Picketlink SVN: r688 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata and 4 other directories.
5:05 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2011-01-31 18:05:50 -0500 (Mon, 31 Jan 2011)
New Revision: 688
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLMetadataUtil.java
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataExtractor.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java
federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/seam-entities.xml
Log:
deal with obtaining the X509certificate from ds:keyinfo
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataExtractor.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataExtractor.java 2011-01-31
21:18:12 UTC (rev 687)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/MetaDataExtractor.java 2011-01-31
23:05:50 UTC (rev 688)
@@ -22,17 +22,20 @@
package org.picketlink.identity.federation.api.saml.v2.metadata;
import java.io.StringWriter;
+import java.security.cert.X509Certificate;
import java.util.List;
-
+
import javax.xml.stream.XMLStreamWriter;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.util.SAMLMetadataUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IndexedEndpointType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SSODescriptorType;
@@ -48,6 +51,23 @@
"\n");
/**
+ * Get the {@link X509Certificate} from the KeyInfo
+ * @param keyDescriptor
+ * @return
+ */
+ public static X509Certificate getCertificate( KeyDescriptorType keyDescriptor )
+ {
+ try
+ {
+ return SAMLMetadataUtil.getCertificate(keyDescriptor);
+ }
+ catch ( Exception e)
+ {
+ throw new RuntimeException( e );
+ }
+ }
+
+ /**
* Generate a string from the information in the metadata
* @param edt
* @return
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-01-31
21:18:12 UTC (rev 687)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-01-31
23:05:50 UTC (rev 688)
@@ -241,7 +241,8 @@
keyDescriptor.setUse( KeyTypes.fromValue(use) );
Element key = StaxParserUtil.getDOMElement(xmlEventReader);
- keyDescriptor.setKeyInfo(key);
+ keyDescriptor.setKeyInfo(key);
+ idpSSODescriptor.addKeyDescriptor(keyDescriptor);
}
else
throw new RuntimeException( "Unknown " + localPart );
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLMetadataUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLMetadataUtil.java
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLMetadataUtil.java 2011-01-31
23:05:50 UTC (rev 688)
@@ -0,0 +1,87 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.saml.v2.util;
+
+import java.security.cert.X509Certificate;
+
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Deals with SAML2 Metadata
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 31, 2011
+ */
+public class SAMLMetadataUtil
+{
+ /**
+ * Get the {@link X509Certificate} from the KeyInfo
+ * @param keyDescriptor
+ * @return
+ * @throws ProcessingException
+ * @throws ConfigurationException
+ */
+ public static X509Certificate getCertificate( KeyDescriptorType keyDescriptor ) throws
ConfigurationException, ProcessingException
+ {
+ X509Certificate cert = null;
+ Element keyInfo = keyDescriptor.getKeyInfo();
+ if( keyInfo != null )
+ {
+ NodeList x509DataNodes = keyInfo.getElementsByTagName( "X509Data" );
+ if( x509DataNodes == null || x509DataNodes.getLength() == 0 )
+ {
+ x509DataNodes = keyInfo.getElementsByTagNameNS(
JBossSAMLURIConstants.XMLDSIG_NSURI.get(), "X509Data" );
+ }
+
+ if( x509DataNodes == null || x509DataNodes.getLength() == 0 )
+ {
+ x509DataNodes = keyInfo.getElementsByTagName("ds:X509Data" );
+ }
+
+ if( x509DataNodes != null && x509DataNodes.getLength() > 0 )
+ {
+ //Choose the first one
+ Node x509DataNode = x509DataNodes.item(0);
+ NodeList children = x509DataNode.getChildNodes();
+ int len = children != null ? children.getLength() : 0 ;
+ for( int i = 0 ; i < len ; i++ )
+ {
+ Node nl = children.item(i);
+ if( nl.getNodeName().contains( "X509Certificate" ) )
+ {
+ Node certNode = nl.getFirstChild();
+ String certNodeValue = certNode.getNodeValue();
+ cert = XMLSignatureUtil.getX509CertificateFromKeyInfoString(
certNodeValue.trim() );
+ break;
+ }
+ }
+ }
+ }
+ return cert;
+ }
+}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-01-31
21:18:12 UTC (rev 687)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-01-31
23:05:50 UTC (rev 688)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.core.util;
+import java.io.ByteArrayInputStream;
import java.io.OutputStream;
import java.security.AccessController;
import java.security.GeneralSecurityException;
@@ -29,14 +30,13 @@
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import javax.security.cert.X509Certificate;
-import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
@@ -61,9 +61,9 @@
import javax.xml.transform.stream.StreamResult;
import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -81,9 +81,6 @@
{
private static Logger log = Logger.getLogger(XMLSignatureUtil.class);
private static boolean trace = log.isTraceEnabled();
-
- private static String pkgName =
"org.picketlink.identity.federation.w3.xmldsig";
- private static String schemaLocation =
"schema/saml/v2/xmldsig-core-schema.xsd";
private static String canonicalizationMethodType =
CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
@@ -348,4 +345,36 @@
Transformer trans = tf.newTransformer();
trans.transform(DocumentUtil.getXMLSource(signedDocument), new StreamResult(os));
}
+
+ /**
+ * Given the X509Certificate in the keyinfo element, get a {@link X509Certificate}
+ * @param certificateString
+ * @return
+ * @throws ProcessingException
+ */
+ public static X509Certificate getX509CertificateFromKeyInfoString( String
certificateString ) throws ProcessingException
+ {
+ X509Certificate cert = null;
+ StringBuilder builder = new StringBuilder();
+ builder.append( "-----BEGIN CERTIFICATE-----\n" ).append(
certificateString ).append( "\n-----END CERTIFICATE-----" );
+
+ String derFormattedString = builder.toString();
+
+ try
+ {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream bais = new ByteArrayInputStream(
derFormattedString.getBytes());
+
+ while ( bais.available() > 0)
+ {
+ cert = (X509Certificate) cf.generateCertificate(bais);
+ }
+ }
+ catch (java.security.cert.CertificateException e)
+ {
+ throw new ProcessingException( e );
+ }
+ return cert;
+ }
+
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-01-31
21:18:12 UTC (rev 687)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-01-31
23:05:50 UTC (rev 688)
@@ -24,12 +24,17 @@
import static org.junit.Assert.assertNotNull;
import java.io.InputStream;
+import java.security.cert.X509Certificate;
import junit.framework.Assert;
import org.junit.Test;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.SAMLMetadataUtil;
import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
/**
* Unit test the SAML metadata parsing
@@ -50,5 +55,10 @@
EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is);
Assert.assertNotNull(entities);
Assert.assertEquals( 2, entities.getEntityDescriptor().size() );
+ EntityDescriptorType entity = (EntityDescriptorType)
entities.getEntityDescriptor().get(0);
+ IDPSSODescriptorType idp =
entity.getChoiceType().get(0).getDescriptors().get(0).getIdpDescriptor();
+ KeyDescriptorType keyDescriptor = idp.getKeyDescriptor().get(0);
+ X509Certificate cert = SAMLMetadataUtil.getCertificate(keyDescriptor);
+ Assert.assertNotNull(cert);
}
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/seam-entities.xml
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/seam-entities.xml 2011-01-31
21:18:12 UTC (rev 687)
+++
federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/seam-entities.xml 2011-01-31
23:05:50 UTC (rev 688)
@@ -9,17 +9,18 @@
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
- MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
- bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
- ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
- CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
- BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
- AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
- RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
- Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
- QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
- cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
- /FfwWigmrW0Y0Q==</ds:X509Certificate>
+MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
+bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
+ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
+BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
+RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
+Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
+QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
+cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
+/FfwWigmrW0Y0Q==
+ </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
5073
days inactive
5073
days old
picketlink-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
picketlink-commits@lists.jboss.org