null )
{
- authnRequest.setDestination( NetworkUtil.createURI( destination ));
+ authnRequest.setDestination( URI.create( destination ));
}
//Create an issuer
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.core.saml.v2.factories;
+import java.net.URI;
import java.util.List;
import javax.xml.bind.JAXBException;
@@ -29,12 +30,12 @@
import javax.xml.datatype.XMLGregorianCalendar;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
@@ -66,7 +67,7 @@
public static StatusType createStatusType(String statusCodeURI)
{
StatusCodeType sct = new StatusCodeType();
- sct.setValue( NetworkUtil.createURI( statusCodeURI ));
+ sct.setValue( URI.create( statusCodeURI ));
StatusType statusType = new StatusType();
statusType.setStatusCode(sct);
@@ -99,14 +100,14 @@
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
//Create an assertion
- String id = "ID_" + JBossSAMLBaseFactory.createUUID();
+ String id = IDGenerator.create( "ID_" );
//Create assertion -> subject
SubjectType subjectType = new SubjectType();
//subject -> nameid
NameIDType nameIDType = new NameIDType();
- nameIDType.setFormat( NetworkUtil.createURI( idp.getNameIDFormat() ));
+ nameIDType.setFormat( URI.create( idp.getNameIDFormat() ));
nameIDType.setValue(idp.getNameIDFormatValue());
SubjectType.STSubType subType = new SubjectType.STSubType();
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,12 +21,12 @@
*/
package org.picketlink.identity.federation.core.saml.v2.factories;
+import java.net.URI;
import java.util.List;
import javax.xml.datatype.XMLGregorianCalendar;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AudienceRestrictionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionAbstractType;
@@ -61,7 +61,7 @@
{
for( String val: values )
{
- audienceRestriction.addAudience( NetworkUtil.createURI( val ) );
+ audienceRestriction.addAudience( URI.create( val ) );
}
}
return audienceRestriction;
@@ -81,7 +81,7 @@
{
NameIDType nameID = new NameIDType();
if( format != null )
- nameID.setFormat( NetworkUtil.createURI( format ));
+ nameID.setFormat( URI.create( format ));
nameID.setNameQualifier(qualifier);
nameID.setValue(value);
return nameID;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -153,4 +153,11 @@
* @return the {@code Certificate} obtained from the keystore, or {@code null} if no certificate was found.
*/
public Certificate getCertificate(String alias);
+
+ /**
+ * Allows you to add a token provider to handle a particular namespace
+ * @param str
+ * @param provider
+ */
+ public void addTokenProvider( String str, SecurityTokenProvider provider );
}
\ No newline at end of file
Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/NetworkUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/NetworkUtil.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/NetworkUtil.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -1,53 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.util;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-
-/**
- * General utility class for network related stuff
- * @author Anil.Saldhana(a)redhat.com
- * @since Nov 29, 2010
- */
-public class NetworkUtil
-{
- /**
- * Create {@code URI}
- * @param value
- * @return
- */
- public static URI createURI( String value )
- {
- if( value == null )
- throw new IllegalArgumentException( "value is null" );
-
- try
- {
- return new URI( value );
- }
- catch (URISyntaxException e)
- {
- throw new RuntimeException( "value is not of type URI:", e );
- }
- }
-}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -380,4 +380,12 @@
{
return delegate.getCanonicalizationMethod();
}
+
+ /**
+ * @see {@code STSCoreConfig#addTokenProvider(String, SecurityTokenProvider)}
+ */
+ public void addTokenProvider(String key, SecurityTokenProvider provider)
+ {
+ tokenProviders.put(key, provider);
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2010-12-28 20:18:36 UTC (rev 620)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2010-12-30 16:49:15 UTC (rev 621)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.web.handlers.saml2;
+import java.net.URI;
+
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@@ -39,8 +41,7 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusCodeType;
@@ -284,7 +285,7 @@
long assertionValidity = (Long) request.getOptions().get(GeneralConstants.ASSERTIONS_VALIDITY);
lort.setNotOnOrAfter(XMLTimeUtil.add(lort.getIssueInstant(), assertionValidity));
- lort.setDestination( NetworkUtil.createURI( participant ));
+ lort.setDestination( URI.create( participant ));
response.setResultingDocument(saml2Request.convert(lort));
response.setSendRequest(true);
@@ -330,11 +331,11 @@
//Status
StatusType statusType = new StatusType();
StatusCodeType statusCodeType = new StatusCodeType();
- statusCodeType.setValue( NetworkUtil.createURI( JBossSAMLURIConstants.STATUS_RESPONDER.get() ));
+ statusCodeType.setValue( URI.create( JBossSAMLURIConstants.STATUS_RESPONDER.get() ));
//2nd level status code
StatusCodeType status2ndLevel = new StatusCodeType();
- status2ndLevel.setValue( NetworkUtil.createURI( JBossSAMLURIConstants.STATUS_SUCCESS.get() ));
+ status2ndLevel.setValue( URI.create( JBossSAMLURIConstants.STATUS_SUCCESS.get() ));
statusCodeType.setStatusCode(status2ndLevel);
statusType.setStatusCode(statusCodeType);
@@ -447,11 +448,11 @@
//Status
StatusType statusType = new StatusType();
StatusCodeType statusCodeType = new StatusCodeType();
- statusCodeType.setValue( NetworkUtil.createURI( JBossSAMLURIConstants.STATUS_RESPONDER.get() ));
+ statusCodeType.setValue( URI.create( JBossSAMLURIConstants.STATUS_RESPONDER.get() ));
//2nd level status code
StatusCodeType status2ndLevel = new StatusCodeType();
- status2ndLevel.setValue( NetworkUtil.createURI( JBossSAMLURIConstants.STATUS_SUCCESS.get() ));
+ status2ndLevel.setValue( URI.create( JBossSAMLURIConstants.STATUS_SUCCESS.get() ));
statusCodeType.setStatusCode(status2ndLevel);
statusType.setStatusCode(statusCodeType);
13 years, 11 months
Picketlink SVN: r620 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-28 15:18:36 -0500 (Tue, 28 Dec 2010)
New Revision: 620
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
Log:
add in security perm check
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-28 19:44:29 UTC (rev 619)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-28 20:18:36 UTC (rev 620)
@@ -41,6 +41,8 @@
*/
public class PicketLinkCoreSTS
{
+ private RuntimePermission rte = new RuntimePermission( "org.picketlink.sts" );
+
protected STSCoreConfig configuration;
private static PicketLinkCoreSTS _instance = null;
@@ -66,9 +68,14 @@
* Issue a security token
* @param protocolContext
* @throws ProcessingException
+ * @throws {@link SecurityException} if the caller does not have a runtime permission for "org.picketlink.sts"
*/
public void issueToken( ProtocolContext protocolContext) throws ProcessingException
{
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( rte );
+
SecurityTokenProvider provider = getProvider(protocolContext);
if( provider == null )
@@ -85,9 +92,14 @@
*
* @param protocolContext the {@code ProtocolContext} that contains the token to be renewed.
* @throws ProcessingException if an error occurs while renewing the security token.
+ * @throws {@link SecurityException} if the caller does not have a runtime permission for "org.picketlink.sts"
*/
public void renewToken( ProtocolContext protocolContext) throws ProcessingException
{
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( rte );
+
SecurityTokenProvider provider = null;
if( provider == null )
@@ -104,9 +116,14 @@
*
* @param protocolContext the {@code ProtocolContext} that contains the token to be canceled.
* @throws ProcessingException if an error occurs while canceling the security token.
+ * @throws {@link SecurityException} if the caller does not have a runtime permission for "org.picketlink.sts"
*/
public void cancelToken( ProtocolContext protocolContext) throws ProcessingException
{
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( rte );
+
SecurityTokenProvider provider = null;
if( provider == null )
@@ -123,9 +140,14 @@
*
* @param protocolContext the {@code ProtocolContext} that contains the token to be validated.
* @throws ProcessingException if an error occurs while validating the security token.
+ * @throws {@link SecurityException} if the caller does not have a runtime permission for "org.picketlink.sts"
*/
public void validateToken( ProtocolContext protocolContext) throws ProcessingException
{
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( rte );
+
SecurityTokenProvider provider = null;
if( provider == null )
13 years, 11 months
Picketlink SVN: r619 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces and 6 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-28 14:44:29 -0500 (Tue, 28 Dec 2010)
New Revision: 619
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/ProtocolContext.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSConfiguration.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustRequestContext.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/core/HTTPContext.java
federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/web.xml
Log:
refactor into core sts
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/ProtocolContext.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/ProtocolContext.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/ProtocolContext.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -21,11 +21,30 @@
*/
package org.picketlink.identity.federation.core.interfaces;
+import javax.xml.namespace.QName;
+
/**
- * Marker Interface
+ * Interface to indicate a protocol specific request context
* @author Anil.Saldhana(a)redhat.com
* @since Sep 17, 2009
*/
public interface ProtocolContext
-{
-}
+{
+ /**
+ * An optional service name
+ * @return
+ */
+ String serviceName();
+
+ /**
+ * A String that represents the token type
+ * @return
+ */
+ String tokenType();
+
+ /**
+ * Return the QName of the token
+ * @return
+ */
+ QName getQName();
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -23,6 +23,7 @@
import java.util.Map;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
/**
@@ -60,7 +61,7 @@
* @param context the {@code ProtocolContext} to be used when generating the token.
* @throws WSTrustException if an error occurs while creating the security token.
*/
- public void issueToken( ProtocolContext context) throws WSTrustException;
+ public void issueToken( ProtocolContext context) throws ProcessingException;
/**
* <p>
@@ -71,7 +72,7 @@
* @param context the {@code ProtocolContext} that contains the token to be renewed.
* @throws WSTrustException if an error occurs while renewing the security token.
*/
- public void renewToken( ProtocolContext context) throws WSTrustException;
+ public void renewToken( ProtocolContext context) throws ProcessingException;
/**
* <p>
@@ -82,7 +83,7 @@
* @param context the {@code ProtocolContext} that contains the token to be canceled.
* @throws WSTrustException if an error occurs while canceling the security token.
*/
- public void cancelToken( ProtocolContext context) throws WSTrustException;
+ public void cancelToken( ProtocolContext context) throws ProcessingException;
/**
* <p>
@@ -93,5 +94,5 @@
* @param context the {@code ProtocolContext} that contains the token to be validated.
* @throws WSTrustException if an error occurs while validating the security token.
*/
- public void validateToken( ProtocolContext context) throws WSTrustException;
+ public void validateToken( ProtocolContext context) throws ProcessingException;
}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -0,0 +1,179 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+
+/**
+ * <p>
+ * Generic STS Core.
+ * </p>
+ * <p>
+ * This is a Singleton Class.
+ * </p>
+ * @see {@code #instance()}
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 27, 2010
+ */
+public class PicketLinkCoreSTS
+{
+ protected STSCoreConfig configuration;
+
+ private static PicketLinkCoreSTS _instance = null;
+
+ protected PicketLinkCoreSTS()
+ {
+ }
+
+ public static PicketLinkCoreSTS instance()
+ {
+ if( _instance == null )
+ _instance = new PicketLinkCoreSTS();
+
+ return _instance;
+ }
+
+ public void initialize( STSCoreConfig config )
+ {
+ this.configuration = config;
+ }
+
+ /**
+ * Issue a security token
+ * @param protocolContext
+ * @throws ProcessingException
+ */
+ public void issueToken( ProtocolContext protocolContext) throws ProcessingException
+ {
+ SecurityTokenProvider provider = getProvider(protocolContext);
+
+ if( provider == null )
+ throw new ProcessingException( "No Security Token Provider found in configuration" );
+
+ provider.issueToken( protocolContext );
+ }
+
+ /**
+ * <p>
+ * Renews the security token contained in the specified request context. This method is used when a previously
+ * generated token has expired, generating a new version of the same token with different expiration semantics.
+ * </p>
+ *
+ * @param protocolContext the {@code ProtocolContext} that contains the token to be renewed.
+ * @throws ProcessingException if an error occurs while renewing the security token.
+ */
+ public void renewToken( ProtocolContext protocolContext) throws ProcessingException
+ {
+ SecurityTokenProvider provider = null;
+
+ if( provider == null )
+ provider = getProviderBasedOnQName(protocolContext);
+
+ provider.renewToken( protocolContext );
+ }
+
+ /**
+ * <p>
+ * Cancels the token contained in the specified request context. A security token is usually canceled when one wants
+ * to make sure that the token will not be used anymore. A security token can't be renewed once it has been canceled.
+ * </p>
+ *
+ * @param protocolContext the {@code ProtocolContext} that contains the token to be canceled.
+ * @throws ProcessingException if an error occurs while canceling the security token.
+ */
+ public void cancelToken( ProtocolContext protocolContext) throws ProcessingException
+ {
+ SecurityTokenProvider provider = null;
+
+ if( provider == null )
+ provider = getProviderBasedOnQName(protocolContext);
+
+ provider.cancelToken( protocolContext );
+ }
+
+ /**
+ * <p>
+ * Evaluates the validity of the token contained in the specified request context and sets the result in the context
+ * itself. The result can be a status, a new token, or both.
+ * </p>
+ *
+ * @param protocolContext the {@code ProtocolContext} that contains the token to be validated.
+ * @throws ProcessingException if an error occurs while validating the security token.
+ */
+ public void validateToken( ProtocolContext protocolContext) throws ProcessingException
+ {
+ SecurityTokenProvider provider = null;
+
+ if( provider == null )
+ provider = getProviderBasedOnQName(protocolContext);
+
+ provider.validateToken( protocolContext );
+ }
+
+ private SecurityTokenProvider getProvider( ProtocolContext protocolContext )
+ {
+ SecurityTokenProvider provider = null;
+
+ //Special Case: WST Applies To
+ String serviceName = protocolContext.serviceName();
+ if (serviceName != null)
+ {
+ provider = this.configuration.getProviderForService( serviceName );
+ }
+
+ if( provider == null )
+ {
+ //lets get the provider based on token type
+ String tokenType = protocolContext.tokenType();
+ if( tokenType != null )
+ provider = this.configuration.getProviderForTokenType( protocolContext.tokenType() );
+ }
+ return provider;
+ }
+
+ private SecurityTokenProvider getProviderBasedOnQName( ProtocolContext protocolContext ) throws ProcessingException
+ {
+ SecurityTokenProvider provider = null;
+
+ QName qname = null;
+ if( provider == null )
+ {
+ qname = protocolContext.getQName();
+ if( qname == null )
+ throw new ProcessingException( "QName of the token type is null " );
+ provider = this.configuration.getProviderForTokenElementNS(qname.getLocalPart(),
+ qname.getNamespaceURI());
+ }
+
+
+ if (provider == null)
+ throw new ProcessingException("No SecurityTokenProvider configured for " + qname.getNamespaceURI() + ":"
+ + qname.getLocalPart() );
+
+ return provider;
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -0,0 +1,156 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts;
+
+import java.security.KeyPair;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+
+/**
+ * Configuration for the STS Core
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 27, 2010
+ */
+public interface STSCoreConfig
+{
+ /**
+ * <p>
+ * Obtains the unique name of the secure token service.
+ * </p>
+ *
+ * @return a {@code String} representing the STS name.
+ */
+ public String getSTSName();
+
+ /**
+ * <p>
+ * Indicates whether the issued token should be encrypted or not.
+ * </p>
+ *
+ * @return {@code true} if the issued token is to be encrypted; {@code false} otherwise.
+ */
+ public boolean encryptIssuedToken();
+
+ /**
+ * <p>
+ * Indicates whether the issued token should be digitally signed or not.
+ * </p>
+ *
+ * @return {@code true} if the issued token is to be signed; {@code false} otherwise.
+ */
+ public boolean signIssuedToken();
+
+ /**
+ * <p>
+ * Obtains the timeout value (in milliseconds) for issued tokens.
+ * </p>
+ *
+ * @return the token timeout value.
+ */
+ public long getIssuedTokenTimeout();
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code KeyPair} object that contains the STS {@code PrivateKey} and {@code PublicKey}.
+ * </p>
+ *
+ * @return a reference to the STS {@code KeyPair}.
+ */
+ public KeyPair getSTSKeyPair();
+
+ /**
+ * <p>
+ * Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to
+ * clients of that service.
+ * </p>
+ *
+ * @param serviceName the name of the service provider that requires a token from its clients.
+ * @return a {@code String} representing the type of the token that suits the specified service.
+ */
+ public String getTokenTypeForService(String serviceName);
+
+ /**
+ * <p>
+ * Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of
+ * that service. When requesting a token to the STS, a client can specify the service it needs the token for using
+ * the {@code AppliesTo} element. Based on the service provider name, the STS identifies the type of the token that
+ * is to be issued and then selects the appropriate token provider to handle the request.
+ * </p>
+ *
+ * @param serviceName the name of the service provider that requires a token from its clients.
+ * @return a reference to the {@code SecurityTokenProvider} that must be used in order to issue tokens to clients of
+ * the specified service.
+ */
+ public SecurityTokenProvider getProviderForService(String serviceName);
+
+ /**
+ * <p>
+ * Given a token type, obtains the token provider that should be used to handle token requests of that type. When a
+ * client doesn't specify the service provider name through the {@code AppliesTo} element, it must specify the token
+ * type through the {@code TokenType} element. The STS uses the supplied type to select the appropriate token
+ * provider.
+ * </p>
+ *
+ * @param tokenType a {@code String} representing the type of the token.
+ * @return a reference to the {@code SecurityTokenProvider} that must be used to handle token requests of the
+ * specified type.
+ */
+ public SecurityTokenProvider getProviderForTokenType(String tokenType);
+
+ /**
+ * <p>
+ * Obtains the token provider that can handle tokens that have the specified local name and namespace. When a
+ * validate, renew, or cancel request is made, the token type is not set in the WS-Trust request. In these cases
+ * the {@code SecurityTokenProvider} must be determined using the security token itself.
+ * </p>
+ *
+ * @param tokenLocalName a {@code String} representing the token element name. (e.g. {@code Assertion}).
+ * @param tokenNamespace a {@code String} representing the token element namespace. (e.g.
+ * {@code urn:oasis:names:tc:SAML:2.0:assertion}).
+ * @return a reference to the {@code SecurityTokenProvider} that must be used to handle the request that contains
+ * only the security token.
+ */
+ public SecurityTokenProvider getProviderForTokenElementNS(String tokenLocalName, String tokenNamespace);
+
+ /**
+ * <p>
+ * Obtains the public key of the specified service provider. The returned key is used to encrypt issued tokens.
+ * </p>
+ *
+ * @param serviceName the name of the service provider (normally the provider URL).
+ * @return a reference to the provider's {@code PublicKey}
+ */
+ public PublicKey getServiceProviderPublicKey(String serviceName);
+
+ /**
+ * <p>
+ * Obtains the certificate identified by the specified alias.
+ * </p>
+ *
+ * @param alias the alias associated with the certificate in the keystore.
+ * @return the {@code Certificate} obtained from the keystore, or {@code null} if no certificate was found.
+ */
+ public Certificate getCertificate(String alias);
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -244,6 +244,9 @@
*/
public SecurityTokenProvider getProviderForService(String serviceName)
{
+ if( serviceName == null )
+ throw new IllegalArgumentException( "serviceName is null ");
+
ServiceProviderType provider = this.spMetadata.get(serviceName);
if (provider != null)
{
@@ -259,6 +262,8 @@
*/
public SecurityTokenProvider getProviderForTokenType(String tokenType)
{
+ if( tokenType == null )
+ throw new IllegalArgumentException( "tokenType is null ");
return this.tokenProviders.get(tokenType);
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSConfiguration.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSConfiguration.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSConfiguration.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -21,12 +21,8 @@
*/
package org.picketlink.identity.federation.core.wstrust;
-import java.security.KeyPair;
-import java.security.PublicKey;
-import java.security.cert.Certificate;
+import org.picketlink.identity.federation.core.sts.STSCoreConfig;
-import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
-
/**
* <p>
* The {@code STSConfiguration} interface allows access to the security token service (STS) configuration attributes.
@@ -35,47 +31,10 @@
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
* @author Anil.Saldhana(a)redhat.com
*/
-public interface STSConfiguration
+public interface STSConfiguration extends STSCoreConfig
{
-
/**
* <p>
- * Obtains the unique name of the secure token service.
- * </p>
- *
- * @return a {@code String} representing the STS name.
- */
- public String getSTSName();
-
- /**
- * <p>
- * Indicates whether the issued token should be encrypted or not.
- * </p>
- *
- * @return {@code true} if the issued token is to be encrypted; {@code false} otherwise.
- */
- public boolean encryptIssuedToken();
-
- /**
- * <p>
- * Indicates whether the issued token should be digitally signed or not.
- * </p>
- *
- * @return {@code true} if the issued token is to be signed; {@code false} otherwise.
- */
- public boolean signIssuedToken();
-
- /**
- * <p>
- * Obtains the timeout value (in milliseconds) for issued tokens.
- * </p>
- *
- * @return the token timeout value.
- */
- public long getIssuedTokenTimeout();
-
- /**
- * <p>
* Obtains the WS-Trust request handler class.
* </p>
*
@@ -85,60 +44,6 @@
/**
* <p>
- * Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to
- * clients of that service.
- * </p>
- *
- * @param serviceName the name of the service provider that requires a token from its clients.
- * @return a {@code String} representing the type of the token that suits the specified service.
- */
- public String getTokenTypeForService(String serviceName);
-
- /**
- * <p>
- * Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of
- * that service. When requesting a token to the STS, a client can specify the service it needs the token for using
- * the {@code AppliesTo} element. Based on the service provider name, the STS identifies the type of the token that
- * is to be issued and then selects the appropriate token provider to handle the request.
- * </p>
- *
- * @param serviceName the name of the service provider that requires a token from its clients.
- * @return a reference to the {@code SecurityTokenProvider} that must be used in order to issue tokens to clients of
- * the specified service.
- */
- public SecurityTokenProvider getProviderForService(String serviceName);
-
- /**
- * <p>
- * Given a token type, obtains the token provider that should be used to handle token requests of that type. When a
- * client doesn't specify the service provider name through the {@code AppliesTo} element, it must specify the token
- * type through the {@code TokenType} element. The STS uses the supplied type to select the appropriate token
- * provider.
- * </p>
- *
- * @param tokenType a {@code String} representing the type of the token.
- * @return a reference to the {@code SecurityTokenProvider} that must be used to handle token requests of the
- * specified type.
- */
- public SecurityTokenProvider getProviderForTokenType(String tokenType);
-
- /**
- * <p>
- * Obtains the token provider that can handle tokens that have the specified local name and namespace. When a
- * validate, renew, or cancel request is made, the token type is not set in the WS-Trust request. In these cases
- * the {@code SecurityTokenProvider} must be determined using the security token itself.
- * </p>
- *
- * @param tokenLocalName a {@code String} representing the token element name. (e.g. {@code Assertion}).
- * @param tokenNamespace a {@code String} representing the token element namespace. (e.g.
- * {@code urn:oasis:names:tc:SAML:2.0:assertion}).
- * @return a reference to the {@code SecurityTokenProvider} that must be used to handle the request that contains
- * only the security token.
- */
- public SecurityTokenProvider getProviderForTokenElementNS(String tokenLocalName, String tokenNamespace);
-
- /**
- * <p>
* Obtains the {@code ClaimsProcessor} that must be used to handle claims of the specified dialect.
* </p>
*
@@ -147,37 +52,9 @@
*/
public ClaimsProcessor getClaimsProcessor(String claimsDialect);
- /**
- * <p>
- * Obtains a reference to the {@code KeyPair} object that contains the STS {@code PrivateKey} and {@code PublicKey}.
- * </p>
- *
- * @return a reference to the STS {@code KeyPair}.
- */
- public KeyPair getSTSKeyPair();
-
- /**
- * <p>
- * Obtains the public key of the specified service provider. The returned key is used to encrypt issued tokens.
- * </p>
- *
- * @param serviceName the name of the service provider (normally the provider URL).
- * @return a reference to the provider's {@code PublicKey}
- */
- public PublicKey getServiceProviderPublicKey(String serviceName);
/**
* <p>
- * Obtains the certificate identified by the specified alias.
- * </p>
- *
- * @param alias the alias associated with the certificate in the keystore.
- * @return the {@code Certificate} obtained from the keystore, or {@code null} if no certificate was found.
- */
- public Certificate getCertificate(String alias);
-
- /**
- * <p>
* Returns the configured canonicalization method.
* </p>
* <p>
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -27,11 +27,12 @@
import javax.crypto.spec.SecretKeySpec;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.namespace.QName;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.Base64;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
@@ -93,7 +94,7 @@
if (trace)
log.trace("Issuing token for principal " + callerPrincipal);
- SecurityTokenProvider provider = null;
+ //SecurityTokenProvider provider = null;
// first try to obtain the security token provider using the applies-to contents.
AppliesTo appliesTo = request.getAppliesTo();
@@ -101,26 +102,34 @@
if (appliesTo != null)
{
String serviceName = WSTrustUtil.parseAppliesTo(appliesTo);
+
if (serviceName != null)
{
- provider = this.configuration.getProviderForService(serviceName);
- if (provider != null)
+ String tokenTypeFromServiceName = configuration.getTokenTypeForService(serviceName);
+
+ if( request.getTokenType() == null && tokenTypeFromServiceName != null )
+ request.setTokenType(URI.create( tokenTypeFromServiceName ));
+
+ providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName);
+
+ // provider = this.configuration.getProviderForService(serviceName);
+ /*if (provider != null)
{
request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName)));
providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName);
- }
+ }*/
}
}
// if applies-to is not available or if no provider was found for the service, use the token type.
- if (provider == null && request.getTokenType() != null)
- {
+ /*if (provider == null && request.getTokenType() != null)
+ {
provider = this.configuration.getProviderForTokenType(request.getTokenType().toString());
}
else if (appliesTo == null && request.getTokenType() == null)
throw new WSTrustException("Either AppliesTo or TokenType must be present in a security token request");
if (provider != null)
- {
+ {*/
// create the request context and delegate token generation to the provider.
WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal);
requestContext.setTokenIssuer(this.configuration.getSTSName());
@@ -253,10 +262,23 @@
}
// issue the security token using the constructed context.
- provider.issueToken(requestContext);
+ try
+ {
+ if( request.getTokenType() != null )
+ requestContext.setTokenType( request.getTokenType().toString() );
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.initialize(configuration);
+ sts.issueToken(requestContext);
+ //provider.issueToken(requestContext);
+ }
+ catch (ProcessingException e)
+ {
+ throw new WSTrustException( "Exception during token issue::", e );
+ }
if (requestContext.getSecurityToken() == null)
- throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null");
+ //throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null");
+ throw new WSTrustException("Token issued by STS is null");
// construct the ws-trust security token response.
RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType();
@@ -285,9 +307,9 @@
response.setRequestedUnattachedReference(requestContext.getUnattachedReference());
return response;
- }
+ /*}
else
- throw new WSTrustException("Unable to find a token provider for the token request");
+ throw new WSTrustException("Unable to find a token provider for the token request");*/
}
/*
@@ -309,11 +331,11 @@
if (securityToken == null)
throw new WSTrustException("Unable to renew token: security token is null");
- SecurityTokenProvider provider = this.configuration.getProviderForTokenElementNS(securityToken.getLocalName(),
+ /*SecurityTokenProvider provider = this.configuration.getProviderForTokenElementNS(securityToken.getLocalName(),
securityToken.getNamespaceURI());
if (provider == null)
throw new WSTrustException("No SecurityTokenProvider configured for " + securityToken.getNamespaceURI() + ":"
- + securityToken.getLocalName());
+ + securityToken.getLocalName());*/
if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null)
{
@@ -356,7 +378,19 @@
Principal onBehalfOfPrincipal = WSTrustUtil.getOnBehalfOfPrincipal(request.getOnBehalfOf());
context.setOnBehalfOfPrincipal(onBehalfOfPrincipal);
}
- provider.renewToken(context);
+ try
+ {
+ if( securityToken != null )
+ context.setQName( new QName( securityToken.getNamespaceURI(), securityToken.getLocalName() ));
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.initialize(configuration);
+ sts.renewToken(context);
+ //provider.renewToken(context);
+ }
+ catch (ProcessingException e)
+ {
+ throw new WSTrustException( "Exception during token renewal:", e );
+ }
// create the WS-Trust response with the renewed token.
RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType();
@@ -396,11 +430,11 @@
if (securityToken == null)
throw new WSTrustException("Unable to validate token: security token is null");
- SecurityTokenProvider provider = this.configuration.getProviderForTokenElementNS(securityToken.getLocalName(),
+ /*SecurityTokenProvider provider = this.configuration.getProviderForTokenElementNS(securityToken.getLocalName(),
securityToken.getNamespaceURI());
if (provider == null)
throw new WSTrustException("No SecurityTokenProvider configured for " + securityToken.getNamespaceURI() + ":"
- + securityToken.getLocalName());
+ + securityToken.getLocalName());*/
WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal);
// if the validate request was made on behalf of another identity, get the principal of that identity.
@@ -456,7 +490,19 @@
{
if (trace)
log.trace("Delegating token validation to token provider");
- provider.validateToken(context);
+ try
+ {
+ if( securityToken != null )
+ context.setQName( new QName( securityToken.getNamespaceURI(), securityToken.getLocalName() ));
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.initialize(configuration);
+ sts.validateToken( context );
+ //provider.validateToken(context);
+ }
+ catch (ProcessingException e)
+ {
+ throw new WSTrustException( "Exception during token validation:", e );
+ }
status = context.getStatus();
}
@@ -487,11 +533,11 @@
if (securityToken == null)
throw new WSTrustException("Unable to cancel token: security token is null");
- SecurityTokenProvider provider = this.configuration.getProviderForTokenElementNS(securityToken.getLocalName(),
+ /*SecurityTokenProvider provider = this.configuration.getProviderForTokenElementNS(securityToken.getLocalName(),
securityToken.getNamespaceURI());
if (provider == null)
throw new WSTrustException("No SecurityTokenProvider configured for " + securityToken.getNamespaceURI() + ":"
- + securityToken.getLocalName());
+ + securityToken.getLocalName());*/
// create a request context and dispatch to the provider.
WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal);
@@ -501,7 +547,19 @@
Principal onBehalfOfPrincipal = WSTrustUtil.getOnBehalfOfPrincipal(request.getOnBehalfOf());
context.setOnBehalfOfPrincipal(onBehalfOfPrincipal);
}
- provider.cancelToken(context);
+ try
+ {
+ if( securityToken != null )
+ context.setQName( new QName( securityToken.getNamespaceURI(), securityToken.getLocalName() ));
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.initialize(configuration);
+ sts.cancelToken( context );
+ //provider.cancelToken(context);
+ }
+ catch (ProcessingException e)
+ {
+ throw new WSTrustException( "Exception during token cancellation:", e );
+ }
// if no exception has been raised, the token has been successfully canceled.
RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustRequestContext.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustRequestContext.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustRequestContext.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -25,6 +25,8 @@
import java.security.PublicKey;
import java.util.Map;
+import javax.xml.namespace.QName;
+
import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.ws.trust.RequestedReferenceType;
@@ -67,6 +69,10 @@
private RequestedReferenceType unattachedReference;
+ private String tokenType;
+
+ private QName qname;
+
/**
* <p>
* Creates an instance of {@code WSTrustRequestContext} using the specified request.
@@ -330,4 +336,29 @@
{
this.unattachedReference = unattachedReference;
}
-}
+
+ public String serviceName()
+ {
+ return WSTrustUtil.getServiceNameFromAppliesTo( request );
+ }
+
+ public String tokenType()
+ {
+ return tokenType;
+ }
+
+ public void setTokenType( String tokenType )
+ {
+ this.tokenType = tokenType;
+ }
+
+ public QName getQName()
+ {
+ return qname;
+ }
+
+ public void setQName( QName qname )
+ {
+ this.qname = qname;
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -51,6 +51,7 @@
import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.ws.addressing.AttributedURIType;
import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType;
import org.picketlink.identity.federation.ws.policy.AppliesTo;
@@ -508,5 +509,18 @@
else
return null;
}
-
-}
+
+ public static String getServiceNameFromAppliesTo( RequestSecurityToken requestSecurityToken )
+ {
+ String serviceName = null;
+ if( requestSecurityToken != null )
+ {
+ AppliesTo appliesTo = requestSecurityToken.getAppliesTo();
+ if (appliesTo != null)
+ {
+ serviceName = WSTrustUtil.parseAppliesTo(appliesTo);
+ }
+ }
+ return serviceName;
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -17,6 +17,7 @@
*/
package org.picketlink.identity.federation.core.wstrust.plugins.saml;
+import java.net.URI;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
@@ -27,6 +28,7 @@
import javax.xml.namespace.QName;
import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
@@ -36,7 +38,6 @@
import org.picketlink.identity.federation.core.wstrust.SecurityToken;
import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
-import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext;
import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
import org.picketlink.identity.federation.core.wstrust.plugins.DefaultRevocationRegistry;
@@ -180,17 +181,20 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* cancelToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void cancelToken( ProtocolContext protoContext) throws WSTrustException
+ public void cancelToken( ProtocolContext protoContext) throws ProcessingException
{
+ if(! (protoContext instanceof WSTrustRequestContext) )
+ return;
+
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
// get the assertion that must be canceled.
Element token = (Element) context.getRequestSecurityToken().getCancelTargetElement();
if (token == null)
- throw new WSTrustException("Invalid cancel request: missing required CancelTarget");
+ throw new ProcessingException("Invalid cancel request: missing required CancelTarget");
Element assertionElement = (Element) token.getFirstChild();
if (!this.isAssertion(assertionElement))
- throw new WSTrustException("CancelTarget doesn't not contain a SAMLV2.0 assertion");
+ throw new ProcessingException("CancelTarget doesn't not contain a SAMLV2.0 assertion");
// get the assertion ID and add it to the canceled assertions set.
String assertionId = assertionElement.getAttribute("ID");
@@ -203,8 +207,11 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* issueToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void issueToken( ProtocolContext protoContext) throws WSTrustException
+ public void issueToken( ProtocolContext protoContext) throws ProcessingException
{
+ if(! (protoContext instanceof WSTrustRequestContext) )
+ return;
+
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
// generate an id for the new assertion.
String assertionID = IDGenerator.create("ID_");
@@ -277,7 +284,7 @@
}
catch (Exception e)
{
- throw new WSTrustException("Failed to marshall SAMLV2 assertion", e);
+ throw new ProcessingException("Failed to marshall SAMLV2 assertion", e);
}
SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(),
@@ -299,16 +306,19 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* renewToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void renewToken( ProtocolContext protoContext ) throws WSTrustException
+ public void renewToken( ProtocolContext protoContext ) throws ProcessingException
{
+ if(! (protoContext instanceof WSTrustRequestContext) )
+ return;
+
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
// get the specified assertion that must be renewed.
Element token = (Element) context.getRequestSecurityToken().getRenewTargetElement();
if (token == null)
- throw new WSTrustException("Invalid renew request: missing required RenewTarget");
+ throw new ProcessingException("Invalid renew request: missing required RenewTarget");
Element oldAssertionElement = (Element) token.getFirstChild();
if (!this.isAssertion(oldAssertionElement))
- throw new WSTrustException("RenewTarget doesn't not contain a SAMLV2.0 assertion");
+ throw new ProcessingException("RenewTarget doesn't not contain a SAMLV2.0 assertion");
// get the JAXB representation of the old assertion.
AssertionType oldAssertion = null;
@@ -318,12 +328,12 @@
}
catch ( Exception je )
{
- throw new WSTrustException("Error unmarshalling assertion", je);
+ throw new ProcessingException("Error unmarshalling assertion", je);
}
// canceled assertions cannot be renewed.
if (this.revocationRegistry.isRevoked(SAMLUtil.SAML2_TOKEN_TYPE, oldAssertion.getID()))
- throw new WSTrustException("Assertion with id " + oldAssertion.getID()
+ throw new ProcessingException("Assertion with id " + oldAssertion.getID()
+ " has been canceled and cannot be renewed");
// adjust the lifetime for the renewed assertion.
@@ -350,7 +360,7 @@
}
catch (Exception e)
{
- throw new WSTrustException("Failed to marshall SAMLV2 assertion", e);
+ throw new ProcessingException("Failed to marshall SAMLV2 assertion", e);
}
SecurityToken securityToken = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType()
.toString(), assertionElement, assertionID);
@@ -370,8 +380,11 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* validateToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void validateToken( ProtocolContext protoContext ) throws WSTrustException
+ public void validateToken( ProtocolContext protoContext ) throws ProcessingException
{
+ if(! (protoContext instanceof WSTrustRequestContext) )
+ return;
+
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
if (logger.isTraceEnabled())
logger.trace("SAML V2.0 token validation started");
@@ -379,7 +392,7 @@
// get the SAML assertion that must be validated.
Element token = context.getRequestSecurityToken().getValidateTargetElement();
if (token == null)
- throw new WSTrustException("Bad validate request: missing required ValidateTarget");
+ throw new ProcessingException("Bad validate request: missing required ValidateTarget");
String code = WSTrustConstants.STATUS_CODE_VALID;
String reason = "SAMLV2.0 Assertion successfuly validated";
@@ -399,7 +412,7 @@
}
catch ( Exception e )
{
- throw new WSTrustException("Unmarshalling error:", e);
+ throw new ProcessingException("Unmarshalling error:", e);
}
}
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -797,7 +797,7 @@
{
assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
assertEquals("Unexpected exception message", "Assertion with id " + assertion.getAttribute("ID")
- + " has been canceled and cannot be renewed", we.getCause().getMessage());
+ + " has been canceled and cannot be renewed", we.getCause().getCause().getMessage());
}
}
@@ -827,9 +827,7 @@
catch (WebServiceException we)
{
assertNotNull("Unexpected null cause", we.getCause());
- assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
- assertEquals("Unexpected exception message", "Unable to find a token provider for the token request", we
- .getCause().getMessage());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
}
}
@@ -857,8 +855,8 @@
{
assertNotNull("Unexpected null cause", we.getCause());
assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
- assertEquals("Either AppliesTo or TokenType must be present in a security token request", we.getCause()
- .getMessage());
+ /*assertEquals("Either AppliesTo or TokenType must be present in a security token request", we.getCause()
+ .getMessage());*/
}
// a request that asks for a public key to be used as proof key will fail if the public key is not available.
@@ -934,8 +932,8 @@
{
assertNotNull("Unexpected null cause", we.getCause());
assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
- assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken", we.getCause()
- .getMessage());
+ /*assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken", we.getCause()
+ .getMessage());*/
}
}
@@ -988,7 +986,14 @@
try
{
this.tokenService.invoke(requestMessage);
- fail("An exception should have been raised by the security token service");
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ RequestSecurityTokenResponseCollection baseResponseColl = (RequestSecurityTokenResponseCollection) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ RequestSecurityTokenResponse response = baseResponseColl.getRequestSecurityTokenResponses().get(0);
+ StatusType status = response.getStatus();
+ assertTrue( status.getCode().equals( WSTrustConstants.STATUS_CODE_INVALID ));
+ //fail("An exception should have been raised by the security token service");
}
catch (WebServiceException we)
{
@@ -1054,7 +1059,7 @@
{
assertNotNull("Unexpected null cause", we.getCause());
assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
- assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken", we.getCause()
+ assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken", we.getCause().getCause()
.getMessage());
}
}
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -26,6 +26,7 @@
import java.util.Map;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
@@ -33,7 +34,6 @@
import org.picketlink.identity.federation.core.wstrust.SecurityToken;
import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
-import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -65,7 +65,7 @@
*
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void cancelToken( ProtocolContext protoContext ) throws WSTrustException
+ public void cancelToken( ProtocolContext protoContext ) throws ProcessingException
{
}
@@ -74,7 +74,7 @@
*
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void issueToken( ProtocolContext protoContext) throws WSTrustException
+ public void issueToken( ProtocolContext protoContext) throws ProcessingException
{
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
@@ -123,7 +123,7 @@
*
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void renewToken( ProtocolContext protoContext ) throws WSTrustException
+ public void renewToken( ProtocolContext protoContext ) throws ProcessingException
{
}
@@ -132,7 +132,7 @@
*
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void validateToken( ProtocolContext protoContext ) throws WSTrustException
+ public void validateToken( ProtocolContext protoContext ) throws ProcessingException
{
}
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/core/HTTPContext.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/core/HTTPContext.java 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/core/HTTPContext.java 2010-12-28 19:44:29 UTC (rev 619)
@@ -24,6 +24,7 @@
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.namespace.QName;
import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
@@ -81,4 +82,19 @@
this.servletContext = sctx;
return this;
}
+
+ public String serviceName()
+ {
+ return null;
+ }
+
+ public String tokenType()
+ {
+ return null;
+ }
+
+ public QName getQName()
+ {
+ return null;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/web.xml
===================================================================
--- federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/web.xml 2010-12-22 21:45:18 UTC (rev 618)
+++ federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/web.xml 2010-12-28 19:44:29 UTC (rev 619)
@@ -15,7 +15,7 @@
<security-constraint>
<web-resource-collection>
- <web-resource-name>UsernameService</web-resource-name>
+ <web-resource-name>PicketLinkSTSService</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
13 years, 11 months
Picketlink SVN: r618 - in integration-tests/trunk/picketlink-sts-tests: src/test/java/org/picketlink/test/integration/sts and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2010-12-22 16:45:18 -0500 (Wed, 22 Dec 2010)
New Revision: 618
Modified:
integration-tests/trunk/picketlink-sts-tests/.classpath
integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/PicketLinkSTSIntegrationUnitTestCase.java
Log:
Fixed STS integration tests
Modified: integration-tests/trunk/picketlink-sts-tests/.classpath
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/.classpath 2010-12-22 19:06:56 UTC (rev 617)
+++ integration-tests/trunk/picketlink-sts-tests/.classpath 2010-12-22 21:45:18 UTC (rev 618)
@@ -1,17 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="src/test/java" output="target/test-classes" including="**/*.java"/>
- <classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2.jar" sourcepath="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7.jar" sourcepath="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/rhino/js/1.6R7/js-1.6R7.jar"/>
- <classpathentry kind="var" path="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev.jar" sourcepath="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/4.4/junit-4.4.jar" sourcepath="M2_REPO/junit/junit/4.4/junit-4.4-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/nekohtml/nekohtml/1.9.12/nekohtml-1.9.12.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-</classpath>
\ No newline at end of file
+ <classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+ <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Modified: integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/PicketLinkSTSIntegrationUnitTestCase.java
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/PicketLinkSTSIntegrationUnitTestCase.java 2010-12-22 19:06:56 UTC (rev 617)
+++ integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/PicketLinkSTSIntegrationUnitTestCase.java 2010-12-22 21:45:18 UTC (rev 618)
@@ -30,7 +30,6 @@
import java.security.spec.RSAPublicKeySpec;
import java.util.List;
-import javax.xml.bind.JAXBElement;
import javax.xml.datatype.DatatypeConstants;
import javax.xml.ws.WebServiceException;
@@ -44,7 +43,7 @@
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AudienceRestrictionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionAbstractType;
@@ -59,8 +58,8 @@
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType;
import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
-import org.picketlink.identity.xmlsec.w3.xmlenc.EncryptedKeyType;
import org.w3c.dom.Element;
/**
@@ -122,7 +121,8 @@
*
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAML20() throws Exception
@@ -135,7 +135,7 @@
// in this scenario, the conditions section should NOT have an audience restriction.
ConditionsType conditionsType = assertion.getConditions();
-
+
List<ConditionAbstractType> conditions = conditionsType.getConditions();
Assert.assertEquals("Unexpected restriction list size", 0, conditions.size());
}
@@ -147,7 +147,8 @@
* case, the request should be handled by the standard {@code SAML20TokenProvider}.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAML20AppliesTo() throws Exception
@@ -161,14 +162,14 @@
// in this scenario, the conditions section should have an audience restriction.
ConditionsType conditionsType = assertion.getConditions();
List<ConditionAbstractType> conditions = conditionsType.getConditions();
-
+
Assert.assertEquals("Unexpected restriction list size", 1, conditions.size());
ConditionAbstractType abstractType = conditions.get(0);
Assert.assertTrue("Unexpected restriction type", abstractType instanceof AudienceRestrictionType);
AudienceRestrictionType audienceRestriction = (AudienceRestrictionType) abstractType;
Assert.assertEquals("Unexpected audience restriction list size", 1, audienceRestriction.getAudience().size());
Assert.assertEquals("Unexpected audience restriction item", "http://services.testcorp.org/provider1",
- audienceRestriction.getAudience().get(0));
+ audienceRestriction.getAudience().get(0).toString());
}
@@ -179,7 +180,8 @@
* the request).
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAML20OnBehalfOf() throws Exception
@@ -211,7 +213,8 @@
* this key as the proof token. The WS-Trust response should contain the STS-generated key.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAML20WithSTSGeneratedSymmetricKey() throws Exception
@@ -231,7 +234,8 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0);
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation()
+ .get(0);
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
// TODO: client API must allow access to the WS-Trust response for retrieval of the proof token.
@@ -245,7 +249,8 @@
* should include the STS key to allow reconstruction of the combined key and the algorithm used to combine the keys.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAML20WithCombinedSymmetricKey() throws Exception
@@ -277,7 +282,8 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0) ;
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation()
+ .get(0);
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
// TODO: client API must allow access to the WS-Trust response for retrieval of the server entropy and algorithm.
@@ -289,7 +295,8 @@
* The STS must include the specified certificate in the SAML subject confirmation.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAML20WithCertificate() throws Exception
@@ -312,7 +319,8 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0);
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation()
+ .get(0);
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, false);
}
@@ -322,7 +330,8 @@
* STS must include the specified public key in the SAML subject confirmation.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAML20WithPublicKey() throws Exception
@@ -346,7 +355,8 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0);
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation()
+ .get(0);
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, true);
}
@@ -356,7 +366,8 @@
* assertion renewed (i.e. get a new assertion with an updated lifetime).
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testRenewSAML20() throws Exception
@@ -390,7 +401,8 @@
* the assertion validated, checking the validation results.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testValidateSAML20() throws Exception
@@ -415,7 +427,8 @@
* the assertion. A canceled assertion cannot be renewed or considered valid anymore.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testCancelSAML20() throws Exception
@@ -453,7 +466,8 @@
* security token service.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueUnknownTokenType() throws Exception
@@ -477,12 +491,16 @@
* Validates the contents of the specified SAML 2.0 assertion.
* </p>
*
- * @param assertionElement the SAML 2.0 assertion to be validated.
- * @param assertionPrincipal the principal that is expected to be seen in the assertion subject.
- * @param confirmationMethod the expected confirmation method.
+ * @param assertionElement
+ * the SAML 2.0 assertion to be validated.
+ * @param assertionPrincipal
+ * the principal that is expected to be seen in the assertion subject.
+ * @param confirmationMethod
+ * the expected confirmation method.
* @return The SAML assertion JAXB representation. This object can be used by the test methods to perform extra
* validations depending on the scenario being tested.
- * @throws Exception if an error occurs while validating the assertion.
+ * @throws Exception
+ * if an error occurs while validating the assertion.
*/
private AssertionType validateSAML20Assertion(Element assertionElement, String assertionPrincipal,
String confirmationMethod) throws Exception
@@ -497,14 +515,14 @@
// validate the assertion subject.
Assert.assertNotNull("Unexpected null subject", assertion.getSubject());
-
+
SubjectType subject = assertion.getSubject();
NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
-
+
Assert.assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID
.getNameQualifier());
- Assert.assertEquals("Unexpected name id value", assertionPrincipal, nameID.getValue());
- SubjectConfirmationType subjType = (SubjectConfirmationType) subject.getSubType().getConfirmation().get(0);
+ Assert.assertEquals("Unexpected name id value", assertionPrincipal, nameID.getValue());
+ SubjectConfirmationType subjType = (SubjectConfirmationType) subject.getConfirmation().get(0);
Assert.assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getMethod());
// validate the assertion conditions.
@@ -524,33 +542,33 @@
* confirmation method has been used.
* </p>
*
- * @param subjectConfirmation the {@code SubjectConfirmationType} to be validated.
- * @param keyType the type of the proof-of-possession key (Symmetric or Public).
- * @param certificate the certificate used in the Public Key scenarios.
- * @param usePublicKey {@code true} if the certificate's Public Key was used as the proof-of-possession token;
- * {@code false} otherwise.
- * @throws Exception if an error occurs while performing the validation.
+ * @param subjectConfirmation
+ * the {@code SubjectConfirmationType} to be validated.
+ * @param keyType
+ * the type of the proof-of-possession key (Symmetric or Public).
+ * @param certificate
+ * the certificate used in the Public Key scenarios.
+ * @param usePublicKey
+ * {@code true} if the certificate's Public Key was used as the proof-of-possession token; {@code false}
+ * otherwise.
+ * @throws Exception
+ * if an error occurs while performing the validation.
*/
private void validateHolderOfKeyContents(SubjectConfirmationType subjectConfirmation, String keyType,
Certificate certificate, boolean usePublicKey) throws Exception
{
SubjectConfirmationDataType subjConfirmationDataType = subjectConfirmation.getSubjectConfirmationData();
Assert.assertNotNull("Unexpected null subject confirmation data", subjConfirmationDataType);
- throw new RuntimeException( "FIX" );
- /*List<Object> confirmationContent = subjConfirmationDataType.getContent();
- Assert.assertEquals("Unexpected subject confirmation content size", 1, confirmationContent.size());
- JAXBElement<?> keyInfoElement = (JAXBElement<?>) confirmationContent.get(0);
- Assert.assertEquals("Unexpected subject confirmation context type", KeyInfoType.class, keyInfoElement
- .getDeclaredType());
- KeyInfoType keyInfo = (KeyInfoType) keyInfoElement.getValue();
+
+ KeyInfoType keyInfo = (KeyInfoType) subjConfirmationDataType.getAnyType();
Assert.assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size());
// if the key is a symmetric key, the KeyInfo should contain an encrypted element.
if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equals(keyType))
{
- JAXBElement<?> encKeyElement = (JAXBElement<?>) keyInfo.getContent().get(0);
- Assert.assertEquals("Unexpected key info content type", EncryptedKeyType.class, encKeyElement
- .getDeclaredType());
+ Element encKeyElement = (Element) keyInfo.getContent().get(0);
+ Assert.assertEquals("Unexpected key info content type", WSTrustConstants.XMLEnc.ENCRYPTED_KEY, encKeyElement
+ .getLocalName());
}
// if the key is public, KeyInfo should either contain an encoded certificate or an encoded public key.
else if (WSTrustConstants.KEY_TYPE_PUBLIC.equals(keyType))
@@ -558,20 +576,15 @@
// if the public key has been used as proof, we should be able to retrieve it from KeyValueType.
if (usePublicKey == true)
{
- JAXBElement<?> keyValueElement = (JAXBElement<?>) keyInfo.getContent().get(0);
- Assert.assertEquals("Unexpected key info content type", KeyValueType.class, keyValueElement
- .getDeclaredType());
- KeyValueType keyValue = (KeyValueType) keyValueElement.getValue();
+ KeyValueType keyValue = (KeyValueType) keyInfo.getContent().get(0);
List<Object> keyValueContent = keyValue.getContent();
Assert.assertEquals("Unexpected key value content size", 1, keyValueContent.size());
- JAXBElement<?> rsaKeyValueElement = (JAXBElement<?>) keyValue.getContent().get(0);
- Assert.assertEquals("Unexpected key value content type", RSAKeyValueType.class, rsaKeyValueElement
- .getDeclaredType());
- RSAKeyValueType rsaKeyValue = (RSAKeyValueType) rsaKeyValueElement.getValue();
+ Assert.assertEquals("Unexpected key value content type", RSAKeyValueType.class, keyValueContent.get(0).getClass());
+ RSAKeyValueType rsaKeyValue = (RSAKeyValueType) keyValueContent.get(0);
// reconstruct the public key and check if it matches the public key of the provided certificate.
- BigInteger modulus = new BigInteger(1, rsaKeyValue.getModulus());
- BigInteger exponent = new BigInteger(1, rsaKeyValue.getExponent());
+ BigInteger modulus = new BigInteger(1, Base64.decode(new String(rsaKeyValue.getModulus())));
+ BigInteger exponent = new BigInteger(1, Base64.decode(new String(rsaKeyValue.getExponent())));
KeyFactory factory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
RSAPublicKey genKey = (RSAPublicKey) factory.generatePublic(spec);
@@ -580,22 +593,19 @@
// if the whole certificate was used as proof, we should be able to retrieve it from X509DataType.
else
{
- JAXBElement<?> x509DataElement = (JAXBElement<?>) keyInfo.getContent().get(0);
- Assert.assertEquals("Unexpected key info content type", X509DataType.class, x509DataElement
- .getDeclaredType());
- X509DataType x509Data = (X509DataType) x509DataElement.getValue();
+ X509DataType x509Data = (X509DataType) keyInfo.getContent().get(0);
Assert.assertEquals("Unexpected X509 data content size", 1, x509Data
.getX509IssuerSerialOrX509SKIOrX509SubjectName().size());
- JAXBElement<?> x509CertElement = (JAXBElement<?>) x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName()
- .get(0);
- Assert.assertEquals("Unexpected X509 data content type", byte[].class, x509CertElement.getDeclaredType());
- byte[] encodedCertificate = (byte[]) x509CertElement.getValue();
+ Object content = x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0);
+ Assert.assertTrue("Unexpected X509 data content type", content instanceof X509CertificateType);
+ byte[] encodedCertificate = ((X509CertificateType) content).getEncodedCertificate();
// reconstruct the certificate and check if it matches the provided certificate.
- ByteArrayInputStream byteInputStream = new ByteArrayInputStream(encodedCertificate);
+ ByteArrayInputStream byteInputStream = new ByteArrayInputStream(Base64.decode(encodedCertificate, 0,
+ encodedCertificate.length));
Assert.assertEquals("Invalid certificate in key info", certificate, CertificateFactory.getInstance("X.509")
.generateCertificate(byteInputStream));
}
- }*/
+ }
}
}
\ No newline at end of file
13 years, 11 months
Picketlink SVN: r617 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/wstrust and 2 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-22 14:06:56 -0500 (Wed, 22 Dec 2010)
New Revision: 617
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
Removed:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityTokenProvider.java
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSConfiguration.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustRequestContext.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
Log:
abstract the token provider interface
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -0,0 +1,97 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.interfaces;
+
+import java.util.Map;
+
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+
+/**
+ * <p>
+ * This interface defines the methods that must be implemented by security token providers.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface SecurityTokenProvider
+{
+ /**
+ * <p>
+ * Initializes the {@code SecurityTokenProvider} using the specified properties map.
+ * </p>
+ *
+ * @param properties a {@code Map<String, String>} that contains the properties that have been configured for
+ * this {@code SecurityTokenProvider}.
+ */
+ public void initialize(Map<String, String> properties);
+
+ /**
+ * Specify whether this token provider supports a particular namespace
+ * @param namespace a string value representing a namespace
+ * @return
+ */
+ public boolean supports( String namespace );
+
+ /**
+ * <p>
+ * Generates a security token using the information contained in the specified request context and stores the
+ * newly-created token in the context itself.
+ * </p>
+ *
+ * @param context the {@code ProtocolContext} to be used when generating the token.
+ * @throws WSTrustException if an error occurs while creating the security token.
+ */
+ public void issueToken( ProtocolContext context) throws WSTrustException;
+
+ /**
+ * <p>
+ * Renews the security token contained in the specified request context. This method is used when a previously
+ * generated token has expired, generating a new version of the same token with different expiration semantics.
+ * </p>
+ *
+ * @param context the {@code ProtocolContext} that contains the token to be renewed.
+ * @throws WSTrustException if an error occurs while renewing the security token.
+ */
+ public void renewToken( ProtocolContext context) throws WSTrustException;
+
+ /**
+ * <p>
+ * Cancels the token contained in the specified request context. A security token is usually canceled when one wants
+ * to make sure that the token will not be used anymore. A security token can't be renewed once it has been canceled.
+ * </p>
+ *
+ * @param context the {@code ProtocolContext} that contains the token to be canceled.
+ * @throws WSTrustException if an error occurs while canceling the security token.
+ */
+ public void cancelToken( ProtocolContext context) throws WSTrustException;
+
+ /**
+ * <p>
+ * Evaluates the validity of the token contained in the specified request context and sets the result in the context
+ * itself. The result can be a status, a new token, or both.
+ * </p>
+ *
+ * @param context the {@code ProtocolContext} that contains the token to be validated.
+ * @throws WSTrustException if an error occurs while validating the security token.
+ */
+ public void validateToken( ProtocolContext context) throws WSTrustException;
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -39,6 +39,7 @@
import org.picketlink.identity.federation.core.config.ServiceProvidersType;
import org.picketlink.identity.federation.core.config.TokenProviderType;
import org.picketlink.identity.federation.core.config.TokenProvidersType;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSConfiguration.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSConfiguration.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSConfiguration.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -25,6 +25,8 @@
import java.security.PublicKey;
import java.security.cert.Certificate;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+
/**
* <p>
* The {@code STSConfiguration} interface allows access to the security token service (STS) configuration attributes.
Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityTokenProvider.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityTokenProvider.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -1,88 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.wstrust;
-
-import java.util.Map;
-
-/**
- * <p>
- * This interface defines the methods that must be implemented by security token providers.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public interface SecurityTokenProvider
-{
- /**
- * <p>
- * Initializes the {@code SecurityTokenProvider} using the specified properties map.
- * </p>
- *
- * @param properties a {@code Map<String, String>} that contains the properties that have been configured for
- * this {@code SecurityTokenProvider}.
- */
- public void initialize(Map<String, String> properties);
-
- /**
- * <p>
- * Generates a security token using the information contained in the specified request context and stores the
- * newly-created token in the context itself.
- * </p>
- *
- * @param context the {@code WSTrustRequestContext} to be used when generating the token.
- * @throws WSTrustException if an error occurs while creating the security token.
- */
- public void issueToken(WSTrustRequestContext context) throws WSTrustException;
-
- /**
- * <p>
- * Renews the security token contained in the specified request context. This method is used when a previously
- * generated token has expired, generating a new version of the same token with different expiration semantics.
- * </p>
- *
- * @param context the {@code WSTrustRequestContext} that contains the token to be renewed.
- * @throws WSTrustException if an error occurs while renewing the security token.
- */
- public void renewToken(WSTrustRequestContext context) throws WSTrustException;
-
- /**
- * <p>
- * Cancels the token contained in the specified request context. A security token is usually canceled when one wants
- * to make sure that the token will not be used anymore. A security token can't be renewed once it has been canceled.
- * </p>
- *
- * @param context the {@code WSTrustRequestContext} that contains the token to be canceled.
- * @throws WSTrustException if an error occurs while canceling the security token.
- */
- public void cancelToken(WSTrustRequestContext context) throws WSTrustException;
-
- /**
- * <p>
- * Evaluates the validity of the token contained in the specified request context and sets the result in the context
- * itself. The result can be a status, a new token, or both.
- * </p>
- *
- * @param context the {@code WSTrustRequestContext} that contains the token to be validated.
- * @throws WSTrustException if an error occurs while validating the security token.
- */
- public void validateToken(WSTrustRequestContext context) throws WSTrustException;
-}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -30,6 +30,7 @@
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.Base64;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustRequestContext.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustRequestContext.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustRequestContext.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -25,6 +25,7 @@
import java.security.PublicKey;
import java.util.Map;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.ws.trust.RequestedReferenceType;
import org.picketlink.identity.federation.ws.trust.StatusType;
@@ -39,7 +40,7 @@
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
*/
-public class WSTrustRequestContext
+public class WSTrustRequestContext implements ProtocolContext
{
// information supplied by the request handler.
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -24,6 +24,8 @@
import java.security.PrivilegedActionException;
import java.util.Map;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+
/**
* <p>
* Factory class used for instantiating pluggable services, such as the {@code WSTrustRequestHandler} and
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -27,12 +27,13 @@
import javax.xml.namespace.QName;
import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.wstrust.SecurityToken;
-import org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider;
import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
@@ -179,8 +180,10 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* cancelToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void cancelToken(WSTrustRequestContext context) throws WSTrustException
+ public void cancelToken( ProtocolContext protoContext) throws WSTrustException
{
+ WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
+
// get the assertion that must be canceled.
Element token = (Element) context.getRequestSecurityToken().getCancelTargetElement();
if (token == null)
@@ -200,8 +203,9 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* issueToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void issueToken(WSTrustRequestContext context) throws WSTrustException
+ public void issueToken( ProtocolContext protoContext) throws WSTrustException
{
+ WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
// generate an id for the new assertion.
String assertionID = IDGenerator.create("ID_");
@@ -295,8 +299,9 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* renewToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void renewToken(WSTrustRequestContext context) throws WSTrustException
+ public void renewToken( ProtocolContext protoContext ) throws WSTrustException
{
+ WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
// get the specified assertion that must be renewed.
Element token = (Element) context.getRequestSecurityToken().getRenewTargetElement();
if (token == null)
@@ -365,8 +370,9 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* validateToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void validateToken(WSTrustRequestContext context) throws WSTrustException
+ public void validateToken( ProtocolContext protoContext ) throws WSTrustException
{
+ WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
if (logger.isTraceEnabled())
logger.trace("SAML V2.0 token validation started");
@@ -441,4 +447,11 @@
&& WSTrustConstants.SAML2_ASSERTION_NS.equals(element.getNamespaceURI());
}
+ /**
+ * @see {@code SecurityTokenProvider#supports(String)}
+ */
+ public boolean supports(String namespace)
+ {
+ return WSTrustConstants.BASE_NAMESPACE.equals(namespace);
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -47,6 +47,7 @@
import org.picketlink.identity.federation.core.config.STSType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
@@ -54,7 +55,6 @@
import org.picketlink.identity.federation.core.wstrust.PicketLinkSTS;
import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration;
import org.picketlink.identity.federation.core.wstrust.STSConfiguration;
-import org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider;
import org.picketlink.identity.federation.core.wstrust.StandardRequestHandler;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -26,11 +26,13 @@
import java.util.Map;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.wstrust.SecurityToken;
-import org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider;
import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext;
import org.w3c.dom.Document;
@@ -63,7 +65,7 @@
*
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void cancelToken(WSTrustRequestContext context) throws WSTrustException
+ public void cancelToken( ProtocolContext protoContext ) throws WSTrustException
{
}
@@ -72,8 +74,10 @@
*
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void issueToken(WSTrustRequestContext context) throws WSTrustException
+ public void issueToken( ProtocolContext protoContext) throws WSTrustException
{
+ WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
+
// create a simple sample token using the info from the request.
String caller = context.getCallerPrincipal() == null ? "anonymous" : context.getCallerPrincipal().getName();
URI tokenType = context.getRequestSecurityToken().getTokenType();
@@ -119,7 +123,7 @@
*
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void renewToken(WSTrustRequestContext context) throws WSTrustException
+ public void renewToken( ProtocolContext protoContext ) throws WSTrustException
{
}
@@ -128,7 +132,7 @@
*
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void validateToken(WSTrustRequestContext context) throws WSTrustException
+ public void validateToken( ProtocolContext protoContext ) throws WSTrustException
{
}
@@ -143,4 +147,9 @@
{
return this.properties;
}
-}
+
+ public boolean supports(String namespace)
+ {
+ return WSTrustConstants.BASE_NAMESPACE.equals(namespace);
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2010-12-21 19:41:30 UTC (rev 616)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2010-12-22 19:06:56 UTC (rev 617)
@@ -27,9 +27,9 @@
import junit.framework.TestCase;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration;
import org.picketlink.identity.federation.core.wstrust.STSConfiguration;
-import org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider;
import org.picketlink.identity.federation.core.wstrust.StandardRequestHandler;
import org.picketlink.identity.federation.core.wstrust.WSTrustRequestHandler;
import org.picketlink.identity.federation.core.wstrust.WSTrustServiceFactory;
13 years, 11 months
Picketlink SVN: r616 - federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-21 14:41:30 -0500 (Tue, 21 Dec 2010)
New Revision: 616
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
Log:
use toString for the URI
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2010-12-21 17:15:03 UTC (rev 615)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2010-12-21 19:41:30 UTC (rev 616)
@@ -418,7 +418,7 @@
StatusType statusType = statusResponseType.getStatus();
StatusCodeType statusCode = statusType.getStatusCode();
StatusCodeType secondLevelstatusCode = statusCode.getStatusCode();
- if(secondLevelstatusCode.getValue().equals(JBossSAMLURIConstants.STATUS_SUCCESS.get()))
+ if(secondLevelstatusCode.getValue().toString().equals(JBossSAMLURIConstants.STATUS_SUCCESS.get()))
{
//we are successfully logged out
session.invalidate();
13 years, 11 months
Picketlink SVN: r615 - in integration-tests/trunk/picketlink-sts-tests: src/test/java/org/picketlink/test/integration/sts and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-21 12:15:03 -0500 (Tue, 21 Dec 2010)
New Revision: 615
Modified:
integration-tests/trunk/picketlink-sts-tests/.classpath
integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/PicketLinkSTSIntegrationUnitTestCase.java
Log:
fix test
Modified: integration-tests/trunk/picketlink-sts-tests/.classpath
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/.classpath 2010-12-20 22:35:31 UTC (rev 614)
+++ integration-tests/trunk/picketlink-sts-tests/.classpath 2010-12-21 17:15:03 UTC (rev 615)
@@ -2,6 +2,16 @@
<classpathentry kind="src" path="src/test/java" output="target/test-classes" including="**/*.java"/>
<classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
<classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2.jar" sourcepath="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7.jar" sourcepath="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/rhino/js/1.6R7/js-1.6R7.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev.jar" sourcepath="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/4.4/junit-4.4.jar" sourcepath="M2_REPO/junit/junit/4.4/junit-4.4-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/nekohtml/nekohtml/1.9.12/nekohtml-1.9.12.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
</classpath>
\ No newline at end of file
Modified: integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/PicketLinkSTSIntegrationUnitTestCase.java
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/PicketLinkSTSIntegrationUnitTestCase.java 2010-12-20 22:35:31 UTC (rev 614)
+++ integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/PicketLinkSTSIntegrationUnitTestCase.java 2010-12-21 17:15:03 UTC (rev 615)
@@ -44,14 +44,15 @@
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
-import org.picketlink.identity.federation.saml.v2.assertion.ConditionAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AudienceRestrictionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.ws.trust.BinarySecretType;
import org.picketlink.identity.federation.ws.trust.EntropyType;
import org.picketlink.identity.federation.ws.trust.UseKeyType;
@@ -133,9 +134,10 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin", SAMLUtil.SAML2_BEARER_URI);
// in this scenario, the conditions section should NOT have an audience restriction.
- ConditionsType conditions = assertion.getConditions();
- Assert.assertEquals("Unexpected restriction list size", 0, conditions
- .getConditionOrAudienceRestrictionOrOneTimeUse().size());
+ ConditionsType conditionsType = assertion.getConditions();
+
+ List<ConditionAbstractType> conditions = conditionsType.getConditions();
+ Assert.assertEquals("Unexpected restriction list size", 0, conditions.size());
}
/**
@@ -157,10 +159,11 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin", SAMLUtil.SAML2_BEARER_URI);
// in this scenario, the conditions section should have an audience restriction.
- ConditionsType conditions = assertion.getConditions();
- Assert.assertEquals("Unexpected restriction list size", 1, conditions
- .getConditionOrAudienceRestrictionOrOneTimeUse().size());
- ConditionAbstractType abstractType = conditions.getConditionOrAudienceRestrictionOrOneTimeUse().get(0);
+ ConditionsType conditionsType = assertion.getConditions();
+ List<ConditionAbstractType> conditions = conditionsType.getConditions();
+
+ Assert.assertEquals("Unexpected restriction list size", 1, conditions.size());
+ ConditionAbstractType abstractType = conditions.get(0);
Assert.assertTrue("Unexpected restriction type", abstractType instanceof AudienceRestrictionType);
AudienceRestrictionType audienceRestriction = (AudienceRestrictionType) abstractType;
Assert.assertEquals("Unexpected audience restriction list size", 1, audienceRestriction.getAudience().size());
@@ -198,8 +201,7 @@
// we haven't specified the service endpoint URI, so no restrictions should be visible.
ConditionsType conditions = assertion.getConditions();
- Assert.assertEquals("Unexpected restriction list size", 0, conditions
- .getConditionOrAudienceRestrictionOrOneTimeUse().size());
+ Assert.assertEquals("Unexpected restriction list size", 0, conditions.getConditions().size());
}
/**
@@ -229,8 +231,7 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getContent().get(1)
- .getValue();
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0);
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
// TODO: client API must allow access to the WS-Trust response for retrieval of the proof token.
@@ -276,8 +277,7 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getContent().get(1)
- .getValue();
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0) ;
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
// TODO: client API must allow access to the WS-Trust response for retrieval of the server entropy and algorithm.
@@ -312,8 +312,7 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getContent().get(1)
- .getValue();
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0);
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, false);
}
@@ -347,8 +346,7 @@
AssertionType assertion = this.validateSAML20Assertion(assertionElement, "admin",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getContent().get(1)
- .getValue();
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0);
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, true);
}
@@ -499,16 +497,14 @@
// validate the assertion subject.
Assert.assertNotNull("Unexpected null subject", assertion.getSubject());
- List<JAXBElement<?>> content = assertion.getSubject().getContent();
- Assert.assertNotNull("Unexpected null subject content");
- Assert.assertEquals(2, content.size());
- Assert.assertEquals("Unexpected type found", NameIDType.class, content.get(0).getDeclaredType());
- NameIDType nameID = (NameIDType) content.get(0).getValue();
+
+ SubjectType subject = assertion.getSubject();
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
+
Assert.assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID
.getNameQualifier());
- Assert.assertEquals("Unexpected name id value", assertionPrincipal, nameID.getValue());
- Assert.assertEquals("Unexpected type found", SubjectConfirmationType.class, content.get(1).getDeclaredType());
- SubjectConfirmationType subjType = (SubjectConfirmationType) content.get(1).getValue();
+ Assert.assertEquals("Unexpected name id value", assertionPrincipal, nameID.getValue());
+ SubjectConfirmationType subjType = (SubjectConfirmationType) subject.getSubType().getConfirmation().get(0);
Assert.assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getMethod());
// validate the assertion conditions.
@@ -540,7 +536,8 @@
{
SubjectConfirmationDataType subjConfirmationDataType = subjectConfirmation.getSubjectConfirmationData();
Assert.assertNotNull("Unexpected null subject confirmation data", subjConfirmationDataType);
- List<Object> confirmationContent = subjConfirmationDataType.getContent();
+ throw new RuntimeException( "FIX" );
+ /*List<Object> confirmationContent = subjConfirmationDataType.getContent();
Assert.assertEquals("Unexpected subject confirmation content size", 1, confirmationContent.size());
JAXBElement<?> keyInfoElement = (JAXBElement<?>) confirmationContent.get(0);
Assert.assertEquals("Unexpected subject confirmation context type", KeyInfoType.class, keyInfoElement
@@ -599,6 +596,6 @@
Assert.assertEquals("Invalid certificate in key info", certificate, CertificateFactory.getInstance("X.509")
.generateCertificate(byteInputStream));
}
- }
+ }*/
}
}
\ No newline at end of file
13 years, 11 months
Picketlink SVN: r614 - in federation/trunk: picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth and 7 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-20 17:35:31 -0500 (Mon, 20 Dec 2010)
New Revision: 614
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataBuilder.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataExtractor.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/FileBasedEntityMetadataProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
Log:
changes
Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -22,27 +22,17 @@
package org.picketlink.test.identity.federation.bindings.servlets;
import java.io.InputStream;
-import java.net.URL;
-import java.net.URLConnection;
import javax.xml.bind.JAXBElement;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
import junit.framework.TestCase;
+import org.jboss.security.xacml.core.model.context.RequestType;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
-import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
-//import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.w3c.dom.Document;
-import org.jboss.security.xacml.core.model.context.DecisionType;
-import org.jboss.security.xacml.core.model.context.RequestType;
-import org.jboss.security.xacml.core.model.context.ResultType;
/**
Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -3,14 +3,13 @@
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
-import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.jboss.security.SecurityContextAssociation;
-import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenAttributeProvider;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenAttributeProvider;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
@@ -107,5 +106,4 @@
return attributeStatement;
}
}
-
-}
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataBuilder.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataBuilder.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataBuilder.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -23,14 +23,15 @@
import java.util.List;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-
import org.picketlink.identity.federation.core.saml.md.providers.MetaDataBuilderDelegate;
-import org.picketlink.identity.federation.newmodel.saml.v2.metadata.*;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.OrganizationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SSODescriptorType;
/**
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataExtractor.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataExtractor.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataExtractor.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -21,13 +21,18 @@
*/
package org.picketlink.identity.federation.api.saml.v2.metadata;
+import java.io.StringWriter;
import java.util.List;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IndexedEndpointType;
-import org.picketlink.identity.federation.newmodel.saml.v2.metadata.RoleDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SSODescriptorType;
@@ -49,10 +54,24 @@
*/
public static String toString(EntityDescriptorType edt)
{
- StringBuilder builder = new StringBuilder();
- throw new RuntimeException();
- /* List<RoleDescriptorType> rolesD = edt.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
+ StringWriter sw = new StringWriter();
+ try
+ {
+ XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(sw );
+
+ SAMLMetadataWriter metaWriter = new SAMLMetadataWriter(writer);
+ metaWriter.writeEntityDescriptor(edt);
+ }
+ catch (ProcessingException e)
+ {
+ throw new RuntimeException( e );
+ }
+ return sw.toString();
+
+ /*StringBuilder builder = new StringBuilder();
+ List<RoleDescriptorType> rolesD = edt.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
+
for(RoleDescriptorType rdt: rolesD)
{
builder.append("ID=").append(rdt.getID());
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/FileBasedEntityMetadataProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/FileBasedEntityMetadataProvider.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/FileBasedEntityMetadataProvider.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -25,9 +25,9 @@
import java.security.PublicKey;
import java.util.Map;
-import javax.xml.bind.JAXBElement;
-
-import org.picketlink.identity.federation.core.interfaces.IMetadataProvider;
+import org.picketlink.identity.federation.core.interfaces.IMetadataProvider;
+import org.picketlink.identity.federation.core.parsers.saml.metadata.SAMLEntityDescriptorParser;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
/**
@@ -59,18 +59,17 @@
/**
* @see IMetadataProvider#getMetaData()
- */
- @SuppressWarnings("unchecked")
+ */
public EntityDescriptorType getMetaData()
- {
- EntityDescriptorType edt = null;
-
+ {
if(this.metadataFileStream == null)
throw new RuntimeException("Metadata file is not injected");
try
{
- new RuntimeException();/*
+ SAMLEntityDescriptorParser parser = new SAMLEntityDescriptorParser();
+ return (EntityDescriptorType) parser.parse( StaxParserUtil.getXMLEventReader(metadataFileStream));
+ /*
JAXBElement<EntityDescriptorType> j =
(JAXBElement<EntityDescriptorType>) MetaDataBuilderDelegate.getUnmarshaller().unmarshal(metadataFileStream);
edt = j.getValue();
@@ -79,8 +78,7 @@
catch(Exception e)
{
throw new RuntimeException(e);
- }
- return edt;
+ }
}
/**
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -91,9 +91,8 @@
private static ObjectFactory objectFactory = new ObjectFactory();
private static XMLSignatureFactory fac = getXMLSignatureFactory();
-
- @SuppressWarnings("restriction")
-private static XMLSignatureFactory getXMLSignatureFactory()
+
+ private static XMLSignatureFactory getXMLSignatureFactory()
{
XMLSignatureFactory xsf = null;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -25,7 +25,6 @@
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
-import javax.xml.bind.JAXBElement;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -32,7 +32,6 @@
import java.util.List;
import java.util.Map;
-import javax.xml.bind.JAXBElement;
import javax.xml.datatype.DatatypeConstants;
import javax.xml.namespace.QName;
import javax.xml.transform.Source;
@@ -96,7 +95,6 @@
import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
-import org.picketlink.identity.xmlsec.w3.xmlenc.EncryptedKeyType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -50,7 +50,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.CanonicalizationMethod;
@@ -83,12 +82,12 @@
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
-import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
-import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
@@ -106,7 +105,7 @@
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
-import org.picketlink.identity.federation.saml.v2.SAML2Object;
+import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.interfaces.IRoleValidator;
@@ -714,8 +713,7 @@
* @param serverEnvironment tomcat,jboss etc
* @return
* @throws AssertionExpiredException
- */
- @SuppressWarnings("unchecked")
+ */
public Principal handleSAMLResponse(HttpServletRequest request, ResponseType responseType)
throws ConfigurationException, AssertionExpiredException
{
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -21,10 +21,9 @@
*/
package org.picketlink.identity.federation.web.servlets.saml;
+import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull;
+
import java.io.IOException;
-import java.io.InputStream;
-import java.net.HttpURLConnection;
-import java.net.URL;
import java.util.HashMap;
import java.util.Map;
@@ -34,18 +33,12 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataBuilder;
import org.picketlink.identity.federation.core.saml.v2.metadata.store.FileBasedMetadataConfigurationStore;
-import org.picketlink.identity.federation.core.saml.v2.metadata.store.IMetadataConfigurationStore;
+import org.picketlink.identity.federation.core.saml.v2.metadata.store.IMetadataConfigurationStore;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
-
-import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull;
-
/**
* Circle of trust establishing servlet that accesses
* the metadata urls of the various sites and updates
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -37,6 +37,7 @@
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.stream.XMLStreamWriter;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder;
@@ -46,10 +47,13 @@
import org.picketlink.identity.federation.core.config.KeyValueType;
import org.picketlink.identity.federation.core.config.MetadataProviderType;
import org.picketlink.identity.federation.core.config.ProviderType;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.IMetadataProvider;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
@@ -179,7 +183,18 @@
{
resp.setContentType(JBossSAMLConstants.METADATA_MIME.get());
OutputStream os = resp.getOutputStream();
- throw new RuntimeException();/*
+
+ try
+ {
+ XMLStreamWriter streamWriter = StaxUtil.getXMLStreamWriter( os );
+ SAMLMetadataWriter writer = new SAMLMetadataWriter( streamWriter );
+ writer.writeEntityDescriptor(metadata);
+ }
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+ /*
JAXBElement<?> jaxbEl = MetaDataBuilder.getObjectFactory().createEntityDescriptor(metadata);
try
{
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2010-12-20 22:22:49 UTC (rev 613)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2010-12-20 22:35:31 UTC (rev 614)
@@ -70,7 +70,6 @@
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.w3c.dom.Document;
-import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
13 years, 11 months
Picketlink SVN: r613 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-20 17:22:49 -0500 (Mon, 20 Dec 2010)
New Revision: 613
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java
Log:
uncomment the exception throw
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java 2010-12-20 22:20:13 UTC (rev 612)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java 2010-12-20 22:22:49 UTC (rev 613)
@@ -460,7 +460,7 @@
}
catch (XMLStreamException e)
{
- //throw new ProcessingException(e);
+ throw new ProcessingException(e);
}
}
}
\ No newline at end of file
13 years, 11 months