[picketlink-commits] Picketlink SVN: r325 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust and 1 other directories.

Author: sguilhen(a)redhat.com Date: 2010-07-01 17:29:13 -0400 (Thu, 01 Jul 2010) New Revision: 325 Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java Log: PLFED-84: Fixed issues detected by the new PicketLink STS integration tests. Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-06-30 22:42:29 UTC (rev 324) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-07-01 21:29:13 UTC (rev 325) @@ -1,26 +1,23 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. */ package org.picketlink.identity.federation.api.wstrust; +import java.net.URI; import java.security.Principal; import org.picketlink.identity.federation.core.exceptions.ParsingException; @@ -28,7 +25,9 @@ import org.picketlink.identity.federation.core.wstrust.STSClientConfig; import org.picketlink.identity.federation.core.wstrust.STSClientFactory; import org.picketlink.identity.federation.core.wstrust.WSTrustException; +import org.picketlink.identity.federation.core.wstrust.WSTrustUtil; import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.w3c.dom.Element; /** @@ -95,9 +94,8 @@ } /** - * This method will send a RequestSecurityToken with a RequestType of issue - * and the passed-in tokenType identifies the type of token to be issued by - * the STS. + * This method will send a RequestSecurityToken with a RequestType of issue and the passed-in tokenType identifies + * the type of token to be issued by the STS. * * @param tokenType - The type of token to be issued. * @return Element - The Security Token element. Will be of the tokenType specified. @@ -105,51 +103,104 @@ */ public Element issueToken(String tokenType) throws WSTrustException { - return this.issueInternal(null, tokenType, null, 0); + if (tokenType == null) + throw new IllegalArgumentException("The token type cannot be null"); + RequestSecurityToken request = new RequestSecurityToken(); + request.setTokenType(URI.create(tokenType)); + return this.issueInternal(request, 0); } /** - * This method will send a RequestSecurityToken with a RequestType of issue - * and the passed-in endpointURI identifies the ultimate recipient of the token. + * This method will send a RequestSecurityToken with a RequestType of issue and the passed-in endpointURI identifies + * the ultimate recipient of the token. * - * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for - * the RequestSecurityToken which is an optional element so it may be null. + * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. * @return Element - The Security Token element. Will be of the tokenType configured for the endpointURI. * @throws WSTrustException */ public Element issueTokenForEndpoint(String endpointURI) throws WSTrustException { - return this.issueInternal(endpointURI, null, null, 0); + if (endpointURI == null) + throw new IllegalArgumentException("The endpoint URI cannot be null"); + RequestSecurityToken request = new RequestSecurityToken(); + request.setAppliesTo(WSTrustUtil.createAppliesTo(endpointURI)); + return this.issueInternal(request, 0); } /** - * Issues a Security Token from the STS. This methods has the option of - * specifying both or one of endpointURI/tokenType but at least one must - * specified. + * Issues a Security Token from the STS. This methods has the option of specifying both or one of + * endpointURI/tokenType but at least one must specified. * - * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for - * the RequestSecurityToken which is an optional element so it may be null. + * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. * @param tokenType - The type of security token to be issued. * @return Element - The Security Token Element issued. - * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified. * @throws WSTrustException */ public Element issueToken(String endpointURI, String tokenType) throws WSTrustException { - return this.issueInternal(endpointURI, tokenType, null, 0); + if (endpointURI == null && tokenType == null) + throw new IllegalArgumentException("Either the token type or endpoint URI must be specified"); + + RequestSecurityToken request = new RequestSecurityToken(); + if (tokenType != null) + request.setTokenType(URI.create(tokenType)); + if (endpointURI != null) + request.setAppliesTo(WSTrustUtil.createAppliesTo(endpointURI)); + return this.issueInternal(request, 0); } + /** + * <p> + * Issues a security token on behalf of the specified principal. + * </p> + * + * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. + * @param tokenType - The type of security token to be issued. + * @param principal - The {@code Principal} on behalf of whom the token is to be issued. + * @return an {@code Element} representing the issued security token. + * @throws WSTrustException if a processing error occurs while issuing the security token. + */ public Element issueTokenOnBehalfOf(String endpointURI, String tokenType, Principal principal) throws WSTrustException { - return this.issueInternal(endpointURI, tokenType, principal, 0); + if (endpointURI == null && tokenType == null) + throw new IllegalArgumentException("Either the token type or endpoint URI must be specified"); + if (principal == null) + throw new IllegalArgumentException("The on-behalf-of principal cannot be null"); + + RequestSecurityToken request = new RequestSecurityToken(); + if (tokenType != null) + request.setTokenType(URI.create(tokenType)); + if (endpointURI != null) + request.setAppliesTo(WSTrustUtil.createAppliesTo(endpointURI)); + request.setOnBehalfOf(WSTrustUtil.createOnBehalfOfWithUsername(principal.getName(), "ID")); + return this.issueInternal(request, 0); } /** - * This method will send a RequestSecurityToken with a RequestType of renew - * and the passed-in tokenType identifies the type of token to be renewed by - * the STS. + * <p> + * Issues a security token using the specified {@code RequestSecurityToken} object. + * </p> * + * @param request an instance of {@code RequestSecurityToken} that contains the WS-Trust request information. + * @return an {@code Element} representing the issued security token. + * @throws IllegalArgumentException if the specified request is null. + * @throws WSTrustException if a processing error occurs while issuing the token. + */ + public Element issueToken(RequestSecurityToken request) throws WSTrustException + { + if (request == null) + throw new IllegalArgumentException("The specified request cannot be null"); + return this.issueInternal(request, 0); + } + + /** + * This method will send a RequestSecurityToken with a RequestType of renew and the passed-in tokenType identifies + * the type of token to be renewed by the STS. + * * @param tokenType - The type of token to be renewed. * @param token - The security token to be renewed. * @return Element - The Security Token element. Will be of the tokenType specified. @@ -160,8 +211,7 @@ } /** - * This method will send a RequestSecurityToken with a RequestType of validated by - * the STS. + * This method will send a RequestSecurityToken with a RequestType of validated by the STS. * * @param token - The security token to be validated. * @return true - If the security token was sucessfully valiated. @@ -187,35 +237,31 @@ /** * <p> - * This method issues a token of the specified type for the specified service endpoint and has failover support when - * more than one endpoint URI has been provided in the constructor. If a {@code ConnectException} occurs when sending - * the WS-Trust request to one endpoint, the code makes a new attempt using the next URI until the request reaches an - * STS instance or all URIs have been tried. + * This method issues a token using the specified request and has failover support when more than one endpoint URI + * has been provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to + * one endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all + * URIs have been tried. * </p> * - * @param serviceEndpointURI a {@code String} representing the endpoint URI of the service that will be the ultimate - * recipient of the security token. - * @param tokenType a {@code String} representing the type of token to be issued. - * @param principal the {@code Principal} on behalf of whom the token will be issued. - * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform - * the request. + * @param request a {@code RequestSecurityToken} instance that contains the WS-Trust request information. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. * @return an {@code Element} representing the security token that has been issued. * @throws WSTrustException if a WS-Trust exception is thrown by the STS. */ - private Element issueInternal(String serviceEndpointURI, String tokenType, Principal principal, int clientIndex) - throws WSTrustException + private Element issueInternal(RequestSecurityToken request, int clientIndex) throws WSTrustException { STSClient client = this.clients[clientIndex]; try { - return client.issueTokenOnBehalfOf(serviceEndpointURI, tokenType, principal); + return client.issueToken(request); } catch (RuntimeException e) { // if this was a connection refused exception and we still have clients to try, call the next client. if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) { - return this.issueInternal(serviceEndpointURI, tokenType, principal, ++clientIndex); + return this.issueInternal(request, ++clientIndex); } throw e; } @@ -230,8 +276,8 @@ * * @param tokenType the type of the token being renewed. * @param token an {@code Element} representing the security token being renewed. - * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform - * the request. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. * @return an {@code Element} representing the security token that has been renewed. * @throws WSTrustException if a WS-Trust exception is thrown by the STS. */ @@ -255,14 +301,15 @@ /** * <p> - * This method validates the specified token and has failover support when more than one endpoint URI has been provided - * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the - * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. + * This method validates the specified token and has failover support when more than one endpoint URI has been + * provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one + * endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all URIs + * have been tried. * </p> * * @param token an {@code Element} representing the security token being validated. - * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform - * the request. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. * @return {@code true} if the token was considered valid; {@code false} otherwise. * @throws WSTrustException if a WS-Trust exception is thrown by the STS. */ @@ -292,8 +339,8 @@ * </p> * * @param token an {@code Element} representing the security token being canceled. - * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform - * the request. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. * @return {@code true} if the token was canceled; {@code false} otherwise. * @throws WSTrustException if a WS-Trust exception is thrown by the STS. */ @@ -317,7 +364,7 @@ /** * <p> - * Checks if the root of the specified {@code Throwable} is an instance of {@code java.net.ConnectException}. + * Checks if the root of the specified {@code Throwable} is an instance of {@code java.net.ConnectException}. * </p> * * @param throwable the {@code Throwable} that will be inspected. Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2010-06-30 22:42:29 UTC (rev 324) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2010-07-01 21:29:13 UTC (rev 325) @@ -154,7 +154,7 @@ } catch (WSTrustException we) { - throw new WebServiceException("Exception in handling token request:", we); + throw new WebServiceException("Exception in handling token request: " + we.getMessage(), we); } } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-06-30 22:42:29 UTC (rev 324) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-07-01 21:29:13 UTC (rev 325) @@ -177,10 +177,12 @@ return request; } - private Element issueToken(RequestSecurityToken request) throws WSTrustException + public Element issueToken(RequestSecurityToken request) throws WSTrustException { - request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST)); - request.setContext("context"); + if (request.getRequestType() == null) + request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST)); + if (request.getContext() == null) + request.setContext("default-context"); WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); Source response = dispatchLocal.get().invoke(requestSource); @@ -192,10 +194,6 @@ Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode .getOwnerDocument(); - Document myDocument = DocumentUtil.createDocument(); - Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true); - myDocument.appendChild(importedNode); - nodes = null; if (responseDoc instanceof SOAPPart) { @@ -243,16 +241,12 @@ DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); Source response = dispatchLocal.get().invoke(requestSource); - Node documentNode = ((DOMSource) response).getNode(); - Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode - .getOwnerDocument(); - NodeList nodes; try { - Document myDocument = DocumentUtil.createDocument(); - Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true); - myDocument.appendChild(importedNode); + Node documentNode = DocumentUtil.getNodeFromSource(response); + Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode + .getOwnerDocument(); nodes = null; if (responseDoc instanceof SOAPPart) Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-06-30 22:42:29 UTC (rev 324) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-07-01 21:29:13 UTC (rev 325) @@ -397,7 +397,7 @@ * the request). * </p> * - * @throws Exception + * @throws Exception if an error occurs while running the test. */ public void testInvokeSAML20OnBehalfOf() throws Exception { @@ -483,8 +483,8 @@ @SuppressWarnings("unchecked") public void testInvokeSAML20WithCombinedSymmetricKey() throws Exception { - // create a 128-bit random client secret. - byte[] clientSecret = WSTrustUtil.createRandomSecret(16); + // create a 64-bit random client secret. + byte[] clientSecret = WSTrustUtil.createRandomSecret(8); BinarySecretType clientBinarySecret = new BinarySecretType(); clientBinarySecret.setType(WSTrustConstants.BS_TYPE_NONCE); clientBinarySecret.setValue(clientSecret); @@ -856,7 +856,6 @@ } catch (WebServiceException we) { - assertEquals("Unexpected exception message", "Exception in handling token request:", we.getMessage()); assertNotNull("Unexpected null cause", we.getCause()); assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException); assertEquals("Unexpected exception message", "Unable to find a token provider for the token request", we