July 2011 - picketlink-commits - Jboss List Archives

Picketlink SVN: r1054 - federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-01 16:00:05 -0400 (Fri, 01 Jul 2011) New Revision: 1054 Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java Removed: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParerTestCase.java Log: PLFED-116: saml artifact resolve parsing Deleted: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParerTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParerTestCase.java 2011-07-01 19:58:08 UTC (rev 1053) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParerTestCase.java 2011-07-01 20:00:05 UTC (rev 1054) @@ -1,61 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.picketlink.test.identity.federation.core.parser.saml; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - -import java.io.InputStream; - -import org.junit.Test; -import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; -import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; -import org.picketlink.identity.federation.core.util.JAXPValidationUtil; -import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType; - -/** - * Unit test the parsing of {@link ArtifactResolveType} - * @author Anil.Saldhana(a)redhat.com - * @since Jul 1, 2011 - */ -public class SAMLArtifactResolveParerTestCase -{ - @Test - public void testSAMLArtifactResolveParse() throws Exception - { - ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-artifact-resolve.xml"); - - JAXPValidationUtil.validate(configStream); - configStream = tcl.getResourceAsStream("parser/saml2/saml2-artifact-resolve.xml"); - - SAMLParser parser = new SAMLParser(); - ArtifactResolveType artifactResolve = (ArtifactResolveType) parser.parse(configStream); - assertNotNull("ArtifactResolveType is not null", artifactResolve); - - assertEquals("ID_cce4ee769ed970b501d680f697989d14", artifactResolve.getID()); - assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:58Z"), artifactResolve.getIssueInstant()); - assertEquals("https://sp.example.com/SAML2/ArtifactResolution", artifactResolve.getDestination().toString()); - assertEquals("https://idp.example.org/SAML2", artifactResolve.getIssuer().getValue()); - assertEquals("AAQAAMh48/1oXIM+sDo7Dh2qMp1HM4IF5DaRNmDj6RdUmllwn9jJHyEgIi8=", artifactResolve.getArtifact()); - } -} \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java 2011-07-01 20:00:05 UTC (rev 1054) @@ -0,0 +1,61 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.parser.saml; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.io.InputStream; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; +import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType; + +/** + * Unit test the parsing of {@link ArtifactResolveType} + * @author Anil.Saldhana(a)redhat.com + * @since Jul 1, 2011 + */ +public class SAMLArtifactResolveParserTestCase +{ + @Test + public void testSAMLArtifactResolveParse() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-artifact-resolve.xml"); + + JAXPValidationUtil.validate(configStream); + configStream = tcl.getResourceAsStream("parser/saml2/saml2-artifact-resolve.xml"); + + SAMLParser parser = new SAMLParser(); + ArtifactResolveType artifactResolve = (ArtifactResolveType) parser.parse(configStream); + assertNotNull("ArtifactResolveType is not null", artifactResolve); + + assertEquals("ID_cce4ee769ed970b501d680f697989d14", artifactResolve.getID()); + assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:58Z"), artifactResolve.getIssueInstant()); + assertEquals("https://sp.example.com/SAML2/ArtifactResolution", artifactResolve.getDestination().toString()); + assertEquals("https://idp.example.org/SAML2", artifactResolve.getIssuer().getValue()); + assertEquals("AAQAAMh48/1oXIM+sDo7Dh2qMp1HM4IF5DaRNmDj6RdUmllwn9jJHyEgIi8=", artifactResolve.getArtifact()); + } +} \ No newline at end of file

12 years, 10 months

1
0
0 / 0

Picketlink SVN: r1053 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/saml/v2/constants and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-01 15:58:08 -0400 (Fri, 01 Jul 2011) New Revision: 1053 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLArtifactResolveParser.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParerTestCase.java federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-resolve.xml Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java Log: PLFED-116: saml artifact resolve parsing Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLArtifactResolveParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLArtifactResolveParser.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLArtifactResolveParser.java 2011-07-01 19:58:08 UTC (rev 1053) @@ -0,0 +1,98 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.parsers.saml; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.events.StartElement; + +import org.picketlink.identity.federation.core.exceptions.ParsingException; +import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; +import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType; + +/** + * Parse the {@link ArtifactResolveType} + * @author Anil.Saldhana(a)redhat.com + * @since Jul 1, 2011 + */ +public class SAMLArtifactResolveParser extends SAMLRequestAbstractParser implements ParserNamespaceSupport +{ + public Object parse(XMLEventReader xmlEventReader) throws ParsingException + { + //Get the startelement + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, JBossSAMLConstants.ARTIFACT_RESOLVE.get()); + + ArtifactResolveType artifactResolve = parseBaseAttributes(startElement); + + while (xmlEventReader.hasNext()) + { + //Let us peek at the next start element + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + if (startElement == null) + break; + super.parseCommonElements(startElement, xmlEventReader, artifactResolve); + String elementName = StaxParserUtil.getStartElementName(startElement); + + if (JBossSAMLConstants.ARTIFACT.get().equals(elementName)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + artifactResolve.setArtifact(StaxParserUtil.getElementText(xmlEventReader)); + } + else if (JBossSAMLConstants.ISSUER.get().equals(elementName)) + { + continue; + } + else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) + { + continue; + } + else + throw new RuntimeException("Unknown Element:" + elementName + "::location=" + startElement.getLocation()); + } + return artifactResolve; + } + + public boolean supports(QName qname) + { + return JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(qname.getNamespaceURI()); + } + + /** + * Parse the attributes at the authnrequesttype element + * @param startElement + * @return + * @throws ParsingException + */ + private ArtifactResolveType parseBaseAttributes(StartElement startElement) throws ParsingException + { + super.parseRequiredAttributes(startElement); + ArtifactResolveType authnRequest = new ArtifactResolveType(id, issueInstant); + //Let us get the attributes + super.parseBaseAttributes(startElement, authnRequest); + + return authnRequest; + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-07-01 17:50:35 UTC (rev 1052) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-07-01 19:58:08 UTC (rev 1053) @@ -109,6 +109,12 @@ } throw new RuntimeException("Unknown xsi:type=" + xsiTypeValue); } + else if (JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(nsURI) + && JBossSAMLConstants.ARTIFACT_RESOLVE.get().equals(startElementName.getLocalPart())) + { + SAMLArtifactResolveParser artifactResolverParser = new SAMLArtifactResolveParser(); + return artifactResolverParser.parse(xmlEventReader); + } else if (JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get().equals(localPart)) { SAMLXACMLRequestParser samlXacmlParser = new SAMLXACMLRequestParser(); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-07-01 17:50:35 UTC (rev 1052) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-07-01 19:58:08 UTC (rev 1053) @@ -30,6 +30,8 @@ { ADDRESS( "Address" ), ALLOW_CREATE( "AllowCreate" ), + ARTIFACT( "Artifact" ), + ARTIFACT_RESOLVE( "ArtifactResolve" ), ARTIFACT_RESOLUTION_SERVICE( "ArtifactResolutionService" ), ASSERTION( "Assertion" ), ASSERTION_CONSUMER_SERVICE( "AssertionConsumerService" ), Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParerTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParerTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParerTestCase.java 2011-07-01 19:58:08 UTC (rev 1053) @@ -0,0 +1,61 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.parser.saml; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.io.InputStream; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; +import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType; + +/** + * Unit test the parsing of {@link ArtifactResolveType} + * @author Anil.Saldhana(a)redhat.com + * @since Jul 1, 2011 + */ +public class SAMLArtifactResolveParerTestCase +{ + @Test + public void testSAMLArtifactResolveParse() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-artifact-resolve.xml"); + + JAXPValidationUtil.validate(configStream); + configStream = tcl.getResourceAsStream("parser/saml2/saml2-artifact-resolve.xml"); + + SAMLParser parser = new SAMLParser(); + ArtifactResolveType artifactResolve = (ArtifactResolveType) parser.parse(configStream); + assertNotNull("ArtifactResolveType is not null", artifactResolve); + + assertEquals("ID_cce4ee769ed970b501d680f697989d14", artifactResolve.getID()); + assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:58Z"), artifactResolve.getIssueInstant()); + assertEquals("https://sp.example.com/SAML2/ArtifactResolution", artifactResolve.getDestination().toString()); + assertEquals("https://idp.example.org/SAML2", artifactResolve.getIssuer().getValue()); + assertEquals("AAQAAMh48/1oXIM+sDo7Dh2qMp1HM4IF5DaRNmDj6RdUmllwn9jJHyEgIi8=", artifactResolve.getArtifact()); + } +} \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-resolve.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-resolve.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-resolve.xml 2011-07-01 19:58:08 UTC (rev 1053) @@ -0,0 +1,42 @@ +<samlp:ArtifactResolve + xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + ID="ID_cce4ee769ed970b501d680f697989d14" + Version="2.0" + IssueInstant="2004-12-05T09:21:58Z" + Destination="https://sp.example.com/SAML2/ArtifactResolution"> + <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> + <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:SignedInfo> + <ds:CanonicalizationMethod + Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" /> + <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmlds#rsa-sha1" /> + <ds:Reference URI="#ID_ab0392ef-b557-4453-95a8-a7e168da8ac5"> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmlds#enveloped-signature" /> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmlds#sha1" /> + <ds:DigestValue>0Y9QM5c5qCShz5UWmbFzBmbuTus=</ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue> + se/flQ2htUQ0IUYieVkXNn9cfjnfgv6H99nFarsTNTpRI9xuSlw5OTai/2PYdZI2Va9+QzzBf99m + VFyigfFdfrqug6aKFhF0lsujzlFfPfmXBbDRiTFX+4SkBeV71uuy7rOUI/jRiitEA0QrKqs0e/pV + +C8PoaariisK96Mtt7A= + </ds:SignatureValue> + <ds:KeyInfo> + <ds:KeyValue> + <ds:RSAKeyValue> + <ds:Modulus> + suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1 + dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJwspqVnMuRK19ju2dxpKw + lYGGtrP5VQv00dfNPbs= + </ds:Modulus> + <ds:Exponent>AQAB</ds:Exponent> + </ds:RSAKeyValue> + </ds:KeyValue> + </ds:KeyInfo> + </ds:Signature> + <samlp:Artifact>AAQAAMh48/1oXIM+sDo7Dh2qMp1HM4IF5DaRNmDj6RdUmllwn9jJHyEgIi8=</samlp:Artifact> + </samlp:ArtifactResolve> \ No newline at end of file

12 years, 10 months

1
0
0 / 0

Picketlink SVN: r1052 - federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-01 13:50:35 -0400 (Fri, 01 Jul 2011) New Revision: 1052 Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueAppliesToTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java Log: add writing Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java 2011-07-01 17:50:35 UTC (rev 1052) @@ -24,14 +24,20 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.util.List; -import org.junit.Test; +import org.junit.Test; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection; +import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; +import org.w3c.dom.Document; /** * Unit Test the WS Trust batch issue @@ -48,24 +54,32 @@ public void testWST_BatchIssue() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-batch-issue.xml" ); - + InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-batch-issue.xml"); + WSTrustParser parser = new WSTrustParser(); - RequestSecurityTokenCollection requestCollection = (RequestSecurityTokenCollection) parser.parse( configStream ); - assertNotNull( "Request Security Token Collection is null?", requestCollection ); - - List<RequestSecurityToken> tokens = requestCollection.getRequestSecurityTokens(); - assertEquals( 2, tokens.size() ); - - RequestSecurityToken rst1 = tokens.get( 0 ); - assertEquals( "context1", rst1.getContext() ); - assertEquals( WSTrustConstants.BATCH_ISSUE_REQUEST, rst1.getRequestType().toASCIIString() ); - assertEquals( WSTrustConstants.SAML2_TOKEN_TYPE, rst1.getTokenType().toASCIIString() ); - - RequestSecurityToken rst2 = tokens.get( 1 ); - assertEquals( "context2", rst2.getContext() ); - assertEquals( WSTrustConstants.BATCH_ISSUE_REQUEST , rst2.getRequestType().toASCIIString() ); - assertEquals( "http://www.tokens.org/SpecialToken" , rst2.getTokenType().toASCIIString() ); - + RequestSecurityTokenCollection requestCollection = (RequestSecurityTokenCollection) parser.parse(configStream); + assertNotNull("Request Security Token Collection is null?", requestCollection); + + List<RequestSecurityToken> tokens = requestCollection.getRequestSecurityTokens(); + assertEquals(2, tokens.size()); + + RequestSecurityToken rst1 = tokens.get(0); + assertEquals("context1", rst1.getContext()); + assertEquals(WSTrustConstants.BATCH_ISSUE_REQUEST, rst1.getRequestType().toASCIIString()); + assertEquals(WSTrustConstants.SAML2_TOKEN_TYPE, rst1.getTokenType().toASCIIString()); + + RequestSecurityToken rst2 = tokens.get(1); + assertEquals("context2", rst2.getContext()); + assertEquals(WSTrustConstants.BATCH_ISSUE_REQUEST, rst2.getRequestType().toASCIIString()); + assertEquals("http://www.tokens.org/SpecialToken", rst2.getTokenType().toASCIIString()); + + //Now for the writing part + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos); + + rstWriter.write(requestCollection); + + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueAppliesToTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueAppliesToTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueAppliesToTestCase.java 2011-07-01 17:50:35 UTC (rev 1052) @@ -23,14 +23,20 @@ import static org.junit.Assert.assertEquals; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.InputStream; import org.junit.Test; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType; import org.picketlink.identity.federation.ws.policy.AppliesTo; +import org.w3c.dom.Document; /** * Validate the wst applies to parsing @@ -38,21 +44,30 @@ * @since Oct 14, 2010 */ public class WSTrustIssueAppliesToTestCase -{ +{ @Test public void testAppliesTo() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-issue-appliesto.xml" ); - + InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue-appliesto.xml"); + WSTrustParser parser = new WSTrustParser(); - RequestSecurityToken requestToken = ( RequestSecurityToken ) parser.parse( configStream ); - - assertEquals( "testcontext", requestToken.getContext() ); - assertEquals( WSTrustConstants.ISSUE_REQUEST , requestToken.getRequestType().toASCIIString() ); - + RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream); + + assertEquals("testcontext", requestToken.getContext()); + assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString()); + AppliesTo appliesTo = requestToken.getAppliesTo(); EndpointReferenceType endpoint = (EndpointReferenceType) appliesTo.getAny().get(0); - assertEquals( "http://services.testcorp.org/provider2", endpoint.getAddress().getValue() ); - } + assertEquals("http://services.testcorp.org/provider2", endpoint.getAddress().getValue()); + + //Now for the writing part + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos); + + rstWriter.write(requestToken); + + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java 2011-07-01 17:50:35 UTC (rev 1052) @@ -23,16 +23,22 @@ import static org.junit.Assert.assertEquals; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.InputStream; import org.junit.Test; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.ws.trust.RenewTargetType; +import org.w3c.dom.Document; /** * Validate the parsing of wst-batch-validate.xml @@ -59,5 +65,14 @@ assertEquals("Test STS", assertion.getIssuer().getValue()); SubjectType subject = assertion.getSubject(); assertEquals("jduke", ((NameIDType) subject.getSubType().getBaseID()).getValue()); + + //Now for the writing part + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos); + + rstWriter.write(requestToken); + + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java 2011-07-01 17:50:35 UTC (rev 1052) @@ -23,14 +23,20 @@ import static org.junit.Assert.assertEquals; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.InputStream; import org.junit.Test; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.ws.trust.ValidateTargetType; +import org.w3c.dom.Document; /** * Validate the parsing of wst-validate-saml.xml @@ -54,5 +60,14 @@ ValidateTargetType validateTarget = rst1.getValidateTarget(); AssertionType assertion = (AssertionType) validateTarget.getAny().get(0); assertEquals("ID_654b6092-c725-40ea-8044-de453b59cb28", assertion.getID()); + + //Now for the writing part + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos); + + rstWriter.write(rst1); + + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } }

12 years, 10 months

1
0
0 / 0

Picketlink SVN: r1051 - federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-01 13:45:15 -0400 (Fri, 01 Jul 2011) New Revision: 1051 Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java Log: add schema validation Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java 2011-07-01 16:56:59 UTC (rev 1050) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) @@ -32,10 +32,12 @@ import org.junit.Test; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection; import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; +import org.w3c.dom.Document; /** * Validate the parsing of wst-batch-validate.xml @@ -73,8 +75,9 @@ rstWriter.write(requestCollection); - DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); baos.close(); + + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } - -} +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java 2011-07-01 16:56:59 UTC (rev 1050) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) @@ -34,6 +34,7 @@ import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; @@ -43,6 +44,7 @@ import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType; import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.ws.trust.CancelTargetType; +import org.w3c.dom.Document; /** * Validate the WST Cancel Target for SAML assertions @@ -73,7 +75,8 @@ rstWriter.write(requestToken); - DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } private void validateAssertion(AssertionType assertion) throws Exception Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java 2011-07-01 16:56:59 UTC (rev 1050) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) @@ -31,12 +31,14 @@ import org.picketlink.identity.federation.core.parsers.wst.WSTRequestSecurityTokenParser; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType; import org.picketlink.identity.federation.ws.policy.AppliesTo; import org.picketlink.identity.federation.ws.trust.UseKeyType; +import org.w3c.dom.Document; import org.w3c.dom.Element; /** @@ -76,6 +78,7 @@ rstWriter.write(requestToken); - DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java 2011-07-01 16:56:59 UTC (rev 1050) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) @@ -27,12 +27,14 @@ import org.picketlink.identity.federation.core.parsers.wst.WSTRequestSecurityTokenParser; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType; import org.picketlink.identity.federation.ws.policy.AppliesTo; import org.picketlink.identity.federation.ws.trust.UseKeyType; +import org.w3c.dom.Document; import org.w3c.dom.Element; /** @@ -73,6 +75,7 @@ rstWriter.write(requestToken); - DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java 2011-07-01 16:56:59 UTC (rev 1050) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) @@ -30,6 +30,7 @@ import org.junit.Test; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; @@ -37,6 +38,7 @@ import org.picketlink.identity.federation.ws.policy.AppliesTo; import org.picketlink.identity.federation.ws.trust.BinarySecretType; import org.picketlink.identity.federation.ws.trust.EntropyType; +import org.w3c.dom.Document; /** * Validate parsing of RST with Use Key set to Symmetric Key @@ -75,6 +77,7 @@ rstWriter.write(requestToken); - DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java 2011-07-01 16:56:59 UTC (rev 1050) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) @@ -30,9 +30,11 @@ import org.junit.Test; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; +import org.w3c.dom.Document; /** * Validate simple RST parsing @@ -60,6 +62,7 @@ rstWriter.write(requestToken); - DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java 2011-07-01 16:56:59 UTC (rev 1050) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java 2011-07-01 17:45:15 UTC (rev 1051) @@ -32,11 +32,13 @@ import org.junit.Test; import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter; import org.picketlink.identity.federation.ws.trust.OnBehalfOfType; import org.picketlink.identity.federation.ws.wss.secext.UsernameTokenType; +import org.w3c.dom.Document; /** * Validate the OnBehalfOf parsing @@ -70,6 +72,7 @@ rstWriter.write(requestToken); - DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); } } \ No newline at end of file

12 years, 10 months

1
0
0 / 0

Picketlink SVN: r1050 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-01 12:56:59 -0400 (Fri, 01 Jul 2011) New Revision: 1050 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java Log: PLFED-194: saml 1.1 token provider Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-07-01 16:24:49 UTC (rev 1049) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-07-01 16:56:59 UTC (rev 1050) @@ -215,7 +215,7 @@ { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); String method = StaxParserUtil.getElementText(xmlEventReader); - subjectConfirmationType.addConfirmation(URI.create(method)); + subjectConfirmationType.addConfirmationMethod(URI.create(method)); } else if (startTag.equals(JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get())) Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-07-01 16:24:49 UTC (rev 1049) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-07-01 16:56:59 UTC (rev 1050) @@ -37,6 +37,7 @@ import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.core.util.XMLSignatureUtil; import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; @@ -256,6 +257,37 @@ } /** + * Check whether the assertion has expired + * @param assertion + * @return + * @throws ConfigurationException + */ + public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException + { + boolean expiry = false; + + //Check for validity of assertion + SAML11ConditionsType conditionsType = assertion.getConditions(); + if (conditionsType != null) + { + XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); + XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); + XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); + if (trace) + log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + + notOnOrAfter); + expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); + if (expiry) + { + log.info("Assertion has expired with id=" + assertion.getID()); + } + } + + //TODO: if conditions do not exist, assume the assertion to be everlasting? + return expiry; + } + + /** * Extract the expiration time from an {@link AssertionType} * @param assertion * @return Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java 2011-07-01 16:24:49 UTC (rev 1049) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java 2011-07-01 16:56:59 UTC (rev 1050) @@ -35,7 +35,6 @@ import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; -import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil; import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil; import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider; @@ -48,13 +47,12 @@ import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition; import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType; -import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; -import org.picketlink.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType; -import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice; import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; -import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType; -import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.ws.policy.AppliesTo; import org.picketlink.identity.federation.ws.trust.RequestedReferenceType; import org.picketlink.identity.federation.ws.trust.StatusType; @@ -63,7 +61,7 @@ /** * <p> - * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token requests. + * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 1.1 token requests. * </p> * * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> @@ -131,10 +129,10 @@ throw new ProcessingException("Invalid cancel request: missing required CancelTarget"); Element assertionElement = (Element) token.getFirstChild(); if (!this.isAssertion(assertionElement)) - throw new ProcessingException("CancelTarget doesn't not contain a SAMLV2.0 assertion"); + throw new ProcessingException("CancelTarget doesn't not contain a SAMLV1.1 assertion"); // get the assertion ID and add it to the canceled assertions set. - String assertionId = assertionElement.getAttribute("ID"); + String assertionId = assertionElement.getAttribute(SAML11Constants.ASSERTIONID); this.revocationRegistry.revokeToken(SAMLUtil.SAML11_TOKEN_TYPE, assertionId); } @@ -171,7 +169,10 @@ Principal principal = context.getCallerPrincipal(); String confirmationMethod = null; - KeyInfoConfirmationDataType keyInfoDataType = null; + //KeyInfoConfirmationDataType keyInfoDataType = null; + + Element keyInfo = null; + // if there is a on-behalf-of principal, we have the sender vouches confirmation method. if (context.getOnBehalfOfPrincipal() != null) { @@ -182,19 +183,31 @@ else if (context.getProofTokenInfo() != null) { confirmationMethod = SAMLUtil.SAML11_HOLDER_OF_KEY_URI; - keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo()); + //keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo()); + keyInfo = (Element) context.getProofTokenInfo().getContent().get(0); } else confirmationMethod = SAMLUtil.SAML11_BEARER_URI; - SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null, - confirmationMethod, keyInfoDataType); + /* SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null, + confirmationMethod, keyInfoDataType); + */ + SAML11SubjectConfirmationType subjectConfirmation = new SAML11SubjectConfirmationType(); + subjectConfirmation.addConfirmationMethod(URI.create(confirmationMethod)); + if (keyInfo != null) + subjectConfirmation.setKeyInfo(keyInfo); // create a subject using the caller principal or on-behalf-of principal. String subjectName = principal == null ? "ANONYMOUS" : principal.getName(); - NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:picketlink:identity-federation", subjectName); - SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation); + SAML11NameIdentifierType nameID = new SAML11NameIdentifierType(); + nameID.setNameQualifier("urn:picketlink:identity-federation"); + nameID.setValue(subjectName); + SAML11SubjectTypeChoice subjectChoice = new SAML11SubjectTypeChoice(nameID); + SAML11SubjectType subject = new SAML11SubjectType(); + subject.setChoice(subjectChoice); + subject.setSubjectConfirmation(subjectConfirmation); + // create the attribute statements if necessary. List<StatementAbstractType> statements = null; Map<String, Object> claimedAttributes = context.getClaimedAttributes(); @@ -203,6 +216,8 @@ statements = new ArrayList<StatementAbstractType>(); statements.add(StatementUtil.createAttributeStatement(claimedAttributes)); } + throw new RuntimeException("Implement"); + /* // create the SAML assertion. NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer()); @@ -341,7 +356,7 @@ String code = WSTrustConstants.STATUS_CODE_VALID; String reason = "SAMLV2.0 Assertion successfuly validated"; - AssertionType assertion = null; + SAML11AssertionType assertion = null; Element assertionElement = (Element) token.getFirstChild(); if (!this.isAssertion(assertionElement)) { @@ -352,7 +367,7 @@ { try { - assertion = SAMLUtil.fromElement(assertionElement); + assertion = SAMLUtil.saml11FromElement(assertionElement); } catch (Exception e) { Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java =================================================================== --- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java 2011-07-01 16:24:49 UTC (rev 1049) +++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java 2011-07-01 16:56:59 UTC (rev 1050) @@ -49,17 +49,17 @@ protected Element keyInfo; - public void addConfirmation(URI confirmation) + public void addConfirmationMethod(URI confirmation) { this.confirmationMethod.add(confirmation); } - public void addAllConfirmation(List<URI> confirmation) + public void addAllConfirmationMethod(List<URI> confirmation) { this.confirmationMethod.addAll(confirmation); } - public boolean removeConfirmation(URI confirmation) + public boolean removeConfirmationMethod(URI confirmation) { return this.confirmationMethod.remove(confirmation); }

12 years, 10 months

1
0
0 / 0

Picketlink SVN: r1049 - in federation/trunk: picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp and 3 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-01 12:24:49 -0400 (Fri, 01 Jul 2011) New Revision: 1049 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SystemPropertiesUtil.java Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java Log: PLFED-199: centralize system prop Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-01 15:40:09 UTC (rev 1048) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-01 16:24:49 UTC (rev 1049) @@ -87,6 +87,7 @@ import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS; import org.picketlink.identity.federation.core.util.CoreConfigUtil; import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.core.util.SystemPropertiesUtil; import org.picketlink.identity.federation.core.util.XMLSignatureUtil; import org.picketlink.identity.federation.saml.v2.SAML2Object; import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType; @@ -864,6 +865,8 @@ lifecycle.fireLifecycleEvent(START_EVENT, null); started = true; + SystemPropertiesUtil.ensure(); + //Get the chain from config if (StringUtil.isNullOrEmpty(samlHandlerChainClass)) chain = SAML2HandlerChainFactory.createChain(); Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-01 15:40:09 UTC (rev 1048) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-01 16:24:49 UTC (rev 1049) @@ -60,6 +60,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil; import org.picketlink.identity.federation.core.util.CoreConfigUtil; import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.core.util.SystemPropertiesUtil; import org.picketlink.identity.federation.core.util.XMLSignatureUtil; import org.picketlink.identity.federation.saml.v2.metadata.EndpointType; import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType; @@ -182,6 +183,7 @@ public void start() throws LifecycleException { super.start(); + SystemPropertiesUtil.ensure(); processStart(); } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2011-07-01 15:40:09 UTC (rev 1048) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2011-07-01 16:24:49 UTC (rev 1049) @@ -465,6 +465,12 @@ throw new RuntimeException("Expecting </" + tag + ">. Found </" + elementTag + ">"); } + /** + * Get the {@link Validator} for JAXP Validation + * @return + * @throws SAXException + * @throws IOException + */ public static Validator getSchemaValidator() throws SAXException, IOException { return JAXPValidationUtil.validator(); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-07-01 15:40:09 UTC (rev 1048) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-07-01 16:24:49 UTC (rev 1049) @@ -43,6 +43,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter; import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.core.util.SystemPropertiesUtil; import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; import org.picketlink.identity.federation.saml.v2.protocol.XACMLAuthzDecisionQueryType; import org.w3c.dom.Document; @@ -52,21 +53,20 @@ * @author Anil.Saldhana(a)redhat.com * @since Jan 24, 2011 */ -@WebServiceProvider(serviceName="SOAPSAMLXACMLPDP",portName="SOAPSAMLXACMLPort", - targetNamespace="urn:picketlink:identity-federation:pdp",wsdlLocation="WEB-INF/wsdl/SOAPSAMLXACMLPDP.wsdl") +@WebServiceProvider(serviceName = "SOAPSAMLXACMLPDP", portName = "SOAPSAMLXACMLPort", targetNamespace = "urn:picketlink:identity-federation:pdp", wsdlLocation = "WEB-INF/wsdl/SOAPSAMLXACMLPDP.wsdl") public class SOAPSAMLXACMLPDP implements Provider<Source> -{ - protected Logger log = Logger.getLogger( SOAPSAMLXACMLPDP.class ); - +{ + protected Logger log = Logger.getLogger(SOAPSAMLXACMLPDP.class); + @Resource WebServiceContext context; - + protected String policyConfigFileName = "policyConfig.xml"; - + protected PolicyDecisionPoint pdp; - + protected String issuer = "PicketLinkPDP"; - + public SOAPSAMLXACMLPDP() { try @@ -74,55 +74,55 @@ pdp = getPDP(); } catch (PrivilegedActionException e) - { - throw new RuntimeException( e ); + { + throw new RuntimeException(e); } } - + public Source invoke(Source request) - { + { try { - Document doc = (Document) DocumentUtil.getNodeFromSource( request ); - if( log.isDebugEnabled() ) + Document doc = (Document) DocumentUtil.getNodeFromSource(request); + if (log.isDebugEnabled()) { - log.debug( "Received Message::" + DocumentUtil.asString(doc) ); + log.debug("Received Message::" + DocumentUtil.asString(doc)); } XACMLAuthzDecisionQueryType xacmlQuery = SOAPSAMLXACMLUtil.getXACMLQueryType(doc); ResponseType samlResponseType = SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlQuery); ByteArrayOutputStream baos = new ByteArrayOutputStream(); XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos); - SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter( xmlStreamWriter ); - samlResponseWriter.write( samlResponseType ); - Document responseDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); - - return new DOMSource( responseDocument.getDocumentElement()); + SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter(xmlStreamWriter); + samlResponseWriter.write(samlResponseType); + Document responseDocument = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + + return new DOMSource(responseDocument.getDocumentElement()); } - catch ( Exception e ) - { - throw new RuntimeException( e) ; - } - } - + catch (Exception e) + { + throw new RuntimeException(e); + } + } + private PolicyDecisionPoint getPDP() throws PrivilegedActionException - { - SecurityActions.setSystemProperty( "org.jboss.security.xacml.schema.validation", "false" ); - + { + SystemPropertiesUtil.ensure(); + ClassLoader tcl = SecurityActions.getContextClassLoader(); - URL url = tcl.getResource( policyConfigFileName ); - if( url == null) - throw new IllegalStateException(policyConfigFileName + " could not be located"); - + URL url = tcl.getResource(policyConfigFileName); + if (url == null) + throw new IllegalStateException(policyConfigFileName + " could not be located"); + InputStream is; try { is = url.openStream(); } catch (IOException e) - { - throw new RuntimeException( e ); + { + throw new RuntimeException(e); } - return new JBossPDP(is); - } + return new JBossPDP(is); + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-07-01 15:40:09 UTC (rev 1048) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-07-01 16:24:49 UTC (rev 1049) @@ -26,7 +26,6 @@ import java.net.URL; import java.util.List; -import javax.xml.XMLConstants; import javax.xml.transform.Source; import javax.xml.transform.stream.StreamSource; import javax.xml.validation.Schema; @@ -89,8 +88,7 @@ public static Validator validator() throws SAXException, IOException { - String schemaFactoryProperty = "javax.xml.validation.SchemaFactory:" + XMLConstants.W3C_XML_SCHEMA_NS_URI; - SecurityActions.setSystemProperty(schemaFactoryProperty, "org.apache.xerces.jaxp.validation.XMLSchemaFactory"); + SystemPropertiesUtil.ensure(); if (validator == null) { Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SystemPropertiesUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SystemPropertiesUtil.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SystemPropertiesUtil.java 2011-07-01 16:24:49 UTC (rev 1049) @@ -0,0 +1,64 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.util; + +import javax.xml.XMLConstants; + +/** + * Utility dealing with the system properties at the JVM level + * for PicketLink + * @author Anil.Saldhana(a)redhat.com + * @since Jul 1, 2011 + */ +public class SystemPropertiesUtil +{ + static + { + //XML Signature + String xmlSec = "org.apache.xml.security.ignoreLineBreaks"; + if (StringUtil.isNullOrEmpty(SecurityActions.getSystemProperty(xmlSec, ""))) + { + SecurityActions.setSystemProperty(xmlSec, "true"); + } + + //For JAXP Validation + String schemaFactoryProperty = "javax.xml.validation.SchemaFactory:" + XMLConstants.W3C_XML_SCHEMA_NS_URI; + if (StringUtil.isNullOrEmpty(SecurityActions.getSystemProperty(schemaFactoryProperty, ""))) + { + SecurityActions.setSystemProperty(schemaFactoryProperty, "org.apache.xerces.jaxp.validation.XMLSchemaFactory"); + } + + //For the XACML Engine + String xacmlValidation = "org.jboss.security.xacml.schema.validation"; + if (StringUtil.isNullOrEmpty(SecurityActions.getSystemProperty(xacmlValidation, ""))) + { + SecurityActions.setSystemProperty(xacmlValidation, "false"); + } + }; + + /** + * No-op call such that the default system properties are set + */ + public static void ensure() + { + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-07-01 15:40:09 UTC (rev 1048) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-07-01 16:24:49 UTC (rev 1049) @@ -23,12 +23,10 @@ import java.io.ByteArrayInputStream; import java.io.OutputStream; -import java.security.AccessController; import java.security.GeneralSecurityException; import java.security.Key; import java.security.KeyPair; import java.security.PrivateKey; -import java.security.PrivilegedAction; import java.security.PublicKey; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; @@ -106,14 +104,7 @@ //Set some system properties static { - AccessController.doPrivileged(new PrivilegedAction<Object>() - { - public Object run() - { - System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true"); - return null; - } - }); + SystemPropertiesUtil.ensure(); }; /**

12 years, 10 months

1
0
0 / 0

Picketlink SVN: r1048 - in federation/trunk: picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request and 5 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-01 11:40:09 -0400 (Fri, 01 Jul 2011) New Revision: 1048 Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java Log: PLFED-188: jaxp schema validation Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-06-30 23:50:05 UTC (rev 1047) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-01 15:40:09 UTC (rev 1048) @@ -47,7 +47,6 @@ import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataExtractor; import org.picketlink.identity.federation.core.config.SPType; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; -import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.handler.config.Handlers; import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; @@ -57,6 +56,7 @@ import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler; import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain; import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil; import org.picketlink.identity.federation.core.util.CoreConfigUtil; import org.picketlink.identity.federation.core.util.StringUtil; @@ -68,6 +68,7 @@ import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.util.ConfigurationUtil; +import org.w3c.dom.Document; /** * Base Class for Service Provider Form Authenticators @@ -313,13 +314,14 @@ if (is == null) return; - SAMLParser parser = new SAMLParser(); Object metadata = null; try { - metadata = parser.parse(is); + Document samlDocument = DocumentUtil.getDocument(is); + SAMLParser parser = new SAMLParser(); + metadata = parser.parse(DocumentUtil.getNodeAsStream(samlDocument)); } - catch (ParsingException e) + catch (Exception e) { throw new RuntimeException(e); } Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2011-06-30 23:50:05 UTC (rev 1047) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2011-07-01 15:40:09 UTC (rev 1048) @@ -44,6 +44,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.saml.v2.SAML2Object; import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; @@ -149,6 +150,7 @@ Document samlDocument = DocumentUtil.getDocument(is); SAMLParser samlParser = new SAMLParser(); + JAXPValidationUtil.checkSchemaValidation(samlDocument); SAML2Object requestType = (SAML2Object) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument)); samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument); @@ -173,6 +175,7 @@ Document samlDocument = DocumentUtil.getDocument(is); SAMLParser samlParser = new SAMLParser(); + JAXPValidationUtil.checkSchemaValidation(samlDocument); RequestAbstractType requestType = (RequestAbstractType) samlParser.parse(DocumentUtil .getNodeAsStream(samlDocument)); @@ -198,6 +201,8 @@ Document samlDocument = DocumentUtil.getDocument(is); SAMLParser samlParser = new SAMLParser(); + JAXPValidationUtil.checkSchemaValidation(samlDocument); + AuthnRequestType requestType = (AuthnRequestType) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument)); samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument); return requestType; Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-06-30 23:50:05 UTC (rev 1047) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-07-01 15:40:09 UTC (rev 1048) @@ -54,6 +54,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter; import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.saml.v2.SAML2Object; import org.picketlink.identity.federation.saml.v2.assertion.ActionType; @@ -276,15 +277,21 @@ * @param is * @return * @throws ParsingException + * @throws ProcessingException + * @throws ConfigurationException */ - public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws ParsingException + public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws ParsingException, ConfigurationException, + ProcessingException { if (is == null) throw new IllegalArgumentException("inputstream is null"); + Document samlDocument = DocumentUtil.getDocument(is); SAMLParser samlParser = new SAMLParser(); - return (EncryptedAssertionType) samlParser.parse(is); + JAXPValidationUtil.checkSchemaValidation(samlDocument); + return (EncryptedAssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument)); + } /** @@ -292,14 +299,19 @@ * @param is * @return * @throws ParsingException + * @throws ProcessingException + * @throws ConfigurationException */ - public AssertionType getAssertionType(InputStream is) throws ParsingException + public AssertionType getAssertionType(InputStream is) throws ParsingException, ConfigurationException, + ProcessingException { if (is == null) throw new IllegalArgumentException("inputstream is null"); + Document samlDocument = DocumentUtil.getDocument(is); SAMLParser samlParser = new SAMLParser(); - return (AssertionType) samlParser.parse(is); + JAXPValidationUtil.checkSchemaValidation(samlDocument); + return (AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument)); } /** @@ -327,6 +339,8 @@ Document samlResponseDocument = DocumentUtil.getDocument(is); SAMLParser samlParser = new SAMLParser(); + JAXPValidationUtil.checkSchemaValidation(samlResponseDocument); + ResponseType responseType = (ResponseType) samlParser.parse(DocumentUtil.getNodeAsStream(samlResponseDocument)); samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument); @@ -353,6 +367,8 @@ log.trace("RESPONSE=" + DocumentUtil.asString(samlResponseDocument)); SAMLParser samlParser = new SAMLParser(); + JAXPValidationUtil.checkSchemaValidation(samlResponseDocument); + InputStream responseStream = DocumentUtil.getNodeAsStream(samlResponseDocument); SAML2Object responseType = (SAML2Object) samlParser.parse(responseStream); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-06-30 23:50:05 UTC (rev 1047) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-07-01 15:40:09 UTC (rev 1048) @@ -46,11 +46,12 @@ import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory; import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; +import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType; import org.picketlink.identity.federation.saml.v2.protocol.XACMLAuthzDecisionQueryType; -import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType; import org.w3c.dom.Node; /** @@ -94,6 +95,9 @@ { XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(samlResponse)); SAMLParser samlParser = new SAMLParser(); + + JAXPValidationUtil.checkSchemaValidation(samlResponse); + org.picketlink.identity.federation.saml.v2.protocol.ResponseType response = (org.picketlink.identity.federation.saml.v2.protocol.ResponseType) samlParser .parse(xmlEventReader); List<RTChoiceType> choices = response.getAssertions(); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-06-30 23:50:05 UTC (rev 1047) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-07-01 15:40:09 UTC (rev 1048) @@ -34,6 +34,9 @@ import javax.xml.validation.Validator; import org.apache.log4j.Logger; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.w3c.dom.Node; import org.xml.sax.ErrorHandler; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; @@ -63,6 +66,27 @@ validator().validate(new StreamSource(stream)); } + /** + * Based on system property "picketlink.schema.validate" set to "true", + * do schema validation + * @param samlDocument + * @throws ProcessingException + */ + public static void checkSchemaValidation(Node samlDocument) throws ProcessingException + { + if (SecurityActions.getSystemProperty("picketlink.schema.validate", "false").equalsIgnoreCase("true")) + { + try + { + JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(samlDocument)); + } + catch (Exception e) + { + throw new ProcessingException(e); + } + } + } + public static Validator validator() throws SAXException, IOException { String schemaFactoryProperty = "javax.xml.validation.SchemaFactory:" + XMLConstants.W3C_XML_SCHEMA_NS_URI; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2011-06-30 23:50:05 UTC (rev 1047) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2011-07-01 15:40:09 UTC (rev 1048) @@ -32,6 +32,7 @@ import org.picketlink.identity.federation.core.saml.v1.writers.SAML11AssertionWriter; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; @@ -130,6 +131,8 @@ ConfigurationException, ParsingException { SAMLParser samlParser = new SAMLParser(); + + JAXPValidationUtil.checkSchemaValidation(assertionElement); AssertionType assertion = (AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement)); return assertion; } @@ -143,6 +146,8 @@ public static SAML11AssertionType saml11FromElement(Element assertionElement) throws GeneralSecurityException { SAMLParser samlParser = new SAMLParser(); + + JAXPValidationUtil.checkSchemaValidation(assertionElement); return (SAML11AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement)); } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-06-30 23:50:05 UTC (rev 1047) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-07-01 15:40:09 UTC (rev 1048) @@ -55,22 +55,23 @@ import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil; import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.core.util.JAXPValidationUtil; import org.picketlink.identity.federation.core.util.StringUtil; import org.picketlink.identity.federation.core.util.XMLEncryptionUtil; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; +import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType; import org.picketlink.identity.federation.saml.v2.assertion.EncryptedAssertionType; import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; import org.picketlink.identity.federation.saml.v2.assertion.SubjectType.STSubType; import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType; import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; +import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType; import org.picketlink.identity.federation.saml.v2.protocol.StatusType; -import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.core.HTTPContext; import org.picketlink.identity.federation.web.core.IdentityServer; @@ -414,6 +415,8 @@ Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); + + JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement)));

12 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

picketlink-commits July 2011