Author: dehort
Date: 2012-07-11 10:19:49 -0400 (Wed, 11 Jul 2012)
New Revision: 1572
Modified:
product/branches/2.0.2_JBPAPP-9307/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
product/branches/2.0.2_JBPAPP-9307/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.java
Log:
Backporting a RedirectBindingSignatureUtil fix to 2.0.2 [JBPAPP-9307]
Modified:
product/branches/2.0.2_JBPAPP-9307/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
===================================================================
---
product/branches/2.0.2_JBPAPP-9307/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2012-07-10
19:41:13 UTC (rev 1571)
+++
product/branches/2.0.2_JBPAPP-9307/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2012-07-11
14:19:49 UTC (rev 1572)
@@ -90,6 +90,8 @@
String SAML_RESPONSE_KEY = "SAMLResponse";
+ String SAML_SIG_ALG_REQUEST_KEY = "SigAlg";
+
String DECRYPTING_KEY = "DECRYPTING_KEY";
String SENDER_PUBLIC_KEY = "SENDER_PUBLIC_KEY";
Modified:
product/branches/2.0.2_JBPAPP-9307/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.java
===================================================================
---
product/branches/2.0.2_JBPAPP-9307/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.java 2012-07-10
19:41:13 UTC (rev 1571)
+++
product/branches/2.0.2_JBPAPP-9307/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.java 2012-07-11
14:19:49 UTC (rev 1572)
@@ -195,26 +195,35 @@
return getTokenValue(getToken(queryString, token));
}
- public static boolean validateSignature(String queryString, PublicKey validatingKey,
byte[] sigValue)
- throws UnsupportedEncodingException, GeneralSecurityException
- {
- //Construct the url again
- String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SAMLRequest");
- String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
GeneralConstants.RELAY_STATE);
- String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SigAlg");
+ public static boolean validateSignature(String queryString, PublicKey validatingKey,
byte[] sigValue)
+ throws UnsupportedEncodingException, GeneralSecurityException {
+ // Construct the url again
+ StringBuilder sb = new StringBuilder();
- StringBuilder sb = new StringBuilder();
- sb.append("SAMLRequest=").append(reqFromURL);
+ if (isRequestQueryString(queryString)) {
+ addParameter(sb, GeneralConstants.SAML_REQUEST_KEY,
+ RedirectBindingSignatureUtil.getTokenValue(queryString,
GeneralConstants.SAML_REQUEST_KEY));
+ } else {
+ addParameter(sb, GeneralConstants.SAML_RESPONSE_KEY,
+ RedirectBindingSignatureUtil.getTokenValue(queryString,
GeneralConstants.SAML_RESPONSE_KEY));
+ }
- if (isNotNull(relayStateFromURL))
- {
- sb.append("&RelayState=").append(relayStateFromURL);
- }
- sb.append("&SigAlg=").append(sigAlgFromURL);
+ String relayStateFromURL =
RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.RELAY_STATE);
- return SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue,
validatingKey);
- }
+ if (isNotNull(relayStateFromURL)) {
+ addParameter(sb, GeneralConstants.RELAY_STATE, relayStateFromURL);
+ }
+ addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY,
+ RedirectBindingSignatureUtil.getTokenValue(queryString,
GeneralConstants.SAML_SIG_ALG_REQUEST_KEY));
+
+ return SignatureUtil.validate(sb.toString().getBytes("UTF-8"),
sigValue, validatingKey);
+ }
+
+ private static boolean isRequestQueryString(String queryString) {
+ return RedirectBindingSignatureUtil.getTokenValue(queryString,
GeneralConstants.SAML_REQUEST_KEY) != null;
+ }
+
//***************** Private Methods **************
private static byte[] computeSignature(String requestOrResponseKeyValuePair, String
urlEncodedRelayState,
@@ -287,6 +296,16 @@
return sb.toString();
}
+ private static void addParameter(StringBuilder queryString, String paramName, String
paramValue) {
+ String parameterSeparator = "&";
+
+ if (queryString.length() == 0) {
+ parameterSeparator = "";
+ }
+
+
queryString.append(parameterSeparator).append(paramName).append("=").append(paramValue);
+ }
+
private static String getToken(String queryString, String token)
{
if (queryString == null)
@@ -317,4 +336,4 @@
else
return token.substring(eq + 1);
}
-}
\ No newline at end of file
+}
Show replies by date