9:02 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2010-11-02 16:02:41 -0400 (Tue, 02 Nov 2010)
New Revision: 514
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-authnrequest.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
Log:
PLFED-109: PLFED-110:
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-11-02
20:01:49 UTC (rev 513)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-11-02
20:02:41 UTC (rev 514)
@@ -171,14 +171,6 @@
*/
private void bypassXMLSignatureBlock( XMLEventReader xmlEventReader ) throws
ParsingException
{
- while ( xmlEventReader.hasNext() )
- {
- EndElement endElement = StaxParserUtil.getNextEndElement( xmlEventReader );
- if( endElement == null )
- return;
-
- if( StaxParserUtil.matches( endElement , JBossSAMLConstants.SIGNATURE.get() ) )
- return;
- }
+ StaxParserUtil.bypassElementBlock(xmlEventReader,
JBossSAMLConstants.SIGNATURE.get() );
}
}
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2010-11-02
20:02:41 UTC (rev 514)
@@ -0,0 +1,164 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.parsers.saml;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.StartElement;
+
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.saml.v2.protocol.NameIDPolicyType;
+
+/**
+ * Parse the SAML2 AuthnRequest
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Nov 2, 2010
+ */
+public class SAMLAuthNRequestParser implements ParserNamespaceSupport
+{
+ /**
+ * @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
+ */
+ public Object parse(XMLEventReader xmlEventReader) throws ParsingException
+ {
+ //Get the startelement
+ StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(startElement, JBossSAMLConstants.AUTHN_REQUEST.get() );
+
+ AuthnRequestType authnRequest = null;
+ try
+ {
+ authnRequest = parseBaseAttributes( startElement );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ParsingException( e );
+ }
+
+ while( xmlEventReader.hasNext() )
+ {
+ //Let us peek at the next start element
+ startElement = StaxParserUtil.peekNextStartElement( xmlEventReader );
+ if( startElement == null )
+ break;
+ String elementName = StaxParserUtil.getStartElementName( startElement );
+
+ if( JBossSAMLConstants.ISSUER.get().equals( elementName ))
+ {
+ startElement = StaxParserUtil.getNextStartElement( xmlEventReader );
+ NameIDType issuer = new NameIDType();
+ issuer.setValue( StaxParserUtil.getElementText( xmlEventReader ));
+ authnRequest.setIssuer( issuer );
+ }
+ else if( JBossSAMLConstants.SIGNATURE.get().equals( elementName ))
+ {
+ startElement = StaxParserUtil.getNextStartElement( xmlEventReader );
+ StaxParserUtil.bypassElementBlock(xmlEventReader,
JBossSAMLConstants.SIGNATURE.get() );
+ }
+ else if( JBossSAMLConstants.NAMEID_POLICY.get().equals( elementName ))
+ {
+ startElement = StaxParserUtil.getNextStartElement( xmlEventReader );
+ authnRequest.setNameIDPolicy( getNameIDPolicy( startElement ));
+ }
+ }
+ return authnRequest;
+ }
+
+ /**
+ * @see {@link ParserNamespaceSupport#supports(QName)}
+ */
+ public boolean supports(QName qname)
+ {
+ return JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals( qname.getNamespaceURI() )
;
+ }
+
+ /**
+ * Parse the attributes at the authnrequesttype element
+ * @param startElement
+ * @return
+ * @throws ConfigurationException
+ */
+ private AuthnRequestType parseBaseAttributes( StartElement startElement ) throws
ConfigurationException
+ {
+ AuthnRequestType authnRequest = new AuthnRequestType();
+ //Let us get the attributes
+ Attribute idAttr = startElement.getAttributeByName( new QName( "ID" ));
+ if( idAttr == null )
+ throw new RuntimeException( "ID attribute is missing" );
+ authnRequest.setID( StaxParserUtil.getAttributeValue( idAttr ));
+
+ Attribute assertionConsumerServiceURL = startElement.getAttributeByName( new QName(
"AssertionConsumerServiceURL" ));
+ if( assertionConsumerServiceURL != null )
+ authnRequest.setAssertionConsumerServiceURL( StaxParserUtil.getAttributeValue(
assertionConsumerServiceURL ));
+
+ Attribute destination = startElement.getAttributeByName( new QName(
"Destination" ));
+ if( destination != null )
+ authnRequest.setDestination( StaxParserUtil.getAttributeValue( destination ));
+
+ Attribute issueInstant = startElement.getAttributeByName( new QName(
"IssueInstant" ));
+ if( issueInstant != null )
+ {
+ authnRequest.setIssueInstant( XMLTimeUtil.parse(
StaxParserUtil.getAttributeValue( issueInstant )));
+ }
+
+ Attribute protocolBinding = startElement.getAttributeByName( new QName(
"ProtocolBinding" ));
+ if( protocolBinding != null )
+ authnRequest.setProtocolBinding( StaxParserUtil.getAttributeValue(
protocolBinding ));
+
+ Attribute providerName = startElement.getAttributeByName( new QName(
"ProviderName" ));
+ if( providerName != null )
+ authnRequest.setProviderName( StaxParserUtil.getAttributeValue( providerName
));
+
+ Attribute version = startElement.getAttributeByName( new QName( "Version"
));
+ if( version != null )
+ authnRequest.setVersion( StaxParserUtil.getAttributeValue( version ));
+ return authnRequest;
+ }
+
+ /**
+ * Get the NameIDPolicy
+ * @param startElement
+ * @return
+ */
+ private NameIDPolicyType getNameIDPolicy(StartElement startElement)
+ {
+ NameIDPolicyType nameIDPolicy = new NameIDPolicyType();
+ Attribute format = startElement.getAttributeByName( new QName( "Format"
));
+ if( format != null )
+ nameIDPolicy.setFormat( StaxParserUtil.getAttributeValue( format ));
+
+ Attribute allowCreate = startElement.getAttributeByName( new QName(
"AllowCreate" ));
+ if( allowCreate != null )
+ nameIDPolicy.setAllowCreate( Boolean.parseBoolean(
StaxParserUtil.getAttributeValue( allowCreate )));
+
+ return nameIDPolicy;
+ }
+}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2010-11-02
20:01:49 UTC (rev 513)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2010-11-02
20:02:41 UTC (rev 514)
@@ -58,7 +58,14 @@
{
SAMLAssertionParser assertionParser = new SAMLAssertionParser();
return assertionParser.parse( xmlEventReader );
- }
+ }
+ else if( JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(
startElement.getName().getNamespaceURI() ) )
+ {
+ SAMLAuthNRequestParser authNRequestParser = new SAMLAuthNRequestParser();
+ return authNRequestParser.parse( xmlEventReader );
+ }
+ else
+ throw new RuntimeException( "Unknown Tag:" + elementName );
}
else
{
Added:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java 2010-11-02
20:02:41 UTC (rev 514)
@@ -0,0 +1,68 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.saml.v2.protocol.NameIDPolicyType;
+
+/**
+ * Validate the SAML2 AuthnRequest parse
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Nov 2, 2010
+ */
+public class SAMLAuthnRequestParserTestCase
+{
+ @Test
+ public void testSAMLAuthnRequestParse() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(
"parser/saml2/saml2-authnrequest.xml" );
+
+ SAMLParser parser = new SAMLParser();
+ AuthnRequestType authnRequest = ( AuthnRequestType ) parser.parse(configStream);
+ assertNotNull( "AuthnRequestType is not null", authnRequest );
+
+ assertEquals(
"http://localhost/org.eclipse.higgins.saml2idp.test/SAMLEndpoint",
authnRequest.getAssertionConsumerServiceURL() );
+ assertEquals(
"http://localhost/org.eclipse.higgins.saml2idp.server/SAMLEndpoint",
authnRequest.getDestination() );
+ assertEquals( "a2sffdlgdhgfg32fdldsdghdsgdgfdglgx", authnRequest.getID()
);
+ assertEquals( XMLTimeUtil.parse( "2007-12-17T18:40:52.203Z" ),
authnRequest.getIssueInstant() );
+ assertEquals( "urn:oasis:names.tc:SAML:2.0:bindings:HTTP-Redirect",
authnRequest.getProtocolBinding() );
+ assertEquals( "Test SAML2 SP", authnRequest.getProviderName() );
+ assertEquals( "2.0", authnRequest.getVersion() );
+
+ //Issuer
+ assertEquals( "Test SAML2 SP", authnRequest.getIssuer().getValue() );
+
+ //NameID Policy
+ NameIDPolicyType nameIDPolicy = authnRequest.getNameIDPolicy();
+ assertEquals( "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
nameIDPolicy.getFormat() );
+ assertEquals( Boolean.TRUE , nameIDPolicy.isAllowCreate() );
+ }
+}
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-authnrequest.xml
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-authnrequest.xml
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-authnrequest.xml 2010-11-02
20:02:41 UTC (rev 514)
@@ -0,0 +1,68 @@
+<!-- Picked up from http://wiki.eclipse.org/SAML2_IdP_Overview -->
+<samlp:AuthnRequest
+ AssertionConsumerServiceURL="http://localhost/org.eclipse.higgins.saml2idp.test/SAMLEndpoint"
+ Destination="http://localhost/org.eclipse.higgins.saml2idp.server/SAMLEndpoint"
+ ID="a2sffdlgdhgfg32fdldsdghdsgdgfdglgx"
+ IssueInstant="2007-12-17T18:40:52.203Z"
+ ProtocolBinding="urn:oasis:names.tc:SAML:2.0:bindings:HTTP-Redirect"
+ ProviderName="Test SAML2 SP" Version="2.0"
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+
+ <Issuer>Test SAML2 SP</Issuer>
+
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod
+ Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComme...
/>
+ <SignatureMethod
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#ccocfkmlnocbajegpiheahonbcambbapiibggije">
+ <Transforms>
+ <Transform
+ Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod
+ Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>N1Aze93QqDxax3cmBgPmKFNdM8U=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ KjfZwX9RkNrr3Epo/yRfDiFhqBeJCO5lFe/Ni/leBvBH8FRCT3p+2w==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ vzIPsacspz2XUcXP0hmWx2u56y9t/nTZRKGyFcVi1K/bao0C+0KjvXKkAPNhBb9TzYsCZbtZNH3a
+ OSVvsw1XVYHCeneHAircY/oJ0BqfBBg4gQe1H/CPXwixI+zjBSF5pMOBq4etcsH+SD/JYj1NsRwn
+ /2yQccUjUKeapbHn8TVNwVRYwg5QZL9AQ4b/pGoqO+df3kIqUL7lVyW+l6XprtVQU9jen47c4KQ1
+ sodHHPwgoXmT27hLAedC0cu4UUYFjwgbEoS1UBUoNajmGFNFeMpEtj1j4cHRoiZIxwYgEqzanp2f
+ Lgq7LlMa07vIuZBk6jyrw77Mza7TqxFNoVO89w==
+ </P>
+ <Q>j/ukaZe37ncVwe4c/+GQex1Kqic=</Q>
+ <G>
+ fu8RMe0ijgLi4Pw/KY57HdIBjmBge4XG1fX8IoT2wxv4QFO+FmijCqCcOiWk3osVyJIjqGJyH4kq
+ RwvSZl6pd8FAdP1HfZDMwBP9ML6NpE5WAe+MP+b3ydoUqI25JqCS2H9DypUIHxqN+NaLTDm67O9m
+ tTSckEMbXiARccwgnEgyNCFFulmm8vh8L6iT+56pesCyykMp6PDDo8AI2U9SR5EzUAQe5Yl39fCp
+ lb7H+tbOBclal00OUXezRGNh5c6JlM5J6YpY/gll2D0nv3VtubVOlc104LIpvFzphF7x5hv5HvI+
+ jUemrFIx0I8C3lv+8Xndwe8YwszLRrxvNe0jPQ==
+ </G>
+ <Y>
+ vM9EhHB8cKakhExdDZ/1pnWFeZOBKgC/c1/OoY1wGh4yAz5zDkkZPg/dXpEOkWuz241WXipcUbym
+ L+lZXcT+bTs8CQdIkw738vopoJfT0r75fKd85lT1pRH/nQ4i82J+vHrqOrfFc5CryxxqCRkZP4DW
+ B5t62LBoIMMsrdsMVKpzCJmUgnnIY8B4maJe2BYVRBBhISGoBnTKSWxObUg30fIfRlVFFxtTeWq8
+ tPS9u+MI3HuFn0MPVL+TgBw24ufSWPEEUiZU0eDdjzF51/yTVqUCHYNJH7gG7kugrQ8LdKes7rfD
+ c9glkilm1iAcSCfNvqsktKcN+BCOaCdsQhT5yw==
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature>
+
+ <samlp:NameIDPolicy
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ AllowCreate="true"
+ />
+
+</samlp:AuthnRequest>
\ No newline at end of file