5:56 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2010-11-30 11:56:07 -0500 (Tue, 30 Nov 2010)
New Revision: 572
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
Log:
additional parsing guards
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2010-11-30
16:20:18 UTC (rev 571)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2010-11-30
16:56:07 UTC (rev 572)
@@ -60,9 +60,9 @@
AuthnRequestType authnRequestType = request.getAuthnRequestType(resourceName);
- assertEquals("http://www.example.com/";,
authnRequestType.getDestination());
+ assertEquals("http://www.example.com/";,
authnRequestType.getDestination().toString());
assertEquals("urn:oasis:names:tc:SAML:2.0:consent:obtained",
authnRequestType.getConsent());
-
assertEquals("http://www.example.com/",authnRequestType.getAsse...;
+
assertEquals("http://www.example.com/",authnRequestType.getAsse...;
assertEquals(Integer.valueOf("0"),
authnRequestType.getAttributeConsumingServiceIndex());
SubjectType subjectType = authnRequestType.getSubject();
@@ -71,7 +71,7 @@
STSubType subType = subjectType.getSubType();
NameIDType nameIDType = (NameIDType) subType.getBaseID();
-
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",nameIDType.getFormat());
+
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",nameIDType.getFormat().toString());
assertEquals("j.doe(a)company.com",nameIDType.getValue());
ConditionsType conditionsType = authnRequestType.getConditions();
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2010-11-30
16:20:18 UTC (rev 571)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2010-11-30
16:56:07 UTC (rev 572)
@@ -30,10 +30,13 @@
import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.NameIDPolicyType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestedAuthnContextType;
/**
* Parse the SAML2 AuthnRequest
@@ -68,8 +71,27 @@
startElement = StaxParserUtil.getNextStartElement( xmlEventReader );
authnRequest.setNameIDPolicy( getNameIDPolicy( startElement ));
}
- else
- throw new RuntimeException( "Unknown Element:" + elementName );
+ else if( JBossSAMLConstants.SUBJECT.get().equals( elementName ))
+ {
+ authnRequest.setSubject( getSubject(xmlEventReader) );
+ }
+ else if( JBossSAMLConstants.CONDITIONS.get().equals( elementName ))
+ {
+ authnRequest.setConditions( (ConditionsType) ( new
SAMLConditionsParser()).parse(xmlEventReader));
+ }
+ else if( JBossSAMLConstants.REQUESTED_AUTHN_CONTEXT.get().equals( elementName
))
+ {
+ authnRequest.setRequestedAuthnContext(
getRequestedAuthnContextType(xmlEventReader));
+ }
+ else if( JBossSAMLConstants.ISSUER.get().equals( elementName ))
+ {
+ continue;
+ }
+ else if( JBossSAMLConstants.SIGNATURE.get().equals( elementName ))
+ {
+ continue;
+ }
+ else throw new RuntimeException( "Unknown Element:" + elementName );
}
return authnRequest;
}
@@ -151,4 +173,29 @@
return nameIDPolicy;
}
+
+ private SubjectType getSubject( XMLEventReader xmlEventReader ) throws
ParsingException
+ {
+ SAMLSubjectParser subjectParser = new SAMLSubjectParser();
+ return (SubjectType) subjectParser.parse(xmlEventReader);
+ }
+
+ private RequestedAuthnContextType getRequestedAuthnContextType( XMLEventReader
xmlEventReader ) throws ParsingException
+ {
+ RequestedAuthnContextType ract = new RequestedAuthnContextType();
+ StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(startElement,
JBossSAMLConstants.REQUESTED_AUTHN_CONTEXT.get() );
+
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ String elName = StaxParserUtil.getStartElementName(startElement);
+
+ if( elName.equals( JBossSAMLConstants.AUTHN_CONTEXT_CLASS_REF.get() ))
+ {
+ String value = StaxParserUtil.getElementText(xmlEventReader);
+ ract.addAuthnContextClassRef(value);
+ }
+ else throw new RuntimeException( "unknown :" + elName );
+
+ return ract;
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2010-11-30
16:20:18 UTC (rev 571)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2010-11-30
16:56:07 UTC (rev 572)
@@ -34,8 +34,9 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
-import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.core.util.NetworkUtil;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AudienceRestrictionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
/**
* Parse the <conditions> in the saml assertion
@@ -113,7 +114,7 @@
if( JBossSAMLConstants.AUDIENCE_RESTRICTION.get().equals( tag ) )
{
AudienceRestrictionType audienceRestriction =
getAudienceRestriction(xmlEventReader);
- conditions.getConditionOrAudienceRestrictionOrOneTimeUse().add(
audienceRestriction );
+ conditions.addCondition( audienceRestriction );
}
else throw new RuntimeException( "Unknown tag:" + tag );
}
@@ -155,7 +156,7 @@
throw new ParsingException( "audienceValue is expected ahead" );
String audienceValue = StaxParserUtil.getElementText( xmlEventReader );
- audience.getAudience().add( audienceValue );
+ audience.addAudience( NetworkUtil.createURI( audienceValue ));
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if( xmlEvent instanceof EndElement )
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-11-30
16:20:18 UTC (rev 571)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-11-30
16:56:07 UTC (rev 572)
@@ -25,14 +25,20 @@
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.Attribute;
import javax.xml.stream.events.StartElement;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.stax.StAXSource;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
-import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.core.util.TransformerUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.w3c.dom.Document;
/**
* Base Class for SAML Request Parsing
@@ -86,9 +92,26 @@
request.setIssuer( issuer );
}
else if( JBossSAMLConstants.SIGNATURE.get().equals( elementName ))
- {
- startElement = StaxParserUtil.getNextStartElement( xmlEventReader );
- StaxParserUtil.bypassElementBlock(xmlEventReader,
JBossSAMLConstants.SIGNATURE.get() );
+ {
+ Document resultDocument;
+ try
+ {
+ resultDocument = DocumentUtil.createDocument();
+ DOMResult domResult = new DOMResult( resultDocument );
+
+ //Let us parse <b><c><d> using transformer
+ StAXSource source = new StAXSource(xmlEventReader);
+
+ Transformer transformer =
TransformerUtil.getStaxSourceToDomResultTransformer();
+ transformer.transform( source, domResult );
+ }
+ catch ( Exception e)
+ {
+ throw new RuntimeException( e );
+ }
+
+ request.setSignature( resultDocument.getDocumentElement() );
+ //StaxParserUtil.bypassElementBlock(xmlEventReader,
JBossSAMLConstants.SIGNATURE.get() );
}
}
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-11-30
16:20:18 UTC (rev 571)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-11-30
16:56:07 UTC (rev 572)
@@ -67,6 +67,7 @@
NAME_QUALIFIER( "NameQualifier" ),
NOT_BEFORE( "NotBefore" ),
NOT_ON_OR_AFTER( "NotOnOrAfter" ),
+ REQUESTED_AUTHN_CONTEXT( "RequestedAuthnContext" ),
RECIPIENT( "Recipient" ),
RESPONSE( "Response" ),
SESSION_INDEX( "SessionIndex" ),
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2010-11-30
16:20:18 UTC (rev 571)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2010-11-30
16:56:07 UTC (rev 572)
@@ -80,8 +80,10 @@
StaxUtil.writeAttribute( writer,
JBossSAMLConstants.ASSERTION_CONSUMER_SERVICE_URL.get(), assertionURL.toASCIIString() );
NameIDType issuer = request.getIssuer();
- write( issuer, new QName( ASSERTION_NSURI.get(),
JBossSAMLConstants.ISSUER.get()));
-
+ if( issuer != null )
+ {
+ write( issuer, new QName( ASSERTION_NSURI.get(),
JBossSAMLConstants.ISSUER.get()));
+ }
NameIDPolicyType nameIDPolicy = request.getNameIDPolicy();
if( nameIDPolicy != null )
write( nameIDPolicy );