Picketlink SVN: r670 - in picketlink-seam/trunk/picketlink-seam/src/main: java/org/picketlink/identity/seam/federation and 1 other directories.
12:20 a.m.
Author: anil.saldhana(a)jboss.com
Date: 2011-01-27 01:20:55 -0500 (Thu, 27 Jan 2011)
New Revision: 670
Removed:
picketlink-seam/trunk/picketlink-seam/src/main/generated-source/
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageFactory.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageReceiver.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageSender.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutReceiver.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SeamSamlPrincipal.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlService.java
Log:
changes in the PL object model
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageFactory.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageFactory.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageFactory.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.seam.federation;
+import java.net.URI;
+
import javax.xml.datatype.XMLGregorianCalendar;
import org.jboss.seam.annotations.AutoCreate;
@@ -29,16 +31,14 @@
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ObjectFactory;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusCodeType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusCodeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
/**
@@ -53,26 +53,23 @@
private ServiceProvider serviceProvider;
public StatusResponseType createStatusResponse(RequestAbstractType request, String
statusCode, String statusMessage)
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory
assertionObjectFactory = new
org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory();
+ {
+ StatusResponseType response = new StatusResponseType();
- StatusResponseType response = objectFactory.createStatusResponseType();
-
response.setID(generateId());
response.setIssueInstant(generateIssueInstant());
- NameIDType issuer = assertionObjectFactory.createNameIDType();
+ NameIDType issuer = new NameIDType();
issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
response.setIssuer(issuer);
response.setVersion(JBossSAMLConstants.VERSION_2_0.get());
response.setInResponseTo(request.getID());
- StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
- statusCodeJaxb.setValue(statusCode);
+ StatusCodeType statusCodeJaxb = new StatusCodeType();
+ statusCodeJaxb.setValue( URI.create(statusCode) );
- StatusType statusType = objectFactory.createStatusType();
+ StatusType statusType = new StatusType();
statusType.setStatusCode(statusCodeJaxb);
if (statusMessage != null)
{
@@ -86,49 +83,35 @@
public AuthnRequestType createAuthnRequest()
{
- ObjectFactory objectFactory = new ObjectFactory();
- org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory
assertionObjectFactory = new
org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory();
+ AuthnRequestType authnRequest = new AuthnRequestType( generateId(),
JBossSAMLConstants.VERSION_2_0.get() , generateIssueInstant() );
- AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();
-
- authnRequest.setID(generateId());
- authnRequest.setIssueInstant(generateIssueInstant());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
+ NameIDType issuer = new NameIDType();
issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
authnRequest.setIssuer(issuer);
+
- authnRequest.setVersion(JBossSAMLConstants.VERSION_2_0.get());
-
// Fill in the optional fields that indicate where and how the response should be
delivered.
- authnRequest.setAssertionConsumerServiceURL(serviceProvider
-
.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ authnRequest.setAssertionConsumerServiceURL(URI.create( serviceProvider
+ .getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE
)));
+ authnRequest.setProtocolBinding( URI.create(
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ));
return authnRequest;
}
public LogoutRequestType createLogoutRequest(SeamSamlPrincipal principal) throws
ConfigurationException
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory
assertionObjectFactory = new
org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory();
+ {
+ LogoutRequestType logoutRequest = new LogoutRequestType( generateId(),
JBossSAMLConstants.VERSION_2_0.get(), generateIssueInstant());
- LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();
-
- logoutRequest.setID(generateId());
- logoutRequest.setIssueInstant(generateIssueInstant());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
+ NameIDType issuer = new NameIDType();
issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
logoutRequest.setIssuer(issuer);
- NameIDType nameID = JBossSAMLBaseFactory.createNameID();
+ NameIDType nameID = new NameIDType();
nameID.setValue(principal.getNameId().getValue());
logoutRequest.setNameID(nameID);
+
+ logoutRequest.addSessionIndex( principal.getSessionIndex() );
- logoutRequest.setVersion(JBossSAMLConstants.VERSION_2_0.get());
- logoutRequest.getSessionIndex().add(principal.getSessionIndex());
-
return logoutRequest;
}
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageReceiver.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageReceiver.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageReceiver.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -38,13 +38,16 @@
import org.jboss.seam.annotations.Name;
import org.jboss.seam.log.Log;
import org.jboss.seam.util.Base64;
+import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.core.util.JAXBUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
@@ -205,8 +208,20 @@
private RequestAbstractType getSamlRequest(Document document) throws
InvalidRequestException
{
- try
+ SAMLParser samlParser = new SAMLParser();
+ RequestAbstractType request;
+ try
{
+ request = (RequestAbstractType) samlParser.parse(
StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream(document)) );
+ }
+ catch ( Exception e)
+ {
+ throw new InvalidRequestException("SAML message could not be parsed",
e);
+ }
+ return request;
+
+ /*try
+ {
JAXBContext jaxb = JAXBUtil.getJAXBContext(StatusResponseType.class);
Unmarshaller unmarshaller = jaxb.createUnmarshaller();
@SuppressWarnings("unchecked")
@@ -218,13 +233,24 @@
catch (JAXBException e)
{
throw new InvalidRequestException("SAML message could not be parsed",
e);
- }
+ }*/
}
private StatusResponseType getSamlResponse(Document document) throws
InvalidRequestException
{
+ SAMLParser samlParser = new SAMLParser();
try
{
+ InputStream is = DocumentUtil.getNodeAsStream(document);
+ return (StatusResponseType) samlParser.parse( is );
+ }
+ catch ( Exception e )
+ {
+ throw new InvalidRequestException("SAML message could not be parsed",
e);
+ }
+
+ /*try
+ {
JAXBContext jaxb = JAXBUtil.getJAXBContext(StatusResponseType.class);
Unmarshaller unmarshaller = jaxb.createUnmarshaller();
@SuppressWarnings("unchecked")
@@ -236,7 +262,7 @@
catch (JAXBException e)
{
throw new InvalidRequestException("SAML message could not be parsed",
e);
- }
+ }*/
}
private Document getDocument(InputStream is) throws InvalidRequestException
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageSender.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageSender.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageSender.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -25,6 +25,8 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.StringWriter;
+import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
@@ -32,11 +34,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.Binder;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.Import;
@@ -50,10 +47,10 @@
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.ObjectFactory;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
@@ -64,8 +61,6 @@
import org.picketlink.identity.seam.federation.configuration.SamlService;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
/**
* @author Marcel Kolsteren
@@ -102,26 +97,14 @@
+ " has no endpoint found for profile " + profile);
}
SAML2Request saml2Request = new SAML2Request();
- samlRequest.setDestination(endpoint.getLocation());
+ samlRequest.setDestination( URI.create( endpoint.getLocation() ));
saml2Request.marshall(samlRequest, baos);
message = saml2Request.convert(samlRequest);
}
- catch (JAXBException e)
+ catch ( Exception e)
{
throw new RuntimeException(e);
- }
- catch (ConfigurationException e)
- {
- throw new RuntimeException(e);
- }
- catch (SAXException e)
- {
- throw new RuntimeException(e);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
+ }
sendMessageToIDP(request, response, samlIdentityProvider, message,
RequestOrResponse.REQUEST, endpoint);
}
@@ -129,15 +112,21 @@
public void sendResponseToIDP(HttpServletRequest request, HttpServletResponse
response,
SamlIdentityProvider samlIdentityProvider, SamlEndpoint endpoint,
StatusResponseType samlResponse)
{
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //ByteArrayOutputStream baos = new ByteArrayOutputStream();
Document message = null;
try
{
samlResponse.setDestination(endpoint.getResponseLocation());
-
- JAXBElement<StatusResponseType> responseElement;
+
+ StringWriter sw = new StringWriter();
+ SAMLResponseWriter samlWriter = new SAMLResponseWriter(
StaxUtil.getXMLStreamWriter( sw ));
+ samlWriter.write( samlResponse, null );
+
+ message = DocumentUtil.getDocument( sw.toString() );
+
+ /*JAXBElement<StatusResponseType> responseElement;
if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT))
- {
+ {
responseElement = new ObjectFactory().createLogoutResponse(samlResponse);
}
else
@@ -151,16 +140,12 @@
Binder<Node> binder = jaxbContext.createBinder();
message = DocumentUtil.createDocument();
- binder.marshal(responseElement, message);
+ binder.marshal(responseElement, message);*/
}
- catch (JAXBException e)
+ catch ( Exception e)
{
throw new RuntimeException(e);
- }
- catch (ConfigurationException e)
- {
- throw new RuntimeException(e);
- }
+ }
sendMessageToIDP(request, response, samlIdentityProvider, message,
RequestOrResponse.RESPONSE, endpoint);
}
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -22,27 +22,26 @@
package org.picketlink.identity.seam.federation;
import java.io.OutputStream;
-import java.security.cert.CertificateEncodingException;
+import java.net.URI;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.IndexedEndpointType;
-import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.KeyTypes;
-import org.picketlink.identity.federation.saml.v2.metadata.ObjectFactory;
-import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTChoiceType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IndexedEndpointType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
-import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
+import org.w3c.dom.Element;
/**
* @author Marcel Kolsteren
@@ -58,52 +57,46 @@
public void writeMetaData(OutputStream stream)
{
try
- {
- ObjectFactory metaDataFactory = new ObjectFactory();
+ {
+ String acsRedirectServiceURL =
serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE);
+ IndexedEndpointType acsRedirectEndpoint = new IndexedEndpointType( URI.create(
SamlConstants.HTTP_REDIRECT_BINDING ), URI.create( acsRedirectServiceURL ));
- IndexedEndpointType acsRedirectEndpoint =
metaDataFactory.createIndexedEndpointType();
- acsRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
- acsRedirectEndpoint.setLocation(serviceProvider
-
.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+ String acsPostServiceURL =
serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE);
+ IndexedEndpointType acsPostEndpoint = new IndexedEndpointType( URI.create(
SamlConstants.HTTP_POST_BINDING ), URI.create( acsPostServiceURL ) );
- IndexedEndpointType acsPostEndpoint =
metaDataFactory.createIndexedEndpointType();
- acsPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
- acsPostEndpoint.setLocation(serviceProvider
-
.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+ IndexedEndpointType sloRedirectEndpoint = new IndexedEndpointType(
URI.create(SamlConstants.HTTP_REDIRECT_BINDING), URI.create(serviceProvider
+ .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE))
);
- IndexedEndpointType sloRedirectEndpoint =
metaDataFactory.createIndexedEndpointType();
- sloRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
- sloRedirectEndpoint.setLocation(serviceProvider
-
.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
+ IndexedEndpointType sloPostEndpoint = new IndexedEndpointType( URI.create(
SamlConstants.HTTP_POST_BINDING), URI.create( serviceProvider
+ .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE))
);
- IndexedEndpointType sloPostEndpoint =
metaDataFactory.createIndexedEndpointType();
- sloPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
- sloPostEndpoint.setLocation(serviceProvider
-
.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
-
- SPSSODescriptorType spSsoDescriptor =
metaDataFactory.createSPSSODescriptorType();
+ List<String> protocolSupport = new ArrayList<String>();
+ protocolSupport.add( JBossSAMLURIConstants.PROTOCOL_NSURI.get() );
+
+ SPSSODescriptorType spSsoDescriptor = new SPSSODescriptorType( protocolSupport
);
spSsoDescriptor.setAuthnRequestsSigned(serviceProvider.getSamlConfiguration().isAuthnRequestsSigned());
spSsoDescriptor.setWantAssertionsSigned(serviceProvider.getSamlConfiguration().isWantAssertionsSigned());
- spSsoDescriptor.getAssertionConsumerService().add(acsRedirectEndpoint);
- spSsoDescriptor.getAssertionConsumerService().add(acsPostEndpoint);
- spSsoDescriptor.getSingleLogoutService().add(sloRedirectEndpoint);
- spSsoDescriptor.getSingleLogoutService().add(sloPostEndpoint);
+ spSsoDescriptor.addAssertionConsumerService( acsRedirectEndpoint );
+ spSsoDescriptor.addAssertionConsumerService( acsPostEndpoint );
+ spSsoDescriptor.addSingleLogoutService( sloRedirectEndpoint );
+ spSsoDescriptor.addSingleLogoutService( sloPostEndpoint );
spSsoDescriptor.getProtocolSupportEnumeration().add(JBossSAMLURIConstants.PROTOCOL_NSURI.get());
-
spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
-
spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
-
spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
-
spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
+ spSsoDescriptor.addNameIDFormat(
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
+ spSsoDescriptor.addNameIDFormat(
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
+ spSsoDescriptor.addNameIDFormat(
"urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+ spSsoDescriptor.addNameIDFormat(
"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
+
- org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory signatureFactory = new
org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory();
-
X509Certificate certificate =
serviceProvider.getSamlConfiguration().getCertificate();
if(certificate == null)
throw new RuntimeException("Certificate obtained from configuration is
null");
- JAXBElement<byte[]> X509Certificate;
+ Element keyInfoElement = getKeyInfoDOM( certificate );
+
+ /*JAXBElement<byte[]> X509Certificate;
try
{
X509Certificate =
signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
@@ -117,27 +110,53 @@
X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(X509Certificate);
KeyInfoType keyInfo = signatureFactory.createKeyInfoType();
- keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));
+ keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));*/
- KeyDescriptorType keyDescriptor = metaDataFactory.createKeyDescriptorType();
- keyDescriptor.setUse(KeyTypes.SIGNING);
- keyDescriptor.setKeyInfo(keyInfo);
+ KeyDescriptorType keyDescriptor = new KeyDescriptorType();
+ keyDescriptor.setKeyInfo(keyInfoElement);
+
+ /*keyDescriptor.setUse(KeyTypes.SIGNING);
+ keyDescriptor.setKeyInfo(keyInfo);*/
- spSsoDescriptor.getKeyDescriptor().add(keyDescriptor);
+ spSsoDescriptor.addKeyDescriptor( keyDescriptor );
- EntityDescriptorType entityDescriptor =
metaDataFactory.createEntityDescriptorType();
-
entityDescriptor.setEntityID(serviceProvider.getSamlConfiguration().getEntityId());
-
entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(spSsoDescriptor);
-
- JAXBContext jaxbContext =
JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
+ EDTDescriptorChoiceType edtDescriptorChoice = new EDTDescriptorChoiceType(
spSsoDescriptor );
+ List<EDTDescriptorChoiceType> edtChoices = new
ArrayList<EntityDescriptorType.EDTDescriptorChoiceType>();
+ edtChoices.add(edtDescriptorChoice);
+
+ EDTChoiceType edtChoice = new EDTChoiceType(edtChoices);
+
+ EntityDescriptorType entityDescriptor = new EntityDescriptorType(
serviceProvider.getSamlConfiguration().getEntityId());
+ entityDescriptor.addChoiceType(edtChoice);
+
+
+ SAMLMetadataWriter metadataWriter = new SAMLMetadataWriter(
StaxUtil.getXMLStreamWriter( stream ) );
+ metadataWriter.writeEntityDescriptor(entityDescriptor);
+
+ /*JAXBContext jaxbContext =
JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
Marshaller marshaller = jaxbContext.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
- marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor),
stream);
+ marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor),
stream);*/
}
- catch (JAXBException e)
+ catch ( Exception e)
{
throw new RuntimeException(e);
}
}
+
+ private Element getKeyInfoDOM( X509Certificate certificate )
+ {
+ try
+ {
+ StringBuilder builder = new StringBuilder(
"<ds:KeyInfo><ds:X509Data><ds:X509Certificate>");
+ builder.append( new String( certificate.getEncoded() )).append(
"</ds:X509Certificate></ds:X509Data></ds:KeyInfo>");
+ return DocumentUtil.getDocument(builder.toString()).getDocumentElement();
+ }
+ catch ( Exception e)
+ {
+ throw new RuntimeException( e );
+ }
+
+ }
}
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutReceiver.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutReceiver.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutReceiver.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -31,10 +31,10 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.seam.federation.configuration.Binding;
import org.picketlink.identity.seam.federation.configuration.SamlEndpoint;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -29,8 +29,8 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;
-import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
/**
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -28,7 +28,6 @@
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBElement;
import javax.xml.datatype.DatatypeConstants;
import javax.xml.datatype.XMLGregorianCalendar;
@@ -44,17 +43,22 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationDataType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
@@ -94,7 +98,7 @@
throw new InvalidRequestException("Response does not contain a
status");
}
- String statusValue = status.getStatusCode().getValue();
+ String statusValue = status.getStatusCode().getValue().toString();
if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
{
throw new RuntimeException("IDP returned status " + statusValue);
@@ -107,7 +111,7 @@
ResponseType response = (ResponseType) statusResponse;
- List<Object> assertions = response.getAssertionOrEncryptedAssertion();
+ List<RTChoiceType> assertions = response.getAssertions();
if (assertions.size() == 0)
{
throw new RuntimeException("IDP response does not contain
assertions");
@@ -143,7 +147,7 @@
{
SeamSamlPrincipal principal = null;
- for (Object assertion : responseType.getAssertionOrEncryptedAssertion())
+ for (Object assertion : responseType.getAssertions() )
{
if (assertion instanceof AssertionType)
{
@@ -200,22 +204,24 @@
principal.setSessionIndex(authnStatement.getSessionIndex());
principal.setNameId(nameId);
- for (StatementAbstractType statement :
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+ for (StatementAbstractType statement : assertion.getStatements() )
{
if (statement instanceof AttributeStatementType)
{
AttributeStatementType attributeStatement = (AttributeStatementType)
statement;
List<AttributeType> attributes = new
LinkedList<AttributeType>();
- for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
+ for (ASTChoiceType object : attributeStatement.getAttributes() )
{
- if (object instanceof AttributeType)
- {
- attributes.add((AttributeType) object);
- }
- else
- {
- log.warn("Encrypted attributes are not supported. Ignoring the
attribute.");
- }
+ AttributeType attribute = object.getAttribute();
+ if( attribute != null )
+ {
+ attributes.add( attribute );
+ }
+ EncryptedElementType eet = object.getEncryptedAssertion();
+ if( eet != null )
+ {
+ log.warn("Encrypted attributes are not supported. Ignoring the
attribute.");
+ }
}
principal.setAttributes(attributes);
}
@@ -226,7 +232,7 @@
private AuthnStatementType extractValidAuthnStatement(AssertionType assertion)
{
- for (StatementAbstractType statement :
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+ for (StatementAbstractType statement : assertion.getStatements() )
{
if (statement instanceof AuthnStatementType)
{
@@ -243,8 +249,35 @@
NameIDType nameId = null;
boolean validConfirmationFound = false;
- for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
+ SubjectType subject = assertion.getSubject();
+
+ STSubType subjectSubType = subject.getSubType();
+ nameId = (NameIDType) subjectSubType.getBaseID();
+
+ List<SubjectConfirmationType> subjectConfirmations =
subjectSubType.getConfirmation();
+
+ for( SubjectConfirmationType confirmation: subjectConfirmations )
{
+ if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
+ {
+ SubjectConfirmationDataType confirmationData =
confirmation.getSubjectConfirmationData();
+
+ boolean validRecipient = confirmationData.getRecipient().equals(
+
serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+
+ boolean notTooLate =
confirmationData.getNotOnOrAfter().compare(getCurrentTime()) ==
DatatypeConstants.GREATER;
+
+ boolean validInResponseTo = requestContext == null
+ || confirmationData.getInResponseTo().equals(requestContext.getId());
+
+ if (validRecipient && notTooLate && validInResponseTo)
+ {
+ validConfirmationFound = true;
+ }
+ }
+ }
+ /*for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
+ {
if (contentElement.getValue() instanceof NameIDType)
{
nameId = (NameIDType) contentElement.getValue();
@@ -270,7 +303,7 @@
}
}
}
- }
+ }*/
if (validConfirmationFound)
{
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -29,8 +29,8 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.core.Events;
-import org.jboss.seam.security.Identity;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.seam.security.Identity;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
/**
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SeamSamlPrincipal.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SeamSamlPrincipal.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SeamSamlPrincipal.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -24,13 +24,14 @@
import java.security.Principal;
import java.util.LinkedList;
import java.util.List;
-
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
/**
+ * An instance of {@link Principal}
* @author Marcel Kolsteren
* @since Jan 28, 2010
*/
@@ -100,4 +101,4 @@
{
return nameId.getValue();
}
-}
+}
\ No newline at end of file
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -42,12 +42,15 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
-import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.RoleDescriptorType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.RoleDescriptorType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTChoiceType;
import org.picketlink.identity.seam.federation.jaxb.config.SamlConfigType;
import org.picketlink.identity.seam.federation.jaxb.config.SamlIdentityProviderType;
+
/**
* @author Marcel Kolsteren
@@ -149,14 +152,28 @@
private void readEntitiesDescriptor(EntitiesDescriptorType entitiesDescriptor)
{
- for (Object object : entitiesDescriptor.getEntityDescriptorOrEntitiesDescriptor())
+ for (Object object : entitiesDescriptor.getEntityDescriptor() )
{
if (object instanceof EntityDescriptorType)
{
EntityDescriptorType entityDescriptor = (EntityDescriptorType) object;
String entityId = entityDescriptor.getEntityID();
+
+ for( EDTChoiceType edt: entityDescriptor.getChoiceType() )
+ {
+ List<EDTDescriptorChoiceType> descriptors = edt.getDescriptors();
+ for( EDTDescriptorChoiceType edtDesc : descriptors )
+ {
+ RoleDescriptorType roleDescriptor = edtDesc.getRoleDescriptor();
+ if( roleDescriptor instanceof IDPSSODescriptorType )
+ {
+ IDPSSODescriptorType IDPSSODescriptor = (IDPSSODescriptorType)
roleDescriptor;
+ idpMetaInfo.put(entityId, IDPSSODescriptor);
+ }
+ }
+ }
- for (RoleDescriptorType roleDescriptor : entityDescriptor
+ /*for (RoleDescriptorType roleDescriptor : entityDescriptor.getC
.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor())
{
if (roleDescriptor instanceof IDPSSODescriptorType)
@@ -164,7 +181,7 @@
IDPSSODescriptorType IDPSSODescriptor = (IDPSSODescriptorType)
roleDescriptor;
idpMetaInfo.put(entityId, IDPSSODescriptor);
}
- }
+ }*/
}
else
{
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -26,13 +26,15 @@
import java.util.Map;
import javax.security.cert.X509Certificate;
-import javax.xml.bind.JAXBElement;
-import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.KeyTypes;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import
org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyTypes;
import org.picketlink.identity.seam.federation.SamlProfile;
-import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
/**
* @author Marcel Kolsteren
@@ -67,8 +69,49 @@
{
if (keyDescriptor.getUse().equals(KeyTypes.SIGNING))
{
- for (Object content : keyDescriptor.getKeyInfo().getContent())
+ Element elem = keyDescriptor.getKeyInfo();
+ if( elem != null )
{
+ NodeList x509DataNodes = elem.getElementsByTagName( "X509Data"
);
+ if( x509DataNodes != null && x509DataNodes.getLength() > 0 )
+ {
+ //Choose the first one
+ Node x509DataNode = x509DataNodes.item(0);
+ NodeList children = x509DataNode.getChildNodes();
+ int len = children != null ? children.getLength() : 0 ;
+ for( int i = 0 ; i < len ; i++ )
+ {
+ Node nl = children.item(i);
+ if( nl.getNodeName().contains( "X509Certificate" ) )
+ {
+ byte[] certificate = null ;
+ try
+ {
+ certificate = DocumentUtil.getNodeAsString(nl).getBytes();
+ }
+ catch ( Exception e )
+ {
+ throw new RuntimeException( e );
+ }
+ try
+ {
+ X509Certificate cert =
X509Certificate.getInstance(certificate);
+ publicKey = cert.getPublicKey();
+ }
+ catch (javax.security.cert.CertificateException e)
+ {
+ throw new RuntimeException(e);
+ }
+ break;
+ }
+
+ }
+
+ }
+ }
+
+ /*for (Object content : keyDescriptor.getKeyInfo() )
+ {
if (content instanceof JAXBElement<?> &&
((JAXBElement<?>) content).getValue() instanceof X509DataType)
{
X509DataType X509Data = (X509DataType) ((JAXBElement<?>)
content).getValue();
@@ -93,7 +136,7 @@
}
}
}
- }
+ }*/
}
}
}
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlService.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlService.java 2011-01-27
04:42:41 UTC (rev 669)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlService.java 2011-01-27
06:20:55 UTC (rev 670)
@@ -23,8 +23,8 @@
import java.util.LinkedList;
import java.util.List;
-
-import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
+
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
import org.picketlink.identity.seam.federation.SamlProfile;
/**
@@ -44,11 +44,11 @@
for (EndpointType endpoint : endpoints)
{
Binding binding = null;
- if (endpoint.getBinding().endsWith("HTTP-Redirect"))
+ if (endpoint.getBinding().toString().endsWith("HTTP-Redirect"))
{
binding = Binding.HTTP_Redirect;
}
- else if (endpoint.getBinding().endsWith("HTTP-POST"))
+ else if (endpoint.getBinding().toString().endsWith("HTTP-POST"))
{
binding = Binding.HTTP_Post;
}
@@ -58,8 +58,8 @@
}
if (binding != null)
{
- SamlEndpoint samlEndpoint = new SamlEndpoint(this, binding,
endpoint.getLocation(), endpoint
- .getResponseLocation());
+ SamlEndpoint samlEndpoint = new SamlEndpoint(this, binding,
endpoint.getLocation().toString(), endpoint
+ .getResponseLocation().toString());
serviceEndpoints.add(samlEndpoint);
}
}
5100
days inactive
5100
days old
picketlink-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
picketlink-commits@lists.jboss.org