[picketlink-commits] Picketlink SVN: r1238 - in product/trunk/picketlink-core/src: main/java/org/picketlink/identity/federation and 25 other directories.

Author: anil.saldhana(a)jboss.com Date: 2011-09-19 16:46:27 -0400 (Mon, 19 Sep 2011) New Revision: 1238 Added: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/ product/trunk/picketlink-core/src/main/java/org/picketlink/trust/ product/trunk/picketlink-core/src/main/java/org/picketlink/trust/jbossws/ product/trunk/picketlink-core/src/test/java/org/picketlink/ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/ Log: merged 1192 to 1228 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink ___________________________________________________________________ Added: svn:mergeinfo + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink:1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink:1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink:1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink:1192-1228 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132,1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132,1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2011-09-19 17:46:00 UTC (rev 1237) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2011-09-19 20:46:27 UTC (rev 1238) @@ -25,7 +25,7 @@ import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.PublicKey; - + import javax.xml.crypto.MarshalException; import javax.xml.crypto.dsig.DigestMethod; import javax.xml.crypto.dsig.SignatureMethod; @@ -40,7 +40,7 @@ import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; -import org.picketlink.identity.federation.core.util.XMLSignatureUtil; +import org.picketlink.identity.federation.core.util.XMLSignatureUtil; import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType; import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; import org.w3c.dom.Document; @@ -55,9 +55,9 @@ public class SAML2Signature { private String signatureMethod = SignatureMethod.RSA_SHA1; - private String digestMethod = DigestMethod.SHA1; - + private String digestMethod = DigestMethod.SHA1; + public String getSignatureMethod() { return signatureMethod; @@ -77,8 +77,22 @@ { this.digestMethod = digestMethod; } - + /** + * Set to false, if you do not want to include keyinfo + * in the signature + * @param val + * @since v2.0.1 + */ + public void setSignatureIncludeKeyInfo(boolean val) + { + if (!val) + { + XMLSignatureUtil.setIncludeKeyInfoInSignature(false); + } + } + + /** * Sign an RequestType at the root * @param request * @param keypair Key Pair @@ -92,20 +106,18 @@ * @throws MarshalException * @throws GeneralSecurityException */ - public Document sign(RequestAbstractType request, KeyPair keypair) throws SAXException, IOException, ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException + public Document sign(RequestAbstractType request, KeyPair keypair) throws SAXException, IOException, + ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Request saml2Request = new SAML2Request(); Document doc = saml2Request.convert(request); doc.normalize(); - + String referenceURI = "#" + request.getID(); - - return XMLSignatureUtil.sign(doc, - keypair, - digestMethod, signatureMethod, - referenceURI); + + return XMLSignatureUtil.sign(doc, keypair, digestMethod, signatureMethod, referenceURI); } - + /** * Sign an ResponseType at the root * @param response @@ -118,15 +130,16 @@ * @throws MarshalException * @throws GeneralSecurityException */ - public Document sign(ResponseType response,KeyPair keypair) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException + public Document sign(ResponseType response, KeyPair keypair) throws ParserConfigurationException, + GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Request = new SAML2Response(); Document doc = saml2Request.convert(response); doc.normalize(); - - return sign(doc, response.getID(), keypair); + + return sign(doc, response.getID(), keypair); } - + /** * Sign an Document at the root * @param response @@ -139,19 +152,14 @@ * @throws MarshalException * @throws GeneralSecurityException */ - public Document sign(Document doc, - String referenceID, - KeyPair keypair) throws - ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException - { + public Document sign(Document doc, String referenceID, KeyPair keypair) throws ParserConfigurationException, + GeneralSecurityException, MarshalException, XMLSignatureException + { String referenceURI = "#" + referenceID; - - return XMLSignatureUtil.sign(doc, - keypair, - digestMethod, signatureMethod, - referenceURI); + + return XMLSignatureUtil.sign(doc, keypair, digestMethod, signatureMethod, referenceURI); } - + /** * Sign an assertion whose id value is provided in the response type * @param response @@ -167,17 +175,16 @@ * @throws MarshalException * @throws GeneralSecurityException */ - public Document sign(ResponseType response, - String idValueOfAssertion, - KeyPair keypair, - String referenceURI) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException + public Document sign(ResponseType response, String idValueOfAssertion, KeyPair keypair, String referenceURI) + throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, + TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Response = new SAML2Response(); Document doc = saml2Response.convert(response); - - return sign(doc,idValueOfAssertion, keypair, referenceURI); + + return sign(doc, idValueOfAssertion, keypair, referenceURI); } - + /** * Sign a document * @param doc @@ -193,24 +200,17 @@ * @throws MarshalException * @throws XMLSignatureException */ - public Document sign(Document doc, - String idValueOfAssertion, - KeyPair keypair, - String referenceURI) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException + public Document sign(Document doc, String idValueOfAssertion, KeyPair keypair, String referenceURI) + throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, + TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException { - Node assertionNode = DocumentUtil.getNodeWithAttribute(doc, - JBossSAMLURIConstants.ASSERTION_NSURI.get(), - "Assertion", - "ID", - idValueOfAssertion); - - return XMLSignatureUtil.sign(doc, assertionNode, - keypair, - digestMethod, signatureMethod, - referenceURI); + Node assertionNode = DocumentUtil.getNodeWithAttribute(doc, JBossSAMLURIConstants.ASSERTION_NSURI.get(), + "Assertion", "ID", idValueOfAssertion); + + return XMLSignatureUtil.sign(doc, assertionNode, keypair, digestMethod, signatureMethod, referenceURI); } - + /** * Sign a SAML Document * @param samlDocument @@ -228,9 +228,9 @@ catch (Exception e) { throw new ProcessingException(e); - } + } } - + /** * Validate the SAML2 Document * @param signedDocument @@ -242,13 +242,13 @@ { try { - return XMLSignatureUtil.validate(signedDocument, publicKey); + return XMLSignatureUtil.validate(signedDocument, publicKey); } - catch(MarshalException me) + catch (MarshalException me) { throw new ProcessingException(me.getLocalizedMessage()); } - catch(XMLSignatureException xse) + catch (XMLSignatureException xse) { throw new ProcessingException(xse.getLocalizedMessage()); } Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings:1152-1173 /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1155-1158 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings:1152-1173,1192-1228 /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1155-1158 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1144-1154,1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1144-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173 Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java (from rev 1228, federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java) =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java (rev 0) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java 2011-09-19 20:46:27 UTC (rev 1238) @@ -0,0 +1,106 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.bindings.jboss.subject; + +import java.security.Principal; +import java.util.Calendar; + +import javax.naming.InitialContext; +import javax.naming.NamingException; +import javax.security.auth.Subject; +import javax.security.jacc.PolicyContext; +import javax.security.jacc.PolicyContextException; + +import org.jboss.logging.Logger; +import org.jboss.security.SimplePrincipal; +import org.jboss.security.SubjectSecurityManager; +import org.picketlink.identity.federation.bindings.tomcat.SubjectSecurityInteraction; +import org.picketlink.identity.federation.core.factories.JBossAuthCacheInvalidationFactory; +import org.picketlink.identity.federation.core.factories.JBossAuthCacheInvalidationFactory.TimeCacheExpiry; + +/** + * An implementation of {@link SubjectSecurityInteraction} for JBoss AS + * @author Anil.Saldhana(a)redhat.com + * @since Sep 13, 2011 + */ +public class PicketLinkJBossSubjectInteraction implements SubjectSecurityInteraction +{ + protected static Logger log = Logger.getLogger(PicketLinkJBossSubjectInteraction.class); + + protected boolean trace = log.isTraceEnabled(); + + /** + * @see org.picketlink.identity.federation.bindings.tomcat.SubjectSecurityInteraction#cleanup(java.security.Principal) + */ + public boolean cleanup(Principal principal) + { + try + { + String securityDomain = getSecurityDomain(); + if (trace) + { + log.trace("Determined Security Domain=" + securityDomain); + } + TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry(); + Calendar calendar = Calendar.getInstance(); + calendar.add(Calendar.SECOND, 10);//Add 25 seconds + if (trace) + { + log.trace("Will expire from cache in 10 seconds, principal=" + principal); + } + cacheExpiry.register(securityDomain, calendar.getTime(), principal); + //Additional expiry of simple principal + cacheExpiry.register(securityDomain, calendar.getTime(), new SimplePrincipal(principal.getName())); + } + catch (NamingException e) + { + throw new RuntimeException(e); + } + + return false; + } + + /** + * @see org.picketlink.identity.federation.bindings.tomcat.SubjectSecurityInteraction#get() + */ + public Subject get() + { + try + { + return (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); + } + catch (PolicyContextException e) + { + throw new RuntimeException(e); + } + } + + private String getSecurityDomain() throws NamingException + { + //Get the SecurityManagerService from JNDI + InitialContext ctx = new InitialContext(); + SubjectSecurityManager ssm = (SubjectSecurityManager) ctx.lookup("java:comp/env/security/securityMgr"); + if (ssm == null) + throw new RuntimeException("Unable to get the subject security manager"); + return ssm.getSecurityDomain(); + } +} \ No newline at end of file Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1144-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1144-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.java 2011-09-19 17:46:00 UTC (rev 1237) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.java 2011-09-19 20:46:27 UTC (rev 1238) @@ -22,10 +22,20 @@ package org.picketlink.identity.federation.bindings.tomcat; import java.io.IOException; +import java.security.AccessController; import java.security.Principal; +import java.security.PrivilegedAction; +import java.util.Set; +import java.util.UUID; +import javax.security.auth.Subject; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.apache.catalina.Realm; -import org.apache.catalina.authenticator.AuthenticatorBase; +import org.apache.catalina.Session; +import org.apache.catalina.authenticator.Constants; +import org.apache.catalina.authenticator.FormAuthenticator; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.deploy.LoginConfig; @@ -40,27 +50,29 @@ * @author Anil.Saldhana(a)redhat.com * @since Apr 11, 2011 */ -public class PicketLinkAuthenticator extends AuthenticatorBase +public class PicketLinkAuthenticator extends FormAuthenticator { protected static Logger log = Logger.getLogger(PicketLinkAuthenticator.class); protected boolean trace = log.isTraceEnabled(); /** - * The {@link Realm} requires an user name + * This is the auth method used in the register method */ - protected String userName = "custom-authenticator-user"; + protected String authMethod = "SECURITY_DOMAIN"; /** - * The {@link Realm} requires a password + * The authenticator may not be aware of the user name until after + * the underlying security exercise is complete. The Subject + * will have the proper user name. Hence we may need to perform + * an additional authentication now with the user name we have obtained. */ - protected String password = "custom-authenticator-password"; + protected boolean needSubjectPrincipalSubstitution = true; - /** - * This is the auth method used in the register method - */ - protected String authMethod = "SECURITY_DOMAIN"; + protected SubjectSecurityInteraction subjectInteraction = null; + protected String subjectInteractionClassName = "org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkJBossSubjectInteraction"; + public PicketLinkAuthenticator() { if (trace) @@ -70,44 +82,139 @@ } /** - * Set the user name via WEB-INF/context.xml (JBoss AS) - * @param defaultUserName + * Set the auth method via WEB-INF/context.xml (JBoss AS) + * @param authMethod */ - public void setUserName(String defaultUserName) + public void setAuthMethod(String authMethod) { - this.userName = defaultUserName; + this.authMethod = authMethod; } - /** - * Set the password via WEB-INF/context.xml (JBoss AS) - * @param defaultPassword - */ - public void setPassword(String defaultPassword) + public void setNeedSubjectPrincipalSubstitution(String needSubjectPrincipalSubstitutionVal) { - this.password = defaultPassword; + this.needSubjectPrincipalSubstitution = Boolean.valueOf(needSubjectPrincipalSubstitutionVal); } /** - * Set the auth method via WEB-INF/context.xml (JBoss AS) - * @param authMethod + * Set this if you want to override the default {@link SubjectSecurityInteraction} + * @param subjectRetrieverClassName */ - public void setAuthMethod(String authMethod) + public void setSubjectInteractionClassName(String subjectRetrieverClassName) { - this.authMethod = authMethod; + this.subjectInteractionClassName = subjectRetrieverClassName; } @Override - protected boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException + public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException { + log.trace("Authenticating user"); + + Principal principal = request.getUserPrincipal(); + if (principal != null) + { + if (trace) + log.trace("Already authenticated '" + principal.getName() + "'"); + return true; + } + + Session session = request.getSessionInternal(true); + String userName = UUID.randomUUID().toString(); + String password = userName; Realm realm = context.getRealm(); - Principal principal = realm.authenticate(this.userName, this.password); + principal = realm.authenticate(userName, password); + Principal originalPrincipal = principal; if (principal != null) { - register(request, response, principal, this.authMethod, null, null); + if (needSubjectPrincipalSubstitution) + { + principal = getSubjectPrincipal(); + if (principal == null) + throw new RuntimeException("Principal from subject is null"); + principal = realm.authenticate(principal.getName(), password); + } + session.setNote(Constants.SESS_USERNAME_NOTE, principal.getName()); + session.setNote(Constants.SESS_PASSWORD_NOTE, password); + request.setUserPrincipal(principal); + register(request, response, principal, this.authMethod, principal.getName(), password); + if (originalPrincipal != null && needSubjectPrincipalSubstitution) + { + subjectInteraction.cleanup(originalPrincipal); + } + return true; } - return true; + return false; } + + public boolean authenticate(HttpServletRequest request, HttpServletResponse response, LoginConfig loginConfig) + throws IOException + { + return authenticate((Request) request, (Response) response, loginConfig); + } + + protected Principal getSubjectPrincipal() + { + if (subjectInteraction == null) + { + Class<?> clazz = loadClass(getClass(), subjectInteractionClassName); + try + { + subjectInteraction = (SubjectSecurityInteraction) clazz.newInstance(); + } + catch (Exception e) + { + throw new RuntimeException(e); + } + } + + Subject subject = subjectInteraction.get(); + if (subject != null) + { + Set<Principal> principals = subject.getPrincipals(); + if (!principals.isEmpty()) + { + return subject.getPrincipals().iterator().next(); + } + } + return null; + } + + Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } } \ No newline at end of file Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java (from rev 1228, federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java) =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java (rev 0) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java 2011-09-19 20:46:27 UTC (rev 1238) @@ -0,0 +1,48 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.bindings.tomcat; + +import java.security.Principal; + +import javax.security.auth.Subject; + +/** + * Interface to retrieve a subject + * @author Anil.Saldhana(a)redhat.com + * @since Sep 13, 2011 + */ +public interface SubjectSecurityInteraction +{ + /** + * Obtain a subject based on implementation + * @return + */ + Subject get(); + + /** + * Clean up the {@link Principal} from + * the security cache + * @param principal + * @return + */ + boolean cleanup(Principal principal); +} \ No newline at end of file Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1138-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1138-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1095-1096,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1095-1096,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1095-1096,1098-1134,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1095-1096,1098-1134,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1133-1137,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1133-1137,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1098-1134,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1098-1134,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1144-1145,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1144-1145,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1144-1147,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1144-1147,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1098-1110,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1098-1110,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1133-1137,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1133-1137,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1095-1109,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1095-1109,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1095-1096,1098-1134,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1095-1096,1098-1134,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1098-1109,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1098-1109,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1098-1109,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1098-1109,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util:1098-1111,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util:1098-1111,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1098-1111,1133-1137,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1098-1111,1133-1137,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-09-19 17:46:00 UTC (rev 1237) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-09-19 20:46:27 UTC (rev 1238) @@ -84,6 +84,11 @@ private static XMLSignatureFactory fac = getXMLSignatureFactory(); + /** + * By default, we include the keyinfo in the signature + */ + private static boolean includeKeyInfoInSignature = true; + private static XMLSignatureFactory getXMLSignatureFactory() { XMLSignatureFactory xsf = null; @@ -104,6 +109,11 @@ static { SystemPropertiesUtil.ensure(); + String keyInfoProp = SecurityActions.getSystemProperty("picketlink.xmlsig.includeKeyInfo", null); + if (StringUtil.isNotNull(keyInfoProp)) + { + includeKeyInfoInSignature = Boolean.parseBoolean(keyInfoProp); + } }; /** @@ -118,6 +128,16 @@ } /** + * Use this method to not include the KeyInfo in the signature + * @param includeKeyInfoInSignature + * @since v2.0.1 + */ + public static void setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature) + { + XMLSignatureUtil.includeKeyInfoInSignature = includeKeyInfoInSignature; + } + + /** * Precheck whether the document that will be validated has the right signedinfo * * @param doc @@ -267,6 +287,10 @@ KeyValue kv = kif.newKeyValue(publicKey); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); + if (!includeKeyInfoInSignature) + { + ki = null; + } XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); @@ -378,5 +402,4 @@ } return cert; } - } \ No newline at end of file Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1098-1110,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1098-1110,1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1098-1134,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1098-1134,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1095-1096,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1095-1096,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1095-1096,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1095-1096,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1138-1141,1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1138-1141,1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2 ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1144-1147,1152-1173 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173,1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173,1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173,1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1173,1192-1228 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1144-1147,1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/trust ___________________________________________________________________ Modified: svn:mergeinfo - /trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws:1152-1154 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/trust:1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/trust:1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/trust:1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/trust:1192-1228 /trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws:1152-1154 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/trust/jbossws ___________________________________________________________________ Modified: svn:mergeinfo - /trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws:1152-1154 /trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jbossws:1152-1154 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/trust/jbossws:1192-1228 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/trust/jbossws:1192-1228 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/trust/jbossws:1192-1228 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/trust/jbossws:1192-1228 /trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws:1152-1154 /trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jbossws:1152-1154 Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/test/java/org/picketlink:1140-1173 /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink:1152-1154,1159-1173 + /federation/trunk/picketlink-bindings/src/test/java/org/picketlink:1140-1173 /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink:1192-1228 /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink:1152-1154,1159-1173,1192-1228 Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1137 /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1152-1154,1159-1173 + /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1137,1192-1228 /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1152-1154,1159-1173,1192-1228 Modified: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java =================================================================== --- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2011-09-19 17:46:00 UTC (rev 1237) +++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2011-09-19 20:46:27 UTC (rev 1238) @@ -80,12 +80,48 @@ ss.setSignatureMethod(SignatureMethod.DSA_SHA1); Document signedDoc = ss.sign(authnRequest, kp); + System.out.println("Signed Doc:" + DocumentUtil.asString(signedDoc)); + // Validate the signature boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic()); assertTrue(isValid); } /** + * Test the creation of AuthnRequestType with signature creation with a private key and then validate the signature + * with a public key. We test that the signature does not contain the keyinfo + * + * @throws Exception + */ + @Test + public void testNoKeyInfo() throws Exception + { + SAML2Request saml2Request = new SAML2Request(); + String id = IDGenerator.create("ID_"); + String assertionConsumerURL = "http://sp"; + String destination = "http://idp"; + String issuerValue = "http://sp"; + AuthnRequestType authnRequest = saml2Request.createAuthnRequestType(id, assertionConsumerURL, destination, + issuerValue); + + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); + KeyPair kp = kpg.genKeyPair(); + + SAML2Signature ss = new SAML2Signature(); + ss.setSignatureIncludeKeyInfo(false); + + ss.setSignatureMethod(SignatureMethod.DSA_SHA1); + Document signedDoc = ss.sign(authnRequest, kp); + + System.out.println("Signed Doc:" + DocumentUtil.asString(signedDoc)); + + // Validate the signature + boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic()); + assertTrue(isValid); + XMLSignatureUtil.setIncludeKeyInfoInSignature(true); + } + + /** * Test the signature for ResponseType * * @throws Exception Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1098-1110,1152-1154,1159-1173 + /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1192-1228 /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1098-1110,1152-1154,1159-1173,1192-1228