December 2010 - picketlink-commits

Picketlink SVN: r591 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles and 1 other directory.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-09 15:13:04 -0500 (Thu, 09 Dec 2010) New Revision: 591 Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java Log: minor cosmetic Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-12-09 20:12:48 UTC (rev 590) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-12-09 20:13:04 UTC (rev 591) @@ -34,7 +34,6 @@ import javax.xml.bind.Unmarshaller; import javax.xml.parsers.ParserConfigurationException; -import org.picketlink.identity.federation.core.constants.PicketLinkFederationConstants; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; @@ -179,7 +178,7 @@ { if(is == null) throw new IllegalStateException("InputStream is null"); - String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION; + //String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION; //boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key, "false")); Document samlDocument = DocumentUtil.getDocument( is ); Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java 2010-12-09 20:12:48 UTC (rev 590) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java 2010-12-09 20:13:04 UTC (rev 591) @@ -72,5 +72,4 @@ } return roles; } - } \ No newline at end of file

14 years

1
0
0 / 0

Picketlink SVN: r590 - federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-09 15:12:48 -0500 (Thu, 09 Dec 2010) New Revision: 590 Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java Log: use junit4 Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java =================================================================== --- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2010-12-09 20:11:59 UTC (rev 589) +++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2010-12-09 20:12:48 UTC (rev 590) @@ -21,6 +21,10 @@ */ package org.picketlink.test.identity.federation.web.workflow.saml2; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.PrintWriter; @@ -34,13 +38,12 @@ import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionEvent; -import junit.framework.TestCase; - +import org.junit.Test; import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.util.Base64; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType; -import org.picketlink.identity.federation.saml.v2.SAML2Object; +import org.picketlink.identity.federation.saml.v2.SAML2Object; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.core.IdentityServer; import org.picketlink.identity.federation.web.filters.SPFilter; @@ -63,10 +66,10 @@ * @author Anil.Saldhana(a)redhat.com * @since Oct 7, 2009 */ -public class SAML2LogoutWorkflowUnitTestCase extends TestCase +public class SAML2LogoutWorkflowUnitTestCase { private String profile = "saml2/logout"; - private ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + private ClassLoader tcl; private String employee = "http://localhost:8080/employee/"; private String sales = "http://localhost:8080/sales/"; @@ -76,8 +79,11 @@ * @see {@code GeneralConstants#GLOBAL_LOGOUT} * @throws Exception */ + @Test public void testSPFilterLogOutRequestGeneration() throws Exception { + tcl = Thread.currentThread().getContextClassLoader(); + MockHttpSession session = new MockHttpSession(); session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal() { @@ -141,8 +147,10 @@ * f) employee app invalidates its session * @throws Exception */ + @Test public void testSAML2LogOutFromIDPServlet() throws Exception { + tcl = Thread.currentThread().getContextClassLoader(); MockHttpSession session = new MockHttpSession(); MockContextClassLoader mclIDP = setupTCL(profile + "/idp");

14 years

1
0
0 / 0

Picketlink SVN: r589 - federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-09 15:11:59 -0500 (Thu, 09 Dec 2010) New Revision: 589 Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java Log: check our classpath first Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java =================================================================== --- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java 2010-12-09 20:11:29 UTC (rev 588) +++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java 2010-12-09 20:11:59 UTC (rev 589) @@ -55,7 +55,10 @@ public InputStream getResourceAsStream(String name) { if(profile == null) - throw new RuntimeException("null profile"); - return delegate.getResourceAsStream(profile + "/" + name); + throw new RuntimeException("null profile"); + InputStream is = super.getResourceAsStream(name); + if( is == null ) + is = delegate.getResourceAsStream(profile + "/" + name); + return is; } } \ No newline at end of file

14 years

1
0
0 / 0

Picketlink SVN: r588 - federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-09 15:11:29 -0500 (Thu, 09 Dec 2010) New Revision: 588 Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java Log: change types Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2010-12-09 19:38:58 UTC (rev 587) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2010-12-09 20:11:29 UTC (rev 588) @@ -74,9 +74,9 @@ import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil; import org.picketlink.identity.federation.core.util.CoreConfigUtil; import org.picketlink.identity.federation.core.util.XMLSignatureUtil; -import org.picketlink.identity.federation.saml.v2.SAML2Object; -import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType; -import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType; +import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType; +import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType; +import org.picketlink.identity.federation.saml.v2.SAML2Object; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.core.HTTPContext; import org.picketlink.identity.federation.web.core.IdentityServer;

14 years

1
0
0 / 0

Picketlink SVN: r587 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-09 14:38:58 -0500 (Thu, 09 Dec 2010) New Revision: 587 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java Log: dest can be null Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-09 19:38:42 UTC (rev 586) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-09 19:38:58 UTC (rev 587) @@ -55,7 +55,7 @@ */ public static AuthnRequestType createAuthnRequestType(String id, String assertionConsumerURL, String destination, String issuerValue) throws ConfigurationException - { + { XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant(); AuthnRequestType authnRequest = new AuthnRequestType(); @@ -63,7 +63,10 @@ authnRequest.setVersion(JBossSAMLConstants.VERSION_2_0.get()); authnRequest.setAssertionConsumerServiceURL( NetworkUtil.createURI( assertionConsumerURL )); authnRequest.setProtocolBinding( NetworkUtil.createURI( JBossSAMLConstants.HTTP_POST_BINDING.get() )); - authnRequest.setDestination( NetworkUtil.createURI( destination )); + if( destination != null ) + { + authnRequest.setDestination( NetworkUtil.createURI( destination )); + } authnRequest.setIssueInstant(issueInstant); //Create an issuer

14 years

1
0
0 / 0

Picketlink SVN: r586 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-09 14:38:42 -0500 (Thu, 09 Dec 2010) New Revision: 586 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/NetworkUtil.java Log: add value check Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/NetworkUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/NetworkUtil.java 2010-12-04 01:55:23 UTC (rev 585) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/NetworkUtil.java 2010-12-09 19:38:42 UTC (rev 586) @@ -38,6 +38,9 @@ */ public static URI createURI( String value ) { + if( value == null ) + throw new IllegalArgumentException( "value is null" ); + try { return new URI( value );

14 years

1
0
0 / 0

Picketlink SVN: r585 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers and 3 other directories.

by picketlink-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2010-12-03 20:55:23 -0500 (Fri, 03 Dec 2010) New Revision: 585 Added: federation/trunk/picketlink-xmlsec-model/src/main/java/org/picketlink/identity/xmlsec/w3/xmldsig/X509CertificateType.java Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java Log: Fixed PicketLink STS related test cases Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2010-12-01 15:44:48 UTC (rev 584) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2010-12-04 01:55:23 UTC (rev 585) @@ -131,6 +131,11 @@ subStatusCodeType.setValue( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( subValueAttr ))); } statusCode.setStatusCode( subStatusCodeType ); + + // Go to Status code end element. + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate(endElement, JBossSAMLConstants.STATUS_CODE.get()); + continue; } else break; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-12-01 15:44:48 UTC (rev 584) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-12-04 01:55:23 UTC (rev 585) @@ -1,27 +1,22 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. */ package org.picketlink.identity.federation.core.parsers.saml; -import javax.xml.bind.JAXBElement; import javax.xml.namespace.QName; import javax.xml.stream.XMLEventReader; import javax.xml.stream.events.Attribute; @@ -43,204 +38,286 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType; +import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; /** * Parse the saml subject + * * @author Anil.Saldhana(a)redhat.com * @since Oct 12, 2010 */ public class SAMLSubjectParser implements ParserNamespaceSupport -{ +{ /** * @see {@link ParserNamespaceSupport#parse(XMLEventReader)} */ public Object parse(XMLEventReader xmlEventReader) throws ParsingException - { - StaxParserUtil.getNextEvent(xmlEventReader); + { + StaxParserUtil.getNextEvent(xmlEventReader); - SubjectType subject = new SubjectType(); + SubjectType subject = new SubjectType(); - //Peek at the next event - while( xmlEventReader.hasNext() ) - { + // Peek at the next event + while (xmlEventReader.hasNext()) + { XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); - if( xmlEvent instanceof EndElement ) + if (xmlEvent instanceof EndElement) { - EndElement endElement = (EndElement) xmlEvent; - if( StaxParserUtil.matches(endElement , JBossSAMLConstants.SUBJECT.get() )) + EndElement endElement = (EndElement) xmlEvent; + if (StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT.get())) { endElement = StaxParserUtil.getNextEndElement(xmlEventReader); - break; - } + break; + } else - throw new RuntimeException( "Unknown End Element:" + StaxParserUtil.getEndElementName( endElement ) ); + throw new RuntimeException("Unknown End Element:" + StaxParserUtil.getEndElementName(endElement)); } - StartElement peekedElement = StaxParserUtil.peekNextStartElement( xmlEventReader ); - if( peekedElement == null ) - break; + StartElement peekedElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + if (peekedElement == null) + break; - String tag = StaxParserUtil.getStartElementName( peekedElement ); + String tag = StaxParserUtil.getStartElementName(peekedElement); - if( JBossSAMLConstants.NAMEID.get().equalsIgnoreCase( tag ) ) + if (JBossSAMLConstants.NAMEID.get().equalsIgnoreCase(tag)) { NameIDType nameID = SAMLParserUtil.parseNameIDType(xmlEventReader); STSubType subType = new STSubType(); subType.addBaseID(nameID); - subject.setSubType( subType ); - } - else if( JBossSAMLConstants.SUBJECT_CONFIRMATION.get().equalsIgnoreCase( tag ) ) + subject.setSubType(subType); + } + else if (JBossSAMLConstants.SUBJECT_CONFIRMATION.get().equalsIgnoreCase(tag)) { - StartElement subjectConfirmationElement = StaxParserUtil.getNextStartElement( xmlEventReader ); - Attribute method = subjectConfirmationElement.getAttributeByName( new QName( JBossSAMLConstants.METHOD.get() )); + StartElement subjectConfirmationElement = StaxParserUtil.getNextStartElement(xmlEventReader); + Attribute method = subjectConfirmationElement + .getAttributeByName(new QName(JBossSAMLConstants.METHOD.get())); - SubjectConfirmationType subjectConfirmationType = new SubjectConfirmationType(); + SubjectConfirmationType subjectConfirmationType = new SubjectConfirmationType(); - if( method != null ) + if (method != null) { - subjectConfirmationType.setMethod( StaxParserUtil.getAttributeValue( method ) ); - } - - //There may be additional things under subject confirmation + subjectConfirmationType.setMethod(StaxParserUtil.getAttributeValue(method)); + } + + // There may be additional things under subject confirmation xmlEvent = StaxParserUtil.peek(xmlEventReader); - if( xmlEvent instanceof StartElement ) + if (xmlEvent instanceof StartElement) { StartElement startElement = (StartElement) xmlEvent; String startTag = StaxParserUtil.getStartElementName(startElement); - - if( startTag.equals( JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get() )) + + if (startTag.equals(JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get())) { SubjectConfirmationDataType subjectConfirmationData = parseSubjectConfirmationData(xmlEventReader); - subjectConfirmationType.setSubjectConfirmationData( subjectConfirmationData ); + subjectConfirmationType.setSubjectConfirmationData(subjectConfirmationData); } } subject.addConfirmation(subjectConfirmationType); - //Get the end tag + // Get the end tag EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader); - StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION.get() ); - } - else throw new RuntimeException( "Unknown tag:" + tag ); - } + StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION.get()); + } + else + throw new RuntimeException("Unknown tag:" + tag); + } return subject; } /** * @see {@link ParserNamespaceSupport#supports(QName)} */ - public boolean supports( QName qname ) - { + public boolean supports(QName qname) + { String nsURI = qname.getNamespaceURI(); String localPart = qname.getLocalPart(); - - return nsURI.equals( JBossSAMLURIConstants.ASSERTION_NSURI.get() ) - && localPart.equals( JBossSAMLConstants.SUBJECT.get() ); + + return nsURI.equals(JBossSAMLURIConstants.ASSERTION_NSURI.get()) + && localPart.equals(JBossSAMLConstants.SUBJECT.get()); } - - private SubjectConfirmationDataType parseSubjectConfirmationData( XMLEventReader xmlEventReader ) throws ParsingException + + private SubjectConfirmationDataType parseSubjectConfirmationData(XMLEventReader xmlEventReader) + throws ParsingException { StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - StaxParserUtil.validate(startElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get() ); - + StaxParserUtil.validate(startElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()); + SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType(); - - Attribute inResponseTo = startElement.getAttributeByName( new QName( JBossSAMLConstants.IN_RESPONSE_TO.get() )); - if( inResponseTo != null ) + + Attribute inResponseTo = startElement.getAttributeByName(new QName(JBossSAMLConstants.IN_RESPONSE_TO.get())); + if (inResponseTo != null) { - subjectConfirmationData.setInResponseTo( StaxParserUtil.getAttributeValue( inResponseTo )); - } - - Attribute notBefore = startElement.getAttributeByName( new QName( JBossSAMLConstants.NOT_BEFORE.get() )); - if( notBefore != null ) + subjectConfirmationData.setInResponseTo(StaxParserUtil.getAttributeValue(inResponseTo)); + } + + Attribute notBefore = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_BEFORE.get())); + if (notBefore != null) { - subjectConfirmationData.setNotBefore( XMLTimeUtil.parse( StaxParserUtil.getAttributeValue( notBefore ))); + subjectConfirmationData.setNotBefore(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notBefore))); } - - Attribute notOnOrAfter = startElement.getAttributeByName( new QName( JBossSAMLConstants.NOT_ON_OR_AFTER.get() )); - if( notOnOrAfter != null ) + + Attribute notOnOrAfter = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_ON_OR_AFTER.get())); + if (notOnOrAfter != null) { - subjectConfirmationData.setNotOnOrAfter( XMLTimeUtil.parse( StaxParserUtil.getAttributeValue( notOnOrAfter ))); + subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notOnOrAfter))); } - - Attribute recipient = startElement.getAttributeByName( new QName( JBossSAMLConstants.RECIPIENT.get() )); - if( recipient != null ) + + Attribute recipient = startElement.getAttributeByName(new QName(JBossSAMLConstants.RECIPIENT.get())); + if (recipient != null) { - subjectConfirmationData.setRecipient( StaxParserUtil.getAttributeValue( recipient )); + subjectConfirmationData.setRecipient(StaxParserUtil.getAttributeValue(recipient)); } - - Attribute address = startElement.getAttributeByName( new QName( JBossSAMLConstants.ADDRESS.get() )); - if( address != null ) + + Attribute address = startElement.getAttributeByName(new QName(JBossSAMLConstants.ADDRESS.get())); + if (address != null) { - subjectConfirmationData.setAddress( StaxParserUtil.getAttributeValue( address )); + subjectConfirmationData.setAddress(StaxParserUtil.getAttributeValue(address)); } - + XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); - if( ! ( xmlEvent instanceof EndElement )) + if (!(xmlEvent instanceof EndElement)) { startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); String tag = StaxParserUtil.getStartElementName(startElement); - if( tag.equals( WSTrustConstants.XMLDSig.KEYINFO )) + if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO)) { - KeyInfoType keyInfo = parseKeyInfo(xmlEventReader); + KeyInfoType keyInfo = parseKeyInfo(xmlEventReader); subjectConfirmationData.setAnyType(keyInfo); - } - else if( tag.equals( WSTrustConstants.XMLEnc.ENCRYPTED_KEY )) + } + else if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY)) { - subjectConfirmationData.setAnyType( StaxParserUtil.getDOMElement(xmlEventReader)); + subjectConfirmationData.setAnyType(StaxParserUtil.getDOMElement(xmlEventReader)); } else - throw new RuntimeException( "Handle:" + tag ); + throw new RuntimeException("Handle:" + tag); } - //Get the end tag + // Get the end tag EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader); - StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get() ); + StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()); return subjectConfirmationData; } - - private KeyInfoType parseKeyInfo( XMLEventReader xmlEventReader ) throws ParsingException + + private KeyInfoType parseKeyInfo(XMLEventReader xmlEventReader) throws ParsingException { KeyInfoType keyInfo = new KeyInfoType(); StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.KEYINFO ); - + StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.KEYINFO); + XMLEvent xmlEvent = null; String tag = null; - - while( xmlEventReader.hasNext() ) + + while (xmlEventReader.hasNext()) { xmlEvent = StaxParserUtil.peek(xmlEventReader); - if( xmlEvent instanceof EndElement ) + if (xmlEvent instanceof EndElement) { - tag = StaxParserUtil.getEndElementName( (EndElement) xmlEvent ); - if( tag.equals( WSTrustConstants.XMLDSig.KEYINFO )) + tag = StaxParserUtil.getEndElementName((EndElement) xmlEvent); + if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO)) { xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); break; } else - throw new RuntimeException( "unknown end element:" + tag ); + throw new RuntimeException("unknown end element:" + tag); } startElement = (StartElement) xmlEvent; tag = StaxParserUtil.getStartElementName(startElement); - if( tag.equals( WSTrustConstants.XMLDSig.X509DATA )) + if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY)) { + keyInfo.getContent().add(StaxParserUtil.getDOMElement(xmlEventReader)); + } + else if (tag.equals(WSTrustConstants.XMLDSig.X509DATA)) + { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); X509DataType x509 = new X509DataType(); - //Let us go for the X509 certificate + + // Let us go for the X509 certificate startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.X509CERT ); + StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.X509CERT); + X509CertificateType cert = new X509CertificateType(); String certValue = StaxParserUtil.getElementText(xmlEventReader); - QName qname = new QName( WSTrustConstants.DSIG_NS, WSTrustConstants.XMLDSig.X509CERT, WSTrustConstants.XMLDSig.DSIG_PREFIX ); - JAXBElement<?> cert = new JAXBElement<byte[]>( qname, byte[].class, certValue.getBytes() ); - x509.getX509IssuerSerialOrX509SKIOrX509SubjectName().add( cert ); + cert.setEncodedCertificate(certValue.getBytes()); + x509.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(cert); + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); - StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.X509DATA ); + StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.X509DATA); + keyInfo.getContent().add(x509); } - } + else if (tag.equals(WSTrustConstants.XMLDSig.KEYVALUE)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + KeyValueType keyValue = new KeyValueType(); + + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + tag = StaxParserUtil.getStartElementName(startElement); + if (tag.equals(WSTrustConstants.XMLDSig.RSA_KEYVALUE)) + { + keyValue.getContent().add(this.parseRSAKeyValue(xmlEventReader)); + } + else if (tag.equals(WSTrustConstants.XMLDSig.DSA_KEYVALUE)) + { + // TODO: parse the DSA key contents. + } + else + throw new ParsingException("Unknown element: " + tag); + + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.KEYVALUE); + + keyInfo.getContent().add(keyValue); + } + } return keyInfo; - } + } + + private RSAKeyValueType parseRSAKeyValue(XMLEventReader xmlEventReader) throws ParsingException + { + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.RSA_KEYVALUE); + + XMLEvent xmlEvent = null; + String tag = null; + + RSAKeyValueType rsaKeyValue = new RSAKeyValueType(); + + while (xmlEventReader.hasNext()) + { + xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (xmlEvent instanceof EndElement) + { + tag = StaxParserUtil.getEndElementName((EndElement) xmlEvent); + if (tag.equals(WSTrustConstants.XMLDSig.RSA_KEYVALUE)) + { + xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); + break; + } + else + throw new RuntimeException("unknown end element:" + tag); + } + + startElement = (StartElement) xmlEvent; + tag = StaxParserUtil.getStartElementName(startElement); + if (tag.equals(WSTrustConstants.XMLDSig.MODULUS)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + String text = StaxParserUtil.getElementText(xmlEventReader); + rsaKeyValue.setModulus(text.getBytes()); + } + else if (tag.equals(WSTrustConstants.XMLDSig.EXPONENT)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + String text = StaxParserUtil.getElementText(xmlEventReader); + rsaKeyValue.setExponent(text.getBytes()); + } + else + throw new ParsingException("Unknown element: " + tag); + } + return rsaKeyValue; + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-01 15:44:48 UTC (rev 584) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-04 01:55:23 UTC (rev 585) @@ -1,23 +1,19 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. */ package org.picketlink.identity.federation.core.saml.v2.writers; @@ -39,6 +35,7 @@ import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AdviceType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType; @@ -64,10 +61,13 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.URIType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; import org.w3c.dom.Element; /** * Write the SAML Assertion to stream + * * @author Anil.Saldhana(a)redhat.com * @since Nov 2, 2010 */ @@ -77,416 +77,457 @@ { super(writer); } - + /** * Write an {@code AssertionType} to stream + * * @param assertion * @param out * @throws ProcessingException */ - public void write( AssertionType assertion ) throws ProcessingException + public void write(AssertionType assertion) throws ProcessingException { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get() , ASSERTION_NSURI.get() ); - StaxUtil.writeNameSpace( writer, ASSERTION_PREFIX, ASSERTION_NSURI.get() ); - StaxUtil.writeDefaultNameSpace( writer, ASSERTION_NSURI.get() ); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get()); + StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get()); + StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get()); - //Attributes - StaxUtil.writeAttribute( writer, JBossSAMLConstants.ID.get(), assertion.getID() ); - StaxUtil.writeAttribute( writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion() ); - StaxUtil.writeAttribute( writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString() ); + // Attributes + StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID()); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion()); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString()); NameIDType issuer = assertion.getIssuer(); - if( issuer != null ) - write( issuer, new QName( ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get() ) ); - + if (issuer != null) + write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get())); + SubjectType subject = assertion.getSubject(); - if( subject != null ) + if (subject != null) { write(subject); } - + ConditionsType conditions = assertion.getConditions(); - if( conditions != null ) + if (conditions != null) { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get() , ASSERTION_NSURI.get() ); - - StaxUtil.writeAttribute( writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString() ); - StaxUtil.writeAttribute( writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString() ); - + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI + .get()); + + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString()); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter() + .toString()); + List<ConditionAbstractType> typeOfConditions = conditions.getConditions(); - if( typeOfConditions != null ) + if (typeOfConditions != null) { - for( ConditionAbstractType typeCondition: typeOfConditions ) + for (ConditionAbstractType typeCondition : typeOfConditions) { - if( typeCondition instanceof AudienceRestrictionType ) + if (typeCondition instanceof AudienceRestrictionType) { AudienceRestrictionType art = (AudienceRestrictionType) typeCondition; - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get() , ASSERTION_NSURI.get() ); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), + ASSERTION_NSURI.get()); List<URI> audiences = art.getAudience(); - if( audiences != null ) + if (audiences != null) { - for( URI audience: audiences ) + for (URI audience : audiences) { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get() , ASSERTION_NSURI.get() ); - StaxUtil.writeCharacters(writer, audience.toString() ); - StaxUtil.writeEndElement( writer); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), + ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, audience.toString()); + StaxUtil.writeEndElement(writer); } } - StaxUtil.writeEndElement( writer); + StaxUtil.writeEndElement(writer); } } } - StaxUtil.writeEndElement( writer); + StaxUtil.writeEndElement(writer); } - + AdviceType advice = assertion.getAdvice(); - if( advice != null ) - throw new RuntimeException( "Advice needs to be handled" ); - + if (advice != null) + throw new RuntimeException("Advice needs to be handled"); + Set<StatementAbstractType> statements = assertion.getStatements(); - if( statements != null ) + if (statements != null) { - for( StatementAbstractType statement: statements ) + for (StatementAbstractType statement : statements) { - if( statement instanceof AuthnStatementType ) + if (statement instanceof AuthnStatementType) { - write( ( AuthnStatementType )statement ); + write((AuthnStatementType) statement); } - else if( statement instanceof AttributeStatementType ) + else if (statement instanceof AttributeStatementType) { - write( ( AttributeStatementType )statement ); + write((AttributeStatementType) statement); } - else - throw new RuntimeException( "unknown statement type=" + statement.getClass().getName() ); + else + throw new RuntimeException("unknown statement type=" + statement.getClass().getName()); } } - - StaxUtil.writeEndElement( writer); - StaxUtil.flush( writer ); - } - + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + /** * Write an {@code StatementAbstractType} to stream + * * @param statement * @param out * @throws ProcessingException */ - public void write( StatementAbstractType statement ) throws ProcessingException + public void write(StatementAbstractType statement) throws ProcessingException { - //TODO: handle this section - throw new RuntimeException( "NYI" ); + // TODO: handle this section + throw new RuntimeException("NYI"); } - - public void write( AttributeStatementType statement ) throws ProcessingException + + public void write(AttributeStatementType statement) throws ProcessingException { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get() , ASSERTION_NSURI.get() ); - + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(), + ASSERTION_NSURI.get()); + List<ASTChoiceType> attributes = statement.getAttributes(); - if( attributes != null ) + if (attributes != null) { - for( ASTChoiceType attr : attributes ) + for (ASTChoiceType attr : attributes) { AttributeType attributeType = attr.getAttribute(); - if( attributeType != null ) + if (attributeType != null) { - write( attributeType ); + write(attributeType); } EncryptedElementType encType = attr.getEncryptedAssertion(); - if( encType != null ) - throw new RuntimeException( "unable to write as it is NYI" ); + if (encType != null) + throw new RuntimeException("unable to write as it is NYI"); } - } + } - StaxUtil.writeEndElement( writer); - StaxUtil.flush( writer ); + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); } - - + /** * Write an {@code AuthnStatementType} to stream + * * @param authnStatement * @param out * @throws ProcessingException */ - public void write( AuthnStatementType authnStatement ) throws ProcessingException + public void write(AuthnStatementType authnStatement) throws ProcessingException { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get() , ASSERTION_NSURI.get() ); - + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get(), ASSERTION_NSURI + .get()); + XMLGregorianCalendar authnInstant = authnStatement.getAuthnInstant(); - if( authnInstant != null ) - { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.AUTHN_INSTANT.get(), authnInstant.toString() ); + if (authnInstant != null) + { + StaxUtil.writeAttribute(writer, JBossSAMLConstants.AUTHN_INSTANT.get(), authnInstant.toString()); } - + AuthnContextType authnContext = authnStatement.getAuthnContext(); - if( authnContext != null ) - write( authnContext ); + if (authnContext != null) + write(authnContext); - StaxUtil.writeEndElement( writer); - StaxUtil.flush( writer ); + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); } - + /** * Write an {@code AuthnContextType} to stream + * * @param authContext * @param out * @throws ProcessingException */ - public void write( AuthnContextType authContext ) throws ProcessingException + public void write(AuthnContextType authContext) throws ProcessingException { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT.get() , ASSERTION_NSURI.get() ); - + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT.get(), ASSERTION_NSURI + .get()); + AuthnContextTypeSequence sequence = authContext.getSequence(); - if( sequence != null ) + if (sequence != null) { AuthnContextClassRefType authnContextClassRefType = sequence.getClassRef(); - if( authnContextClassRefType != null ) + if (authnContextClassRefType != null) { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_CLASS_REF.get() , - ASSERTION_NSURI.get() ); - StaxUtil.writeCharacters( writer, authnContextClassRefType.getValue().toASCIIString() ); - StaxUtil.writeEndElement( writer); - } - + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_CLASS_REF.get(), + ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, authnContextClassRefType.getValue().toASCIIString()); + StaxUtil.writeEndElement(writer); + } + Set<URIType> uriTypes = sequence.getURIType(); - if( uriTypes != null ) + if (uriTypes != null) { - for( URIType uriType: uriTypes ) + for (URIType uriType : uriTypes) { - if( uriType instanceof AuthnContextDeclType ) + if (uriType instanceof AuthnContextDeclType) { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION.get() , - ASSERTION_NSURI.get() ); - StaxUtil.writeCharacters( writer, uriType.getValue().toASCIIString() ); - StaxUtil.writeEndElement( writer); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION + .get(), ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, uriType.getValue().toASCIIString()); + StaxUtil.writeEndElement(writer); } - if( uriType instanceof AuthnContextDeclRefType ) + if (uriType instanceof AuthnContextDeclRefType) { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION_REF.get() , - ASSERTION_NSURI.get() ); - StaxUtil.writeCharacters( writer, uriType.getValue().toASCIIString() ); - StaxUtil.writeEndElement( writer); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION_REF + .get(), ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, uriType.getValue().toASCIIString()); + StaxUtil.writeEndElement(writer); } } - } + } } - + Set<URI> authAuthorities = authContext.getAuthenticatingAuthority(); - if( authAuthorities != null ) + if (authAuthorities != null) { - for( URI aa: authAuthorities ) + for (URI aa : authAuthorities) { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHENTICATING_AUTHORITY.get() , - ASSERTION_NSURI.get() ); - StaxUtil.writeCharacters( writer, aa.toASCIIString() ); - StaxUtil.writeEndElement( writer); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHENTICATING_AUTHORITY.get(), + ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, aa.toASCIIString()); + StaxUtil.writeEndElement(writer); } - } + } - StaxUtil.writeEndElement( writer); - StaxUtil.flush( writer ); + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); } - + /** * Write an {@code AttributeType} to stream + * * @param attributeType * @param out * @throws ProcessingException */ - public void write( AttributeType attributeType ) throws ProcessingException + public void write(AttributeType attributeType) throws ProcessingException { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE.get() , ASSERTION_NSURI.get() ); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE.get(), ASSERTION_NSURI.get()); String attributeName = attributeType.getName(); - if( attributeName != null ) + if (attributeName != null) { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.NAME.get(), attributeName ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME.get(), attributeName); } - + String friendlyName = attributeType.getFriendlyName(); - if( StringUtil.isNotNull( friendlyName )) + if (StringUtil.isNotNull(friendlyName)) { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.FRIENDLY_NAME.get(), friendlyName ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.FRIENDLY_NAME.get(), friendlyName); } - + String nameFormat = attributeType.getNameFormat(); - if( StringUtil.isNotNull( nameFormat )) + if (StringUtil.isNotNull(nameFormat)) { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.NAME_FORMAT.get(), nameFormat ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME_FORMAT.get(), nameFormat); } - - //Take care of other attributes such as x500:encoding + + // Take care of other attributes such as x500:encoding Map<QName, String> otherAttribs = attributeType.getOtherAttributes(); - if( otherAttribs != null ) + if (otherAttribs != null) { List<String> nameSpacesDealt = new ArrayList<String>(); - + Iterator<QName> keySet = otherAttribs.keySet().iterator(); - while( keySet != null && keySet.hasNext() ) + while (keySet != null && keySet.hasNext()) { QName qname = keySet.next(); String ns = qname.getNamespaceURI(); - if( !nameSpacesDealt.contains( ns )) + if (!nameSpacesDealt.contains(ns)) { - StaxUtil.writeNameSpace(writer, qname.getPrefix(), ns ); - nameSpacesDealt.add( ns ); - } - String attribValue = otherAttribs.get( qname ); - StaxUtil.writeAttribute(writer, qname, attribValue ); + StaxUtil.writeNameSpace(writer, qname.getPrefix(), ns); + nameSpacesDealt.add(ns); + } + String attribValue = otherAttribs.get(qname); + StaxUtil.writeAttribute(writer, qname, attribValue); } } - + List<Object> attributeValues = attributeType.getAttributeValue(); - if( attributeValues != null ) + if (attributeValues != null) { - for( Object attributeValue : attributeValues ) + for (Object attributeValue : attributeValues) { - if( attributeValue instanceof String ) - { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get() , ASSERTION_NSURI.get() ); + if (attributeValue instanceof String) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), + ASSERTION_NSURI.get()); - StaxUtil.writeNameSpace( writer, "xsi", JBossSAMLURIConstants.XSI_NSURI.get() ); - StaxUtil.writeNameSpace( writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get() ); - StaxUtil.writeAttribute( writer, JBossSAMLURIConstants.XSI_NSURI.get(), "type", "xs:string"); - StaxUtil.writeCharacters(writer, (String) attributeValue ); + StaxUtil.writeNameSpace(writer, "xsi", JBossSAMLURIConstants.XSI_NSURI.get()); + StaxUtil.writeNameSpace(writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get()); + StaxUtil.writeAttribute(writer, JBossSAMLURIConstants.XSI_NSURI.get(), "type", "xs:string"); + StaxUtil.writeCharacters(writer, (String) attributeValue); - StaxUtil.writeEndElement( writer); + StaxUtil.writeEndElement(writer); } - else - throw new RuntimeException( "Unsupported attribute value:" + attributeValue.getClass().getName() ); + else + throw new RuntimeException("Unsupported attribute value:" + attributeValue.getClass().getName()); } } - StaxUtil.writeEndElement( writer); - StaxUtil.flush( writer ); + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); } - + /** * write an {@code SubjectType} to stream + * * @param subject * @param out * @throws ProcessingException */ - public void write( SubjectType subject ) throws ProcessingException + public void write(SubjectType subject) throws ProcessingException { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get() , ASSERTION_NSURI.get() ); - + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get(), ASSERTION_NSURI.get()); + STSubType subType = subject.getSubType(); - if( subType != null ) + if (subType != null) { BaseIDAbstractType baseID = subType.getBaseID(); - if( baseID instanceof NameIDType ) + if (baseID instanceof NameIDType) { NameIDType nameIDType = (NameIDType) baseID; - write( nameIDType, new QName( ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX) ); + write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX)); } EncryptedElementType enc = subType.getEncryptedID(); - if( enc != null ) - throw new RuntimeException( "NYI" ); + if (enc != null) + throw new RuntimeException("NYI"); List<SubjectConfirmationType> confirmations = subType.getConfirmation(); - if( confirmations != null ) + if (confirmations != null) { - for( SubjectConfirmationType confirmation: confirmations ) + for (SubjectConfirmationType confirmation : confirmations) { - write( confirmation ); + write(confirmation); } } } List<SubjectConfirmationType> subjectConfirmations = subject.getConfirmation(); - if( subjectConfirmations != null ) + if (subjectConfirmations != null) { - for( SubjectConfirmationType subjectConfirmationType : subjectConfirmations ) + for (SubjectConfirmationType subjectConfirmationType : subjectConfirmations) { - write( subjectConfirmationType ); + write(subjectConfirmationType); } } - - StaxUtil.writeEndElement( writer); - StaxUtil.flush( writer ); + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); } - - private void write( BaseIDAbstractType baseId ) throws ProcessingException + + private void write(BaseIDAbstractType baseId) throws ProcessingException { - throw new RuntimeException( "NYI"); + throw new RuntimeException("NYI"); } - - private void write( SubjectConfirmationType subjectConfirmationType ) throws ProcessingException + + private void write(SubjectConfirmationType subjectConfirmationType) throws ProcessingException { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(), ASSERTION_NSURI.get() ); - - StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(), subjectConfirmationType.getMethod() ); - + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(), + ASSERTION_NSURI.get()); + + StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(), subjectConfirmationType.getMethod()); + BaseIDAbstractType baseID = subjectConfirmationType.getBaseID(); - if( baseID != null ) + if (baseID != null) { - write( baseID ); + write(baseID); } NameIDType nameIDType = subjectConfirmationType.getNameID(); - if( nameIDType != null ) + if (nameIDType != null) { - write( nameIDType, new QName( ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX) ); + write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX)); } SubjectConfirmationDataType subjectConfirmationData = subjectConfirmationType.getSubjectConfirmationData(); - if( subjectConfirmationData != null ) + if (subjectConfirmationData != null) { - write( subjectConfirmationData ); - } - StaxUtil.writeEndElement( writer); + write(subjectConfirmationData); + } + StaxUtil.writeEndElement(writer); } - - private void write( SubjectConfirmationDataType subjectConfirmationData ) throws ProcessingException + + private void write(SubjectConfirmationDataType subjectConfirmationData) throws ProcessingException { - StaxUtil.writeStartElement( writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get(), ASSERTION_NSURI.get() ); - - //Let us look at attributes + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get(), + ASSERTION_NSURI.get()); + + // Let us look at attributes String inResponseTo = subjectConfirmationData.getInResponseTo(); - if( StringUtil.isNotNull( inResponseTo )) + if (StringUtil.isNotNull(inResponseTo)) { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.IN_RESPONSE_TO.get(), inResponseTo ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.IN_RESPONSE_TO.get(), inResponseTo); } - + XMLGregorianCalendar notBefore = subjectConfirmationData.getNotBefore(); - if( notBefore != null ) + if (notBefore != null) { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(),notBefore.toString() ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), notBefore.toString()); } - + XMLGregorianCalendar notOnOrAfter = subjectConfirmationData.getNotOnOrAfter(); - if( notOnOrAfter != null ) + if (notOnOrAfter != null) { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(),notOnOrAfter.toString() ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), notOnOrAfter.toString()); } - + String recipient = subjectConfirmationData.getRecipient(); - if( StringUtil.isNotNull( recipient )) + if (StringUtil.isNotNull(recipient)) { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.RECIPIENT.get(), recipient ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.RECIPIENT.get(), recipient); } - + String address = subjectConfirmationData.getAddress(); - if( StringUtil.isNotNull( address )) + if (StringUtil.isNotNull(address)) { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address); } - - Object anyType = subjectConfirmationData.getAnyType(); - if( anyType instanceof KeyInfoConfirmationDataType ) + + if (subjectConfirmationData instanceof KeyInfoConfirmationDataType) { - KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType) anyType; - Element keyInfoElement = kicd.getKeyInfo(); - StaxUtil.writeDOMNode(writer, keyInfoElement); + KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType) subjectConfirmationData; + KeyInfoType keyInfo = (KeyInfoType) kicd.getAnyType(); + if (keyInfo.getContent() == null || keyInfo.getContent().size() == 0) + throw new ProcessingException("Invalid KeyInfo object: content cannot be empty"); + StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, + WSTrustConstants.XMLDSig.KEYINFO, WSTrustConstants.XMLDSig.DSIG_NS); + StaxUtil.writeNameSpace(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, WSTrustConstants.XMLDSig.DSIG_NS); + // write the keyInfo content. + Object content = keyInfo.getContent().get(0); + if (content instanceof Element) + { + Element element = (Element) keyInfo.getContent().get(0); + StaxUtil.writeDOMNode(this.writer, element); + } + else if (content instanceof X509DataType) + { + X509DataType type = (X509DataType) content; + if (type.getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 0) + throw new ProcessingException("X509Data cannot be empy"); + StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, + WSTrustConstants.XMLDSig.X509DATA, WSTrustConstants.XMLDSig.DSIG_NS); + Object obj = type.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0); + if (obj instanceof Element) + { + Element element = (Element) obj; + StaxUtil.writeDOMElement(this.writer, element); + } + else if (obj instanceof X509CertificateType) + { + X509CertificateType cert = (X509CertificateType) obj; + StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, + WSTrustConstants.XMLDSig.X509CERT, WSTrustConstants.XMLDSig.DSIG_NS); + StaxUtil.writeCharacters(this.writer, new String(cert.getEncodedCertificate())); + StaxUtil.writeEndElement(this.writer); + } + StaxUtil.writeEndElement(this.writer); + } + StaxUtil.writeEndElement(this.writer); } - else if( anyType instanceof KeyInfoType ) - { - KeyInfoType keyInfo = (KeyInfoType) anyType; - Element el = (Element) keyInfo.getContent().get(0); - StaxUtil.writeDOMNode(writer, el); - } - else throw new RuntimeException( "Need to handle:" + anyType ); - StaxUtil.writeEndElement( writer); - StaxUtil.flush( writer ); + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-01 15:44:48 UTC (rev 584) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-04 01:55:23 UTC (rev 585) @@ -233,17 +233,15 @@ { UseKeyType useKeyType = request.getUseKey(); Object value = useKeyType.getAny(); - if (value instanceof JAXBElement<?> || value instanceof Element) + if (value instanceof Element) { - String elementName = (value instanceof Element) - ? ((Element) value).getLocalName() - : ((JAXBElement<?>) value).getName().getLocalPart(); + String elementName = ((Element) value).getLocalName(); // if the specified key is a X509 certificate we must insert it into a X509Data element. if (elementName.equals("X509Certificate")) { X509DataType data = new X509DataType(); data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(value); - value = new org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory().createX509Data(data); + value = data; } KeyInfoType keyInfo = new KeyInfoType(); keyInfo.getContent().add(value); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-12-01 15:44:48 UTC (rev 584) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-12-04 01:55:23 UTC (rev 585) @@ -124,6 +124,7 @@ String MODULUS = "Modulus"; String DSIG_PREFIX = "ds"; String RSA_KEYVALUE = "RSAKeyValue"; + String DSA_KEYVALUE = "DSAKeyValue"; String X509DATA = "X509Data"; String X509CERT = "X509Certificate"; } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java 2010-12-01 15:44:48 UTC (rev 584) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java 2010-12-04 01:55:23 UTC (rev 585) @@ -66,6 +66,7 @@ import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType; import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -445,14 +446,14 @@ byte[] encodedCert = certificate.getEncoded(); // first create a X509DataType that contains the encoded certificate. - org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory factory = new org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory(); - X509DataType dataType = factory.createX509DataType(); - dataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add( - factory.createX509DataTypeX509Certificate(encodedCert)); - + X509DataType x509 = new X509DataType(); + X509CertificateType cert = new X509CertificateType(); + cert.setEncodedCertificate(Base64.encodeBytes(encodedCert).getBytes()); + x509.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(cert); + // set the X509DataType in the KeyInfoType. keyInfo = new KeyInfoType(); - keyInfo.getContent().add(factory.createX509Data(dataType)); + keyInfo.getContent().add(x509); } catch (Exception e) { Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-01 15:44:48 UTC (rev 584) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-04 01:55:23 UTC (rev 585) @@ -94,6 +94,7 @@ import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType; import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; import org.picketlink.identity.xmlsec.w3.xmlenc.EncryptedKeyType; import org.w3c.dom.Document; @@ -305,9 +306,8 @@ // invoke the token service. Source responseMessage = this.tokenService.invoke(requestMessage); - InputStream is = DocumentUtil.getSourceAsStream(responseMessage); - BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser() - .parse( is ); + InputStream is = DocumentUtil.getSourceAsStream(responseMessage); + BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser().parse(is); // validate the security token response. this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_BEARER_URI); } @@ -412,7 +412,7 @@ * * @throws Exception * if an error occurs while running the test. - */ + */ public void testInvokeSAML20WithSTSGeneratedSymmetricKey() throws Exception { // create a simple token request, asking for a SAMLv2.0 token. @@ -432,7 +432,8 @@ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_HOLDER_OF_KEY_URI); // validate the holder of key contents. - SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0); + SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation() + .get(0); this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false); // check if the response contains the STS-generated key. @@ -458,7 +459,7 @@ * * @throws Exception * if an error occurs while running the test. - */ + */ public void testInvokeSAML20WithCombinedSymmetricKey() throws Exception { // create a 64-bit random client secret. @@ -488,7 +489,8 @@ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_HOLDER_OF_KEY_URI); // validate the holder of key contents. - SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(1) ; + SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation() + .get(0); this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false); RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; @@ -542,7 +544,8 @@ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_HOLDER_OF_KEY_URI); // validate the holder of key contents. - SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0); + SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation() + .get(0); this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, false); } @@ -579,7 +582,8 @@ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_HOLDER_OF_KEY_URI); // validate the holder of key contents. - SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation().get(0) ; + SubjectConfirmationType subjConfirmation = (SubjectConfirmationType) assertion.getSubject().getConfirmation() + .get(0); this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, true); } @@ -1093,7 +1097,8 @@ Element element = (Element) requestedToken.getAny(); assertEquals("Unexpected root element name", "SpecialToken", element.getLocalName()); assertEquals("Unexpected namespace value", "http://www.tokens.org", element.getNamespaceURI()); - assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element.getAttribute("TokenType")); + assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element + .getAttribute("TokenType")); element = (Element) element.getFirstChild(); assertEquals("Unexpected child element name", "SpecialTokenValue", element.getLocalName()); assertEquals("Unexpected token value", "Principal:jduke", element.getFirstChild().getNodeValue()); @@ -1153,7 +1158,7 @@ // unmarshall the SAMLV2.0 assertion. Element assertionElement = (Element) requestedToken.getAny(); - System.out.println( DocumentUtil.getNodeAsString(assertionElement)); + System.out.println(DocumentUtil.getNodeAsString(assertionElement)); AssertionType assertion = SAMLUtil.fromElement(assertionElement); // verify the contents of the unmarshalled assertion. @@ -1168,11 +1173,11 @@ // validate the assertion subject. assertNotNull("Unexpected null subject", assertion.getSubject()); SubjectType subject = assertion.getSubject(); - + NameIDType nameID = (NameIDType) subject.getSubType().getBaseID(); assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier()); assertEquals("Unexpected name id value", principal, nameID.getValue()); - + SubjectConfirmationType subjType = (SubjectConfirmationType) subject.getConfirmation().get(0); assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getMethod()); @@ -1209,14 +1214,15 @@ { SubjectConfirmationDataType subjConfirmationDataType = subjectConfirmation.getSubjectConfirmationData(); assertNotNull("Unexpected null subject confirmation data", subjConfirmationDataType); - KeyInfoType keyInfo = (KeyInfoType)subjConfirmationDataType.getAnyType(); + KeyInfoType keyInfo = (KeyInfoType) subjConfirmationDataType.getAnyType(); assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size()); // if the key is a symmetric key, the KeyInfo should contain an encrypted element. if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equals(keyType)) { - JAXBElement<?> encKeyElement = (JAXBElement<?>) keyInfo.getContent().get(0); - assertEquals("Unexpected key info content type", EncryptedKeyType.class, encKeyElement.getDeclaredType()); + Element encKeyElement = (Element) keyInfo.getContent().get(0); + assertEquals("Unexpected key info content type", WSTrustConstants.XMLEnc.ENCRYPTED_KEY, encKeyElement + .getLocalName()); } // if the key is public, KeyInfo should either contain an encoded certificate or an encoded public key. else if (WSTrustConstants.KEY_TYPE_PUBLIC.equals(keyType)) @@ -1224,19 +1230,15 @@ // if the public key has been used as proof, we should be able to retrieve it from KeyValueType. if (usePublicKey == true) { - JAXBElement<?> keyValueElement = (JAXBElement<?>) keyInfo.getContent().get(0); - assertEquals("Unexpected key info content type", KeyValueType.class, keyValueElement.getDeclaredType()); - KeyValueType keyValue = (KeyValueType) keyValueElement.getValue(); + KeyValueType keyValue = (KeyValueType) keyInfo.getContent().get(0); List<Object> keyValueContent = keyValue.getContent(); assertEquals("Unexpected key value content size", 1, keyValueContent.size()); - JAXBElement<?> rsaKeyValueElement = (JAXBElement<?>) keyValue.getContent().get(0); - assertEquals("Unexpected key value content type", RSAKeyValueType.class, rsaKeyValueElement - .getDeclaredType()); - RSAKeyValueType rsaKeyValue = (RSAKeyValueType) rsaKeyValueElement.getValue(); + assertEquals("Unexpected key value content type", RSAKeyValueType.class, keyValueContent.get(0).getClass()); + RSAKeyValueType rsaKeyValue = (RSAKeyValueType) keyValueContent.get(0); // reconstruct the public key and check if it matches the public key of the provided certificate. - BigInteger modulus = new BigInteger(1, rsaKeyValue.getModulus()); - BigInteger exponent = new BigInteger(1, rsaKeyValue.getExponent()); + BigInteger modulus = new BigInteger(1, Base64.decode(new String(rsaKeyValue.getModulus()))); + BigInteger exponent = new BigInteger(1, Base64.decode(new String(rsaKeyValue.getExponent()))); KeyFactory factory = KeyFactory.getInstance("RSA"); RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent); RSAPublicKey genKey = (RSAPublicKey) factory.generatePublic(spec); @@ -1245,18 +1247,16 @@ // if the whole certificate was used as proof, we should be able to retrieve it from X509DataType. else { - JAXBElement<?> x509DataElement = (JAXBElement<?>) keyInfo.getContent().get(0); - assertEquals("Unexpected key info content type", X509DataType.class, x509DataElement.getDeclaredType()); - X509DataType x509Data = (X509DataType) x509DataElement.getValue(); + X509DataType x509Data = (X509DataType) keyInfo.getContent().get(0); assertEquals("Unexpected X509 data content size", 1, x509Data .getX509IssuerSerialOrX509SKIOrX509SubjectName().size()); - JAXBElement<?> x509CertElement = (JAXBElement<?>) x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName() - .get(0); - assertEquals("Unexpected X509 data content type", byte[].class, x509CertElement.getDeclaredType()); - byte[] encodedCertificate = (byte[]) x509CertElement.getValue(); + Object content = x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0); + assertTrue("Unexpected X509 data content type", content instanceof X509CertificateType); + byte[] encodedCertificate = ((X509CertificateType) content).getEncodedCertificate(); // reconstruct the certificate and check if it matches the provided certificate. - ByteArrayInputStream byteInputStream = new ByteArrayInputStream(encodedCertificate); + ByteArrayInputStream byteInputStream = new ByteArrayInputStream(Base64.decode(encodedCertificate, 0, + encodedCertificate.length)); assertEquals("Invalid certificate in key info", certificate, CertificateFactory.getInstance("X.509") .generateCertificate(byteInputStream)); } Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2010-12-01 15:44:48 UTC (rev 584) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2010-12-04 01:55:23 UTC (rev 585) @@ -1,23 +1,19 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. */ package org.picketlink.test.identity.federation.core.wstrust; @@ -34,7 +30,6 @@ import java.util.GregorianCalendar; import java.util.HashMap; -import javax.xml.bind.JAXBElement; import javax.xml.namespace.QName; import javax.xml.transform.Source; import javax.xml.transform.dom.DOMResult; @@ -43,6 +38,7 @@ import org.junit.Test; import org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.Base64; import org.picketlink.identity.federation.core.wstrust.SecurityToken; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext; @@ -65,6 +61,7 @@ import org.picketlink.identity.federation.ws.wss.secext.KeyIdentifierType; import org.picketlink.identity.federation.ws.wss.secext.SecurityTokenReferenceType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -80,22 +77,23 @@ { private SAML20TokenProvider provider; - + /** * * Tests the issuance of a SAMLV2.0 Assertion. * * - * @throws Exception if an error occurs while running the test. + * @throws Exception + * if an error occurs while running the test. */ @Test public void testIssueSAMLV20Token() throws Exception - { + { this.provider = new SAML20TokenProvider(); provider.initialize(new HashMap<String, String>()); - + SAMLAssertionParser assertionParser = new SAMLAssertionParser(); - + // create a WSTrustRequestContext with a simple WS-Trust request. RequestSecurityToken request = new RequestSecurityToken(); request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000)); @@ -110,17 +108,18 @@ assertNotNull("Unexpected null security token", context.getSecurityToken()); SecurityToken securityToken = context.getSecurityToken(); - - AssertionType assertion = assertionParser.fromElement( (Element) securityToken.getTokenValue() ); - /*JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion"); - Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); - JAXBElement<?> parsedElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) context.getSecurityToken() - .getTokenValue()); - assertNotNull("Unexpected null element", parsedElement); - assertEquals("Unexpected element type", AssertionType.class, parsedElement.getDeclaredType()); - AssertionType assertion = (AssertionType) parsedElement.getValue(); - StandardSecurityToken securityToken = (StandardSecurityToken) context.getSecurityToken();*/ + AssertionType assertion = assertionParser.fromElement((Element) securityToken.getTokenValue()); + /* + * JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion"); + * Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); JAXBElement<?> parsedElement = (JAXBElement<?>) + * unmarshaller.unmarshal((Element) context.getSecurityToken() .getTokenValue()); + * assertNotNull("Unexpected null element", parsedElement); assertEquals("Unexpected element type", + * AssertionType.class, parsedElement.getDeclaredType()); + * + * AssertionType assertion = (AssertionType) parsedElement.getValue(); StandardSecurityToken securityToken = + * (StandardSecurityToken) context.getSecurityToken(); + */ assertEquals("Unexpected token id", securityToken.getTokenID(), assertion.getID()); assertEquals("Unexpected token issuer", "PicketLinkSTS", assertion.getIssuer().getValue()); @@ -130,7 +129,7 @@ assertNotNull("Unexpected null value for NotBefore attribute", conditions.getNotBefore()); assertNotNull("Unexpected null value for NotOnOrAfter attribute", conditions.getNotOnOrAfter()); assertEquals("Unexpected number of conditions", 1, conditions.getConditions().size()); - + AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions.getConditions().get(0); assertNotNull("Unexpected null audience list", restrictionType.getAudience()); assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size()); @@ -139,12 +138,12 @@ // check the contents of the assertion subject. SubjectType subject = assertion.getSubject(); - assertNotNull("Unexpected null subject", subject); - + assertNotNull("Unexpected null subject", subject); + NameIDType nameID = (NameIDType) subject.getSubType().getBaseID(); assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier()); assertEquals("Unexpected name id", "sguilhen", nameID.getValue()); - + SubjectConfirmationType confirmation = (SubjectConfirmationType) subject.getConfirmation().get(0); assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI, confirmation.getMethod()); @@ -164,11 +163,12 @@ /** * - * This method tests the creation of SAMLV.20 assertions that contain a proof-of-possession token - that is, + * This method tests the creation of SAMLV.20 assertions that contain a proof-of-possession token - that is, * assertions that use the Holder Of Key confirmation method. * * - * @throws Exception if an error occurs while running the test. + * @throws Exception + * if an error occurs while running the test. */ @Test public void testIssueSAMLV20HolderOfKeyToken() throws Exception @@ -198,31 +198,20 @@ AssertionType assertion = SAMLUtil.fromElement((Element) context.getSecurityToken().getTokenValue()); SubjectType subject = assertion.getSubject(); assertNotNull("Unexpected null subject", subject); - - /*assertEquals("Unexpected subject content size", 2, subject.getContent().size()); - JAXBElement<?> content = subject.getContent().get(0); - assertEquals("Unexpected content type", NameIDType.class, content.getDeclaredType()); - */ - + NameIDType nameID = (NameIDType) subject.getSubType().getBaseID(); assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier()); assertEquals("Unexpected name id", "sguilhen", nameID.getValue()); - + SubjectConfirmationType confirmation = (SubjectConfirmationType) subject.getConfirmation().get(0); assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_HOLDER_OF_KEY_URI, confirmation.getMethod()); - - /*List<Object> confirmationContent = confirmation.getSubjectConfirmationData().getContent(); - assertEquals("Unexpected subject confirmation content size", 1, confirmationContent.size()); - JAXBElement<?> keyInfoElement = (JAXBElement<?>) confirmationContent.get(0); - assertEquals("Unexpected subject confirmation context type", KeyInfoType.class, keyInfoElement.getDeclaredType()); - KeyInfoType keyInfo = (KeyInfoType) keyInfoElement.getValue(); - assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size()); - JAXBElement<?> encKeyElement = (JAXBElement<?>) keyInfo.getContent().get(0); - assertEquals("Unexpected key info content type", EncryptedKeyType.class, encKeyElement.getDeclaredType());*/ - + SubjectConfirmationDataType confirmData = confirmation.getSubjectConfirmationData(); - KeyInfoType keyInfo = (KeyInfoType) confirmData.getAnyType(); + assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size()); + Element encKeyElement = (Element) keyInfo.getContent().get(0); + assertEquals("Unexpected key info content type", WSTrustConstants.XMLEnc.ENCRYPTED_KEY, encKeyElement + .getLocalName()); // Now let's set an asymmetric proof of possession token in the context. Certificate certificate = this.getCertificate("keystore/sts_keystore.jks", "testpass", "service1"); @@ -234,31 +223,30 @@ // check if the assertion has a subject confirmation that contains the encoded certificate. assertion = SAMLUtil.fromElement((Element) context.getSecurityToken().getTokenValue()); - subject = assertion.getSubject(); + subject = assertion.getSubject(); nameID = (NameIDType) subject.getSubType().getBaseID(); assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier()); - assertEquals("Unexpected name id", "sguilhen", nameID.getValue()); + assertEquals("Unexpected name id", "sguilhen", nameID.getValue()); confirmation = (SubjectConfirmationType) subject.getConfirmation().get(0); assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_HOLDER_OF_KEY_URI, confirmation.getMethod()); - - - /*confirmationContent = confirmation.getSubjectConfirmationData().getContent(); - assertEquals("Unexpected subject confirmation content size", 1, confirmationContent.size()); - keyInfoElement = (JAXBElement<?>) confirmationContent.get(0); - assertEquals("Unexpected subject confirmation context type", KeyInfoType.class, keyInfoElement.getDeclaredType());*/ - keyInfo = (KeyInfoType)confirmation.getSubjectConfirmationData().getAnyType(); + + /* + * confirmationContent = confirmation.getSubjectConfirmationData().getContent(); + * assertEquals("Unexpected subject confirmation content size", 1, confirmationContent.size()); keyInfoElement = + * (JAXBElement<?>) confirmationContent.get(0); assertEquals("Unexpected subject confirmation context type", + * KeyInfoType.class, keyInfoElement.getDeclaredType()); + */ + keyInfo = (KeyInfoType) confirmation.getSubjectConfirmationData().getAnyType(); assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size()); // key info should contain a X509Data section with the encoded certificate. - JAXBElement<?> x509DataElement = (JAXBElement<?>) keyInfo.getContent().get(0); - assertEquals("Unexpected key info content type", X509DataType.class, x509DataElement.getDeclaredType()); - X509DataType x509Data = (X509DataType) x509DataElement.getValue(); + X509DataType x509Data = (X509DataType) keyInfo.getContent().get(0); assertEquals("Unexpected X509 data content size", 1, x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName() .size()); - JAXBElement<?> x509CertElement = (JAXBElement<?>) x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0); - assertEquals("Unexpected X509 data content type", byte[].class, x509CertElement.getDeclaredType()); + X509CertificateType cert = (X509CertificateType) x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0); + // certificate should have been encoded to Base64, so we need to decode it first. - byte[] encodedCert = (byte[]) x509CertElement.getValue(); + byte[] encodedCert = Base64.decode(new String(cert.getEncodedCertificate())); assertTrue("Invalid encoded certificate found", Arrays.equals(certificate.getEncoded(), encodedCert)); } @@ -267,14 +255,15 @@ * Tests the validation of a SAMLV2.0 Assertion. * * - * @throws Exception if an error occurs while running the test. + * @throws Exception + * if an error occurs while running the test. */ @Test public void testValidateSAMLV20Token() throws Exception { this.provider = new SAML20TokenProvider(); provider.initialize(new HashMap<String, String>()); - + // issue a SAMLV2.0 assertion. WSTrustRequestContext context = this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000)); this.provider.issueToken(context); @@ -319,9 +308,11 @@ * test scenarios. * * - * @param lifetime the {@code Lifetime} of the assertion to be issued. + * @param lifetime + * the {@code Lifetime} of the assertion to be issued. * @return the constructed {@code WSTrustRequestHandler} instance. - * @throws Exception if an error occurs while creating the context. + * @throws Exception + * if an error occurs while creating the context. */ private WSTrustRequestContext createIssuingContext(Lifetime lifetime) throws Exception { @@ -343,9 +334,11 @@ * Creates a {@code WSTrustRequestContext} for validating the specified assertion. * * - * @param assertion an {@code Element} representing the SAMLV2.0 assertion to be validated. + * @param assertion + * an {@code Element} representing the SAMLV2.0 assertion to be validated. * @return the constructed {@code WSTrustRequestContext} instance. - * @throws Exception if an error occurs while creating the validating context. + * @throws Exception + * if an error occurs while creating the validating context. */ private WSTrustRequestContext createValidatingContext(Element assertion) throws Exception { @@ -368,11 +361,15 @@ * Obtains the {@code Certificate} stored under the specified alias in the specified keystore. * * - * @param keyStoreFile the name of the file that contains a JKS keystore. - * @param passwd the keystore password. - * @param certificateAlias the alias of a certificate in the keystore. + * @param keyStoreFile + * the name of the file that contains a JKS keystore. + * @param passwd + * the keystore password. + * @param certificateAlias + * the alias of a certificate in the keystore. * @return a reference to the {@code Certificate} stored under the given alias. - * @throws Exception if an error occurs while handling the keystore. + * @throws Exception + * if an error occurs while handling the keystore. */ private Certificate getCertificate(String keyStoreFile, String passwd, String certificateAlias) throws Exception { @@ -383,7 +380,7 @@ Certificate certificate = keyStore.getCertificate(certificateAlias); return certificate; } - + private Source createSourceFromRequest(RequestSecurityToken request) throws Exception { DOMResult result = new DOMResult(DocumentUtil.createDocument()); Added: federation/trunk/picketlink-xmlsec-model/src/main/java/org/picketlink/identity/xmlsec/w3/xmldsig/X509CertificateType.java =================================================================== --- federation/trunk/picketlink-xmlsec-model/src/main/java/org/picketlink/identity/xmlsec/w3/xmldsig/X509CertificateType.java (rev 0) +++ federation/trunk/picketlink-xmlsec-model/src/main/java/org/picketlink/identity/xmlsec/w3/xmldsig/X509CertificateType.java 2010-12-04 01:55:23 UTC (rev 585) @@ -0,0 +1,17 @@ +package org.picketlink.identity.xmlsec.w3.xmldsig; + +public class X509CertificateType +{ + + private byte[] encodedCertificate; + + public byte[] getEncodedCertificate() + { + return this.encodedCertificate; + } + + public void setEncodedCertificate(byte[] encodedCertificate) + { + this.encodedCertificate = encodedCertificate; + } +}

14 years

1
0
0 / 0

Picketlink SVN: r584 - in federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers: wsse and 1 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-01 10:44:48 -0500 (Wed, 01 Dec 2010) New Revision: 584 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wsse/WSSecurityParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenResponseParser.java Log: fixes Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2010-12-01 15:38:54 UTC (rev 583) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2010-12-01 15:44:48 UTC (rev 584) @@ -101,6 +101,8 @@ nextEndElement = StaxParserUtil.getNextEndElement(xmlEventReader); break; } + else + throw new RuntimeException( "unknown end element:" + StaxParserUtil.getEndElementName(nextEndElement)); } String tag = null; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2010-12-01 15:38:54 UTC (rev 583) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2010-12-01 15:44:48 UTC (rev 584) @@ -143,6 +143,8 @@ EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); if( StaxParserUtil.matches(endElement, STATUS )) break; + else + throw new RuntimeException( "unknown end element:" + StaxParserUtil.getEndElementName( endElement )); } } return status; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-12-01 15:38:54 UTC (rev 583) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-12-01 15:44:48 UTC (rev 584) @@ -220,6 +220,8 @@ xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); break; } + else + throw new RuntimeException( "unknown end element:" + tag ); } startElement = (StartElement) xmlEvent; tag = StaxParserUtil.getStartElementName(startElement); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wsse/WSSecurityParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wsse/WSSecurityParser.java 2010-12-01 15:38:54 UTC (rev 583) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wsse/WSSecurityParser.java 2010-12-01 15:44:48 UTC (rev 584) @@ -151,6 +151,8 @@ endElement = StaxParserUtil.getNextEndElement(xmlEventReader); break; } + else + throw new RuntimeException( "unknown end element:" + tag ); } startElement = (StartElement) xmlEvent; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java 2010-12-01 15:38:54 UTC (rev 583) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java 2010-12-01 15:44:48 UTC (rev 584) @@ -86,7 +86,7 @@ if( endElementTag.equals( WSTrustConstants.RST ) ) break; else - throw new RuntimeException( "Unknown End Element:" + StaxParserUtil.getEndElementName( endElement ) ); + throw new RuntimeException( "Unknown End Element:" + endElementTag ); } try Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenResponseParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenResponseParser.java 2010-12-01 15:38:54 UTC (rev 583) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenResponseParser.java 2010-12-01 15:44:48 UTC (rev 584) @@ -92,7 +92,7 @@ if (endElementTag.equals(WSTrustConstants.RSTR)) break; else - throw new RuntimeException( "Unknown End Element:" + StaxParserUtil.getEndElementName( endElement ) ); + throw new RuntimeException( "Unknown End Element:" + endElementTag ); } try @@ -335,11 +335,14 @@ xmlEvent = StaxParserUtil.peek(xmlEventReader); if (xmlEvent instanceof EndElement) { - if (StaxParserUtil.getEndElementName((EndElement) xmlEvent).equals(WSTrustConstants.STATUS)) + String endElementTag = StaxParserUtil.getEndElementName((EndElement) xmlEvent); + if ( endElementTag.equals(WSTrustConstants.STATUS)) { xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); break; - } + } + else + throw new RuntimeException( "unknown end element:" + endElementTag ); } startElement = (StartElement) xmlEvent; String tag = StaxParserUtil.getStartElementName(startElement); @@ -380,11 +383,14 @@ xmlEvent = StaxParserUtil.peek(xmlEventReader); if (xmlEvent instanceof EndElement) { - if (StaxParserUtil.getEndElementName((EndElement) xmlEvent).equals(WSTrustConstants.REQUESTED_TOKEN)) + String endElementTag = StaxParserUtil.getEndElementName( (EndElement) xmlEvent ); + if ( endElementTag.equals(WSTrustConstants.REQUESTED_TOKEN)) { xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); break; } + else + throw new RuntimeException( "unknown end element:" + endElementTag ); } Element tokenElement = StaxParserUtil.getDOMElement(xmlEventReader); requestedSecurityTokenType.setAny(tokenElement);

14 years

1
0
0 / 0

Picketlink SVN: r583 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/parsers/wst and 4 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-01 10:38:54 -0500 (Wed, 01 Dec 2010) New Revision: 583 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTCancelTargetParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTValidateTargetParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-x500attrib.xml Log: fixes Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-12-01 15:38:54 UTC (rev 583) @@ -28,9 +28,6 @@ import javax.xml.stream.events.EndElement; import javax.xml.stream.events.StartElement; import javax.xml.stream.events.XMLEvent; -import javax.xml.transform.Transformer; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.stax.StAXSource; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.exceptions.ParsingException; @@ -41,10 +38,14 @@ import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; -import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; -import org.picketlink.identity.federation.core.util.TransformerUtil; -import org.picketlink.identity.federation.newmodel.saml.v2.assertion.*; -import org.w3c.dom.Document; +import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnStatementType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType; import org.w3c.dom.Element; /** @@ -71,25 +72,10 @@ String startElementName = StaxParserUtil.getStartElementName(startElement); if( startElementName.equals( JBossSAMLConstants.ENCRYPTED_ASSERTION.get() )) { - Document resultDocument; - try - { - resultDocument = DocumentUtil.createDocument(); - DOMResult domResult = new DOMResult( resultDocument ); - - //Let us parse <c><d> using transformer - StAXSource source = new StAXSource(xmlEventReader); - - Transformer transformer = TransformerUtil.getStaxSourceToDomResultTransformer(); - transformer.transform( source, domResult ); - } - catch ( Exception e) - { - throw new RuntimeException( e ); - } + Element domElement = StaxParserUtil.getDOMElement(xmlEventReader); EncryptedAssertionType encryptedAssertion = new EncryptedAssertionType(); - encryptedAssertion.setEncryptedElement( resultDocument.getDocumentElement() ); + encryptedAssertion.setEncryptedElement( domElement ); return encryptedAssertion; } @@ -134,25 +120,8 @@ String tag = StaxParserUtil.getStartElementName( peekedElement ); if( tag.equals( JBossSAMLConstants.SIGNATURE.get() ) ) - { - Document resultDocument; - try - { - resultDocument = DocumentUtil.createDocument(); - DOMResult domResult = new DOMResult( resultDocument ); - - //Let us parse <c><d> using transformer - StAXSource source = new StAXSource(xmlEventReader); - - Transformer transformer = TransformerUtil.getStaxSourceToDomResultTransformer(); - transformer.transform( source, domResult ); - } - catch ( Exception e) - { - throw new RuntimeException( e ); - } - - assertion.setSignature( resultDocument.getDocumentElement() ); + { + assertion.setSignature( StaxParserUtil.getDOMElement(xmlEventReader) ); continue; } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-01 15:38:54 UTC (rev 583) @@ -25,20 +25,14 @@ import javax.xml.stream.XMLEventReader; import javax.xml.stream.events.Attribute; import javax.xml.stream.events.StartElement; -import javax.xml.transform.Transformer; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.stax.StAXSource; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; -import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.picketlink.identity.federation.core.util.NetworkUtil; -import org.picketlink.identity.federation.core.util.TransformerUtil; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType; -import org.w3c.dom.Document; /** * Base Class for SAML Request Parsing @@ -92,25 +86,8 @@ request.setIssuer( issuer ); } else if( JBossSAMLConstants.SIGNATURE.get().equals( elementName )) - { - Document resultDocument; - try - { - resultDocument = DocumentUtil.createDocument(); - DOMResult domResult = new DOMResult( resultDocument ); - - //Let us parse <c><d> using transformer - StAXSource source = new StAXSource(xmlEventReader); - - Transformer transformer = TransformerUtil.getStaxSourceToDomResultTransformer(); - transformer.transform( source, domResult ); - } - catch ( Exception e) - { - throw new RuntimeException( e ); - } - - request.setSignature( resultDocument.getDocumentElement() ); + { + request.setSignature( StaxParserUtil.getDOMElement(xmlEventReader) ); //StaxParserUtil.bypassElementBlock(xmlEventReader, JBossSAMLConstants.SIGNATURE.get() ); } } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-12-01 15:38:54 UTC (rev 583) @@ -186,6 +186,12 @@ KeyInfoType keyInfo = parseKeyInfo(xmlEventReader); subjectConfirmationData.setAnyType(keyInfo); } + else if( tag.equals( WSTrustConstants.XMLEnc.ENCRYPTED_KEY )) + { + subjectConfirmationData.setAnyType( StaxParserUtil.getDOMElement(xmlEventReader)); + } + else + throw new RuntimeException( "Handle:" + tag ); } //Get the end tag Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTCancelTargetParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTCancelTargetParser.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTCancelTargetParser.java 2010-12-01 15:38:54 UTC (rev 583) @@ -24,20 +24,15 @@ import javax.xml.namespace.QName; import javax.xml.stream.XMLEventReader; import javax.xml.stream.events.StartElement; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.stax.StAXSource; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; -import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; -import org.picketlink.identity.federation.core.util.TransformerUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.ws.trust.CancelTargetType; -import org.w3c.dom.Document; /** * Stax parser for the wst:CancelTarget element @@ -70,13 +65,8 @@ { // this is an unknown type - parse using the transformer. try - { - Document resultDocument = DocumentUtil.createDocument(); - DOMResult domResult = new DOMResult(resultDocument); - StAXSource source = new StAXSource(xmlEventReader); - TransformerUtil.transform(TransformerUtil.getStaxSourceToDomResultTransformer(), source, domResult); - Document doc = (Document) domResult.getNode(); - cancelTarget.setAny(doc.getDocumentElement()); + { + cancelTarget.setAny( StaxParserUtil.getDOMElement(xmlEventReader) ); } catch(Exception e) { Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java 2010-12-01 15:38:54 UTC (rev 583) @@ -20,20 +20,15 @@ import javax.xml.namespace.QName; import javax.xml.stream.XMLEventReader; import javax.xml.stream.events.StartElement; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.stax.StAXSource; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; -import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; -import org.picketlink.identity.federation.core.util.TransformerUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.ws.trust.RenewTargetType; -import org.w3c.dom.Document; /** * Stax parser for the wst:RenewTarget element @@ -68,13 +63,8 @@ { // this is an unknown type - parse using the transformer. try - { - Document resultDocument = DocumentUtil.createDocument(); - DOMResult domResult = new DOMResult(resultDocument); - StAXSource source = new StAXSource(xmlEventReader); - TransformerUtil.transform(TransformerUtil.getStaxSourceToDomResultTransformer(), source, domResult); - Document doc = (Document) domResult.getNode(); - renewTargetType.setAny(doc.getDocumentElement()); + { + renewTargetType.setAny( StaxParserUtil.getDOMElement(xmlEventReader) ); } catch(Exception e) { Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTValidateTargetParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTValidateTargetParser.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTValidateTargetParser.java 2010-12-01 15:38:54 UTC (rev 583) @@ -24,20 +24,15 @@ import javax.xml.namespace.QName; import javax.xml.stream.XMLEventReader; import javax.xml.stream.events.StartElement; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.stax.StAXSource; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; -import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; -import org.picketlink.identity.federation.core.util.TransformerUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.ws.trust.ValidateTargetType; -import org.w3c.dom.Document; /** * Stax parser for the wst:ValidateTarget element @@ -70,13 +65,8 @@ { // this is an unknown type - parse using the transformer. try - { - Document resultDocument = DocumentUtil.createDocument(); - DOMResult domResult = new DOMResult(resultDocument); - StAXSource source = new StAXSource(xmlEventReader); - TransformerUtil.transform(TransformerUtil.getStaxSourceToDomResultTransformer(), source, domResult); - Document doc = (Document) domResult.getNode(); - validateTargetType.setAny(doc.getDocumentElement()); + { + validateTargetType.setAny( StaxParserUtil.getDOMElement(xmlEventReader) ); } catch(Exception e) { Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-01 15:38:54 UTC (rev 583) @@ -55,6 +55,7 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionAbstractType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.KeyInfoConfirmationDataType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationDataType; @@ -62,6 +63,8 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.URIType; +import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.w3c.dom.Element; /** * Write the SAML Assertion to stream @@ -467,6 +470,21 @@ { StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address ); } + + Object anyType = subjectConfirmationData.getAnyType(); + if( anyType instanceof KeyInfoConfirmationDataType ) + { + KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType) anyType; + Element keyInfoElement = kicd.getKeyInfo(); + StaxUtil.writeDOMNode(writer, keyInfoElement); + } + else if( anyType instanceof KeyInfoType ) + { + KeyInfoType keyInfo = (KeyInfoType) anyType; + Element el = (Element) keyInfo.getContent().get(0); + StaxUtil.writeDOMNode(writer, el); + } + else throw new RuntimeException( "Need to handle:" + anyType ); StaxUtil.writeEndElement( writer); StaxUtil.flush( writer ); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-12-01 15:38:54 UTC (rev 583) @@ -128,6 +128,12 @@ String X509CERT = "X509Certificate"; } + public interface XMLEnc + { + String XMLENC_NS = "http://www.w3.org/2001/04/xmlenc#"; + String ENCRYPTED_KEY = "EncryptedKey"; + } + public interface WSSE { String KEY_IDENTIFIER = "KeyIdentifier"; Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2010-12-01 15:38:54 UTC (rev 583) @@ -21,6 +21,10 @@ */ package org.picketlink.test.identity.federation.core.wstrust; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + import java.io.InputStream; import java.net.URI; import java.security.KeyStore; @@ -36,8 +40,7 @@ import javax.xml.transform.dom.DOMResult; import javax.xml.transform.dom.DOMSource; -import junit.framework.TestCase; - +import org.junit.Test; import org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.wstrust.SecurityToken; @@ -73,19 +76,11 @@ * * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> */ -public class SAML20TokenProviderUnitTestCase extends TestCase +public class SAML20TokenProviderUnitTestCase { private SAML20TokenProvider provider; - @Override - protected void setUp() throws Exception - { - super.setUp(); - this.provider = new SAML20TokenProvider(); - provider.initialize(new HashMap<String, String>()); - } - /** * * Tests the issuance of a SAMLV2.0 Assertion. @@ -93,8 +88,12 @@ * * @throws Exception if an error occurs while running the test. */ + @Test public void testIssueSAMLV20Token() throws Exception - { + { + this.provider = new SAML20TokenProvider(); + provider.initialize(new HashMap<String, String>()); + SAMLAssertionParser assertionParser = new SAMLAssertionParser(); // create a WSTrustRequestContext with a simple WS-Trust request. @@ -171,8 +170,12 @@ * * @throws Exception if an error occurs while running the test. */ + @Test public void testIssueSAMLV20HolderOfKeyToken() throws Exception { + + this.provider = new SAML20TokenProvider(); + provider.initialize(new HashMap<String, String>()); // create a WSTrustRequestContext with a simple WS-Trust request. RequestSecurityToken request = new RequestSecurityToken(); request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000)); @@ -266,9 +269,12 @@ * * @throws Exception if an error occurs while running the test. */ + @Test public void testValidateSAMLV20Token() throws Exception { - + this.provider = new SAML20TokenProvider(); + provider.initialize(new HashMap<String, String>()); + // issue a SAMLV2.0 assertion. WSTrustRequestContext context = this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000)); this.provider.issueToken(context); Modified: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-x500attrib.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-x500attrib.xml 2010-12-01 14:34:05 UTC (rev 582) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-x500attrib.xml 2010-12-01 15:38:54 UTC (rev 583) @@ -7,7 +7,7 @@ IssueInstant="2004-12-05T09:22:05Z"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <ds:Signature - xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature> + xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">

14 years

1
0
0 / 0

Picketlink SVN: r582 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/saml/v2/constants and 3 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-12-01 09:34:05 -0500 (Wed, 01 Dec 2010) New Revision: 582 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java Log: fixes Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2010-12-01 14:14:43 UTC (rev 581) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2010-12-01 14:34:05 UTC (rev 582) @@ -60,8 +60,8 @@ AttributeStatementType attributeStatementType = new AttributeStatementType(); StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - String AUTHNSTATEMENT = JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(); - StaxParserUtil.validate( startElement, AUTHNSTATEMENT ); + String ATTRIBSTATEMT = JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(); + StaxParserUtil.validate( startElement, ATTRIBSTATEMT ); while( xmlEventReader.hasNext() ) { @@ -97,7 +97,7 @@ //Look for X500 Encoding QName x500EncodingName = new QName( JBossSAMLURIConstants.X500_NSURI.get(), - JBossSAMLConstants.ENCODING.get() ); + JBossSAMLConstants.ENCODING.get(), JBossSAMLURIConstants.X500_PREFIX.get() ); Attribute x500EncodingAttr = startElement.getAttributeByName( x500EncodingName ); if( x500EncodingAttr != null ) @@ -156,7 +156,7 @@ { return StaxParserUtil.getElementText(xmlEventReader); } - + throw new RuntimeException( "Unsupported xsi:type=" + typeValue ); } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2010-12-01 14:14:43 UTC (rev 581) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2010-12-01 14:34:05 UTC (rev 582) @@ -100,7 +100,8 @@ TRANSFORM_ENVELOPED_SIGNATURE("http://www.w3.org/2000/09/xmldsig#enveloped-signature"), TRANSFORM_C14N_EXCL_OMIT_COMMENTS("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"), - + + X500_PREFIX("x500"), X500_NSURI("urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"), XMLSCHEMA_NSURI("http://www.w3.org/2001/XMLSchema"), XMLDSIG_NSURI("http://www.w3.org/2000/09/xmldsig#"), Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java 2010-12-01 14:14:43 UTC (rev 581) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java 2010-12-01 14:34:05 UTC (rev 582) @@ -42,7 +42,7 @@ */ public class StatementUtil { - public static final QName X500_QNAME = new QName(JBossSAMLURIConstants.X500_NSURI.get(), "Encoding"); + public static final QName X500_QNAME = new QName(JBossSAMLURIConstants.X500_NSURI.get(), "Encoding", JBossSAMLURIConstants.X500_PREFIX.get()); /** * Create an attribute statement with all the attributes Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-01 14:14:43 UTC (rev 581) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-01 14:34:05 UTC (rev 582) @@ -173,6 +173,7 @@ public void write( StatementAbstractType statement ) throws ProcessingException { //TODO: handle this section + throw new RuntimeException( "NYI" ); } public void write( AttributeStatementType statement ) throws ProcessingException @@ -310,7 +311,7 @@ String nameFormat = attributeType.getNameFormat(); if( StringUtil.isNotNull( nameFormat )) { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.NAME_FORMAT.get(), friendlyName ); + StaxUtil.writeAttribute( writer, JBossSAMLConstants.NAME_FORMAT.get(), nameFormat ); } //Take care of other attributes such as x500:encoding Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java 2010-12-01 14:14:43 UTC (rev 581) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java 2010-12-01 14:34:05 UTC (rev 582) @@ -85,7 +85,9 @@ *///marshaller.marshal(jaxb, System.out); Document samlDom = DocumentUtil.getDocument(new String(baos.toByteArray())); - NodeList nl = samlDom.getElementsByTagName("Attribute"); + System.out.println( DocumentUtil.getDocumentAsString(samlDom)); + + NodeList nl = samlDom.getElementsByTagNameNS(JBossSAMLURIConstants.ASSERTION_NSURI.get() ,"Attribute"); assertEquals("nodes = 2", 2, nl.getLength()); String x500NS = JBossSAMLURIConstants.X500_NSURI.get();

14 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

picketlink-commits December 2010