Picketlink SVN: r622 - in federation/trunk: picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util and 18 other directories.
1:30 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2010-12-30 14:30:38 -0500 (Thu, 30 Dec 2010)
New Revision: 622
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/common/SAMLProtocolContext.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java
Removed:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java
Log:
use of saml spec token provider
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -78,26 +78,27 @@
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
-import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.IDPWebRequestUtil;
+import
org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
-import
org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder;
import org.w3c.dom.Document;
@@ -919,6 +920,10 @@
throw new RuntimeException(e);
}
+ //Ensure that the Core STS has the SAML20 Token Provider
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.installDefaultConfiguration();
+
if(this.signOutgoingMessages)
{
KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
Modified:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
===================================================================
---
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -27,8 +27,8 @@
import junit.framework.TestCase;
+import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
import org.picketlink.identity.federation.core.util.KeyStoreUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
@@ -47,7 +47,9 @@
*/
public void testSigUseCase() throws Exception
{
- AuthnRequestType authnRequest =
JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ SAML2Request samlRequest = new SAML2Request();
+
+ AuthnRequestType authnRequest = samlRequest.createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp",
"http://idp", "http://sp");
KeyPair kp = KeyStoreUtil.generateKeyPair("RSA");
Modified:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
===================================================================
---
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -29,7 +29,6 @@
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
@@ -47,7 +46,7 @@
*/
public void testRegularRedirectBindingUseCaseWithStringWriter() throws Exception
{
- AuthnRequestType authnRequest =
JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ AuthnRequestType authnRequest = (new SAML2Request()).createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp",
"http://idp", "http://sp");
StringWriter sw = new StringWriter();
@@ -69,7 +68,7 @@
*/
public void testRegularRedirectBindingUseCaseWithByteArray() throws Exception
{
- AuthnRequestType authnRequest =
JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ AuthnRequestType authnRequest = (new SAML2Request()).createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp",
"http://idp", "http://sp");
ByteArrayOutputStream baos = new ByteArrayOutputStream();
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -27,11 +27,13 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
+import java.net.URI;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.parsers.ParserConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
@@ -41,7 +43,6 @@
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
@@ -81,8 +82,24 @@
String destination,
String issuerValue) throws ConfigurationException
{
- return JBossSAMLAuthnRequestFactory.createAuthnRequestType(
- id, assertionConsumerURL, destination, issuerValue);
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
+ String version = JBossSAMLConstants.VERSION_2_0.get();
+ AuthnRequestType authnRequest = new AuthnRequestType( id, version, issueInstant );
+ authnRequest.setAssertionConsumerServiceURL( URI.create( assertionConsumerURL ));
+ authnRequest.setProtocolBinding( URI.create(
JBossSAMLConstants.HTTP_POST_BINDING.get() ));
+ if( destination != null )
+ {
+ authnRequest.setDestination( URI.create( destination ));
+ }
+
+ //Create an issuer
+ NameIDType issuer = new NameIDType();
+ issuer.setValue(issuerValue);
+
+ authnRequest.setIssuer(issuer);
+
+ return authnRequest;
}
/**
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -42,6 +42,7 @@
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.picketlink.identity.federation.core.saml.v2.common.SAMLProtocolContext;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
@@ -50,7 +51,9 @@
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ActionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
@@ -62,6 +65,9 @@
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EvidenceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationDataType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
@@ -140,11 +146,62 @@
* @param issuerInfo holder with information on the issuer
* @return
* @throws ConfigurationException
+ * @throws ProcessingException
*/
public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp,
IssuerInfoHolder issuerInfo)
- throws ConfigurationException
+ throws ConfigurationException, ProcessingException
{
- return JBossSAMLAuthnResponseFactory.createResponseType(ID, sp, idp, issuerInfo);
+ String responseDestinationURI = sp.getResponseDestinationURI();
+
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
+ //Create an assertion
+ //String id = IDGenerator.create( "ID_" );
+
+ //Create assertion -> subject
+ SubjectType subjectType = new SubjectType();
+
+ //subject -> nameid
+ NameIDType nameIDType = new NameIDType();
+ nameIDType.setFormat( URI.create( idp.getNameIDFormat() ));
+ nameIDType.setValue(idp.getNameIDFormatValue());
+
+ SubjectType.STSubType subType = new SubjectType.STSubType();
+ subType.addBaseID(nameIDType);
+ subjectType.setSubType(subType);
+
+ SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
+ subjectConfirmation.setMethod( idp.getSubjectConfirmationMethod());
+
+ SubjectConfirmationDataType subjectConfirmationData = new
SubjectConfirmationDataType();
+ subjectConfirmationData.setInResponseTo( sp.getRequestID() );
+ subjectConfirmationData.setRecipient( responseDestinationURI );
+ subjectConfirmationData.setNotBefore(issueInstant);
+ subjectConfirmationData.setNotOnOrAfter(issueInstant);
+
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subjectType.addConfirmation(subjectConfirmation);
+
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ SAMLProtocolContext samlProtocolContext = new SAMLProtocolContext();
+ samlProtocolContext.setSubjectType( subjectType );
+ samlProtocolContext.setIssuerID(nameIDType);
+ sts.issueToken( samlProtocolContext );
+
+ AssertionType assertionType = samlProtocolContext.getIssuedAssertion();
+
+ /*AssertionType assertionType = SAMLAssertionFactory.createAssertion(id,
+ nameIDType , issueInstant, (ConditionsType) null, subjectType,
(List<StatementAbstractType>)null );
+ */
+
+ ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
+ //InResponseTo ID
+ responseType.setInResponseTo(sp.getRequestID());
+ //Destination
+ responseType.setDestination(responseDestinationURI);
+
+ return responseType;
}
/**
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -31,8 +31,7 @@
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.util.DeflateUtil;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
-import org.picketlink.identity.federation.core.util.Base64;
+import org.picketlink.identity.federation.core.util.Base64;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
/**
@@ -45,7 +44,7 @@
{
public void testDeflateEncoding() throws Exception
{
- AuthnRequestType authnRequest =
JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ AuthnRequestType authnRequest = (new SAML2Request()).createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp",
"http://localhost:8080/idp","http://sp");
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -23,15 +23,16 @@
import java.io.ByteArrayOutputStream;
-import junit.framework.TestCase;
+import junit.framework.Assert;
+import org.junit.Test;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
@@ -40,21 +41,27 @@
* @author Anil.Saldhana(a)redhat.com
* @since Dec 9, 2008
*/
-public class SAML2AuthnResponseUnitTestCase extends TestCase
+public class SAML2AuthnResponseUnitTestCase
{
+ @Test
public void testResponseTypeCreation() throws Exception
{
+ //Initialize the Core STS
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.installDefaultConfiguration();
+
IssuerInfoHolder issuerHolder = new IssuerInfoHolder("http://idp");
issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
IDPInfoHolder idp = new IDPInfoHolder();
idp.setNameIDFormatValue(IDGenerator.create());
+
+ SAML2Response saml2Response = new SAML2Response();
- ResponseType rt =
JBossSAMLAuthnResponseFactory.createResponseType("response111",
+ ResponseType rt = saml2Response.createResponseType("response111",
new SPInfoHolder(), idp, issuerHolder);
- assertNotNull(rt);
+ Assert.assertNotNull(rt);
- SAML2Response saml2Response = new SAML2Response();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
saml2Response.marshall(rt, baos);
}
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -43,6 +43,7 @@
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
@@ -66,6 +67,9 @@
public void testEncryptAssertion() throws Exception
{
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.installDefaultConfiguration();
+
KeyPair kp = this.getKeyPair("RSA");
SecretKey sk = this.getSecretKey();
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -51,6 +51,12 @@
* @return
*/
public boolean supports( String namespace );
+
+ /**
+ * Token Type
+ * @return
+ */
+ public String tokenType();
/**
* <p>
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/common/SAMLProtocolContext.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/common/SAMLProtocolContext.java
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/common/SAMLProtocolContext.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.saml.v2.common;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+
+/**
+ * <p>
+ * A SAML2 specification based instance of {@code ProtocolContext}
+ * </p>
+ * <p>
+ * This instance is used to pass information from the IDP to the Core STS.
+ * </p>
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 30, 2010
+ */
+public class SAMLProtocolContext implements ProtocolContext
+{
+ protected NameIDType issuerID;
+
+ protected SubjectType subjectType;
+
+ protected ConditionsType conditions;
+
+ protected List<StatementAbstractType> statements = new
ArrayList<StatementAbstractType>();
+
+ protected AssertionType issuedAssertion;
+
+ public NameIDType getIssuerID()
+ {
+ return issuerID;
+ }
+
+ public void setIssuerID( NameIDType issuerID)
+ {
+ this.issuerID = issuerID;
+ }
+
+ public SubjectType getSubjectType()
+ {
+ return subjectType;
+ }
+
+ public void setSubjectType(SubjectType subjectType)
+ {
+ this.subjectType = subjectType;
+ }
+
+ public ConditionsType getConditions()
+ {
+ return conditions;
+ }
+
+ public void setConditions(ConditionsType conditions)
+ {
+ this.conditions = conditions;
+ }
+
+ public List<StatementAbstractType> getStatements()
+ {
+ return Collections.unmodifiableList( statements );
+ }
+
+ public void setStatements(List<StatementAbstractType> statements)
+ {
+ this.statements = statements;
+ }
+
+ public AssertionType getIssuedAssertion()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ return issuedAssertion;
+ }
+
+ public void setIssuedAssertion(AssertionType issuedAssertion)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ this.issuedAssertion = issuedAssertion;
+ }
+
+ public String serviceName()
+ {
+ return null;
+ }
+
+ public String tokenType()
+ {
+ return JBossSAMLURIConstants.ASSERTION_NSURI.get();
+ }
+
+ public QName getQName()
+ {
+ String localPart = JBossSAMLConstants.ASSERTION.get();
+ String ns = tokenType();
+ return new QName( ns, localPart );
+ }
+}
\ No newline at end of file
Deleted:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -1,109 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.saml.v2.factories;
-
-import java.net.URI;
-
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.datatype.XMLGregorianCalendar;
-
-import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
-import org.xml.sax.SAXException;
-
-/**
- * Factory for SAML2 AuthnRequest
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 9, 2008
- */
-public class JBossSAMLAuthnRequestFactory
-{
- private static String pkgName =
"org.picketlink.identity.federation.saml.v2.protocol:org.picketlink.identity.xmlsec.w3.xmldsig";
- private static String schemaLocation =
"schema/saml/v2/saml-schema-protocol-2.0.xsd";
-
- /**
- * Create an AuthnRequestType
- * @param id Id of the request
- * @param assertionConsumerURL URL of the requestor where the response assertion is
requested
- * @param issuerValue URL of the issuer
- * @return
- * @throws ConfigurationException
- */
- public static AuthnRequestType createAuthnRequestType(String id,
- String assertionConsumerURL, String destination, String issuerValue) throws
ConfigurationException
- {
- XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
-
- String version = JBossSAMLConstants.VERSION_2_0.get();
- AuthnRequestType authnRequest = new AuthnRequestType( id, version, issueInstant );
- authnRequest.setAssertionConsumerServiceURL( URI.create( assertionConsumerURL ));
- authnRequest.setProtocolBinding( URI.create(
JBossSAMLConstants.HTTP_POST_BINDING.get() ));
- if( destination != null )
- {
- authnRequest.setDestination( URI.create( destination ));
- }
-
- //Create an issuer
- NameIDType issuer = new NameIDType();
- issuer.setValue(issuerValue);
-
- authnRequest.setIssuer(issuer);
-
- return authnRequest;
- }
-
- /**
- * Get the validating marshaller
- * @param schemaValidation Whether schema validation is needed
- * @return
- * @throws JAXBException
- * @throws SAXException
- */
- public static Marshaller getValidatingMarshaller(boolean schemaValidation) throws
SAXException, JAXBException
- {
- if(schemaValidation)
- return JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation);
- else
- return JAXBUtil.getMarshaller(pkgName);
- }
-
- /**
- * Get the validating unmarshaller
- * @param schemaValidation whether schema validation is needed
- * @return
- * @throws SAXException
- * @throws JAXBException
- */
- public static Unmarshaller getValidatingUnmarshaller(boolean schemaValidation) throws
JAXBException, SAXException
- {
- if(schemaValidation)
- return JAXBUtil.getValidatingUnmarshaller(pkgName, schemaLocation);
- else
- return JAXBUtil.getUnmarshaller(pkgName);
- }
-}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -24,9 +24,6 @@
import java.net.URI;
import java.util.List;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.XMLGregorianCalendar;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
@@ -35,7 +32,6 @@
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
@@ -47,7 +43,6 @@
import
org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusCodeType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
-import org.xml.sax.SAXException;
/**
* Factory for the SAML v2 Authn Response
@@ -55,10 +50,7 @@
* @since Dec 9, 2008
*/
public class JBossSAMLAuthnResponseFactory
-{
- private static String pkgName =
"org.picketlink.identity.federation.saml.v2.protocol:org.picketlink.identity.xmlsec.w3.xmldsig:org.picketlink.identity.xmlsec.w3.xmlenc";
- private static String schemaLocation =
"schema/saml/v2/saml-schema-protocol-2.0.xsd";
-
+{
/**
* Create a StatusType given the status code uri
* @param statusCodeURI
@@ -175,54 +167,5 @@
responseType.addAssertion( new RTChoiceType( assertionType ));
return responseType;
- }
-
- /**
- * Get the JAXB2 marshaller
- * @return
- * @throws JAXBException
- * @throws SAXException
- */
- public static Marshaller getMarshaller() throws SAXException, JAXBException
- {
- return JAXBUtil.getMarshaller(pkgName);
- }
-
- /**
- * Get the JAXB2 Unmarshaller
- * @return
- * @throws SAXException
- * @throws JAXBException
- */
- public static Unmarshaller getUnmarshaller() throws JAXBException, SAXException
- {
- return JAXBUtil.getUnmarshaller(pkgName);
- }
-
- /**
- * Get the validating marshaller
- *
- * @param schemaValidation Whether schema validation is needed
- * @return
- * @throws JAXBException
- * @throws SAXException
- */
- public static Marshaller getValidatingMarshaller(boolean schemaValidation) throws
SAXException, JAXBException
- {
- if (schemaValidation)
- return JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation);
- else
- return JAXBUtil.getMarshaller(pkgName);
- }
-
- /**
- * Get the JAXB2 Unmarshaller
- * @return
- * @throws SAXException
- * @throws JAXBException
- */
- public static Unmarshaller getValidatingUnmarshaller() throws JAXBException,
SAXException
- {
- return JAXBUtil.getValidatingUnmarshaller(pkgName, schemaLocation);
- }
+ }
}
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -0,0 +1,262 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.saml.v2.providers;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.common.SAMLProtocolContext;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+
+/**
+ * <p>
+ * A {@code SecurityTokenProvider} implementation for the SAML2 Specification.
+ * </p>
+ * <p>
+ * This token provider does not handle the SAML20 Token Profile of the Oasis WS-Trust
Specification.
+ * @see {@code SAML20TokenProvider}
+ * </p>
+ * <p>
+ * Configurable Properties are:
+ * </p>
+ * <p>
+ * ASSERTION_VALIDITY: specify the validity of the assertion in miliseconds. (Example:
5000 = 5secs)
+ * </p>
+ * <p>
+ * CLOCK_SKEW: specify the clock skew of the conditions for assertion in miliseconds.
(Example: 2000 = 2secs)
+ * </p>
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 30, 2010
+ */
+public class SAML20AssertionTokenProvider implements SecurityTokenProvider
+{
+ public static final String NS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
+
+ private static Map<String, AssertionType> issuedAssertions = new
HashMap<String, AssertionType>();
+
+ private Map<String, String> properties;
+
+ private long ASSERTION_VALIDITY = 5000; //5secs in milis
+
+ private long CLOCK_SKEW = 2000; //2secs
+
+ public void initialize(Map<String, String> props)
+ {
+ this.properties = props;
+
+ String validity = this.properties.get( "ASSERTION_VALIDITY" );
+ if( validity != null )
+ {
+ ASSERTION_VALIDITY = Long.parseLong( validity );
+ }
+ String skew = this.properties.get( "CLOCK_SKEW" );
+ if( skew != null )
+ {
+ CLOCK_SKEW = Long.parseLong( skew );
+ }
+ }
+
+
+ /**
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+ */
+ public boolean supports(String namespace)
+ {
+ return NS.equals( namespace ) ;
+ }
+
+
+ /**
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void issueToken( ProtocolContext context ) throws ProcessingException
+ {
+ if( !(context instanceof SAMLProtocolContext ))
+ return;
+
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+
+ SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
+
+ NameIDType issuerID = samlProtocolContext.getIssuerID();
+ XMLGregorianCalendar issueInstant;
+ try
+ {
+ issueInstant = XMLTimeUtil.getIssueInstant();
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+ ConditionsType conditions = samlProtocolContext.getConditions();
+ SubjectType subject = samlProtocolContext.getSubjectType();
+ List<StatementAbstractType> statements =
samlProtocolContext.getStatements();
+
+ // generate an id for the new assertion.
+ String assertionID = IDGenerator.create("ID_");
+
+ AssertionType assertionType = SAMLAssertionFactory.createAssertion( assertionID,
+ issuerID , issueInstant, conditions, subject, statements );
+
+ try
+ {
+ AssertionUtil.createTimedConditions( assertionType, ASSERTION_VALIDITY,
CLOCK_SKEW );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+ catch (IssueInstantMissingException e)
+ {
+ throw new ProcessingException( e );
+ }
+
+ issuedAssertions.put( assertionID, assertionType );
+ samlProtocolContext.setIssuedAssertion( assertionType );
+ }
+
+ /**
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void renewToken( ProtocolContext context ) throws ProcessingException
+ {
+ if( !(context instanceof SAMLProtocolContext ))
+ return;
+
+
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
+
+ AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();
+
+ try
+ {
+ XMLGregorianCalendar currentTime = XMLTimeUtil.getIssueInstant();
+ issuedAssertion.updateIssueInstant( currentTime );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+
+ try
+ {
+ AssertionUtil.createTimedConditions( issuedAssertion, ASSERTION_VALIDITY,
CLOCK_SKEW );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+ catch (IssueInstantMissingException e)
+ {
+ throw new ProcessingException( e );
+ }
+ issuedAssertions.put( issuedAssertion.getID(), issuedAssertion );
+
+ samlProtocolContext.setIssuedAssertion( issuedAssertion );
+ }
+
+ /**
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void cancelToken( ProtocolContext context ) throws ProcessingException
+ {
+ if( !(context instanceof SAMLProtocolContext ))
+ return;
+
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
+ AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();
+ issuedAssertions.remove( issuedAssertion.getID() );
+ }
+
+ /**
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void validateToken( ProtocolContext context ) throws ProcessingException
+ {
+ if( !(context instanceof SAMLProtocolContext ))
+ return;
+
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+
+ SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
+
+ AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();
+
+ try
+ {
+ if( !AssertionUtil.hasExpired( issuedAssertion ) )
+ throw new ProcessingException( "Assertion has expired" );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException( e );
+ }
+
+ if( issuedAssertion == null )
+ throw new ProcessingException( "Assertion is null" );
+ if( issuedAssertions.get( issuedAssertion.getID() ) == null )
+ throw new ProcessingException( "Invalid Assertion" );
+ }
+
+
+ /**
+ *
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return NS;
+ }
+}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -88,7 +88,13 @@
}
/**
+ * <p>
* Add validity conditions to the SAML2 Assertion
+ * </p>
+ * <p>
+ * There is no clock skew added.
+ * @see {{@link #createTimedConditions(AssertionType, long, long)}
+ * </p>
* @param assertion
* @param durationInMilis
* @throws ConfigurationException
@@ -109,6 +115,31 @@
}
/**
+ * Add validity conditions to the SAML2 Assertion
+ * @param assertion
+ * @param durationInMilis
+ * @throws ConfigurationException
+ * @throws IssueInstantMissingException
+ */
+ public static void createTimedConditions(AssertionType assertion, long
durationInMilis, long clockSkew )
+ throws ConfigurationException, IssueInstantMissingException
+ {
+ XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
+ if(issueInstant == null)
+ throw new IssueInstantMissingException("assertion does not have issue
instant");
+ XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add( issueInstant,
durationInMilis + clockSkew );
+
+ ConditionsType conditionsType = new ConditionsType();
+
+ XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew
);
+
+ conditionsType.setNotBefore( beforeInstant );
+ conditionsType.setNotOnOrAfter(assertionValidityLength);
+
+ assertion.setConditions(conditionsType);
+ }
+
+ /**
* Check whether the assertion has expired
* @param assertion
* @return
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -21,11 +21,15 @@
*/
package org.picketlink.identity.federation.core.sts;
+import java.util.List;
+
import javax.xml.namespace.QName;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import
org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider;
+import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration;
/**
* <p>
@@ -41,7 +45,7 @@
*/
public class PicketLinkCoreSTS
{
- private RuntimePermission rte = new RuntimePermission( "org.picketlink.sts"
);
+ public static final RuntimePermission rte = new RuntimePermission(
"org.picketlink.sts" );
protected STSCoreConfig configuration;
@@ -61,9 +65,25 @@
public void initialize( STSCoreConfig config )
{
- this.configuration = config;
+ if( this.configuration != null )
+ {
+ List<SecurityTokenProvider> providers = config.getTokenProviders();
+ for( SecurityTokenProvider provider: providers )
+ this.configuration.addTokenProvider( provider.tokenType(), provider );
+ }
+ else
+ this.configuration = config;
}
+ public void installDefaultConfiguration()
+ {
+ if( configuration == null )
+ configuration = new PicketLinkSTSConfiguration();
+
+ //SAML2 Specification Provider
+ configuration.addTokenProvider( SAML20AssertionTokenProvider.NS, new
SAML20AssertionTokenProvider() );
+ }
+
/**
* Issue a security token
* @param protocolContext
@@ -158,6 +178,9 @@
private SecurityTokenProvider getProvider( ProtocolContext protocolContext )
{
+ if( configuration == null )
+ throw new RuntimeException( "Configuration is not set" );
+
SecurityTokenProvider provider = null;
//Special Case: WST Applies To
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/STSCoreConfig.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -24,6 +24,7 @@
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.Certificate;
+import java.util.List;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
@@ -153,11 +154,23 @@
* @return the {@code Certificate} obtained from the keystore, or {@code null} if no
certificate was found.
*/
public Certificate getCertificate(String alias);
-
+
/**
* Allows you to add a token provider to handle a particular namespace
- * @param str
+ * @param key
* @param provider
*/
- public void addTokenProvider( String str, SecurityTokenProvider provider );
+ public void addTokenProvider( String key, SecurityTokenProvider provider );
+
+ /**
+ * Get an unmodifiable list of token providers
+ * @return
+ */
+ public List<SecurityTokenProvider> getTokenProviders();
+
+ /**
+ * Remove a token provider with the passed key
+ * @param key
+ */
+ public void removeTokenProvider( String key );
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -25,6 +25,8 @@
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -41,6 +43,7 @@
import org.picketlink.identity.federation.core.config.TokenProvidersType;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
/**
@@ -181,7 +184,7 @@
throw new RuntimeException("Unable to construct the key manager:",
e);
}
}
- }
+ }
/*
* (non-Javadoc)
@@ -386,6 +389,32 @@
*/
public void addTokenProvider(String key, SecurityTokenProvider provider)
{
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
tokenProviders.put(key, provider);
}
+
+ /**
+ * @see {@code STSCoreConfig#removeTokenProvider(String)}
+ */
+ public void removeTokenProvider(String key)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ tokenProviders.remove(key);
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.sts.STSCoreConfig#getTokenProviders()
+ */
+ public List<SecurityTokenProvider> getTokenProviders()
+ {
+ List<SecurityTokenProvider> list = new
ArrayList<SecurityTokenProvider>();
+ list.addAll( tokenProviders .values());
+ return Collections.unmodifiableList(list);
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -17,7 +17,6 @@
*/
package org.picketlink.identity.federation.core.wstrust.plugins.saml;
-import java.net.URI;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
@@ -466,5 +465,13 @@
public boolean supports(String namespace)
{
return WSTrustConstants.BASE_NAMESPACE.equals(namespace);
+ }
+
+ /**
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return WSTrustConstants.BASE_NAMESPACE;
}
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -148,8 +148,21 @@
return this.properties;
}
+ /**
+ *
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+ */
public boolean supports(String namespace)
{
return WSTrustConstants.BASE_NAMESPACE.equals(namespace);
}
+
+ /**
+ *
+ * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return WSTrustConstants.BASE_NAMESPACE;
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java
===================================================================
---
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -27,7 +27,7 @@
import java.util.Set;
import javax.xml.datatype.XMLGregorianCalendar;
-
+
import org.w3c.dom.Element;
/**
@@ -157,4 +157,13 @@
{
this.signature = signature;
}
+
+ public void updateIssueInstant( XMLGregorianCalendar xg )
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( new RuntimePermission( "org.picketlink.sts") );
+
+ this.issueInstant = xg;
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -189,7 +189,7 @@
String identityURL,
Map<String, Object> attribs,
long assertionValidity, String requestID)
- throws ConfigurationException, IssueInstantMissingException
+ throws ConfigurationException, IssueInstantMissingException, ProcessingException
{
Document samlResponseDocument = null;
@@ -221,8 +221,8 @@
AttributeStatementType attrStatement =
StatementUtil.createAttributeStatement(roles);
assertion.addStatement( attrStatement );
- //Add timed conditions
- saml2Response.createTimedConditions(assertion, assertionValidity);
+ /*//Add timed conditions
+ saml2Response.createTimedConditions(assertion, assertionValidity);*/
//Add in the attributes information
if(attribs != null && attribs.size() > 0 )
@@ -359,6 +359,9 @@
/*JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
NameIDType nameID = jnameID.getValue();
*/
+ if( subject == null )
+ throw new ProcessingException( "Subject in the assertion is null"
);
+
STSubType subType = subject.getSubType();
if( subType == null )
throw new RuntimeException( "Unable to find subtype via subject"
);
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -72,6 +72,7 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
@@ -251,6 +252,10 @@
identityServer = new IdentityServer();
context.setAttribute(GeneralConstants.IDENTITY_SERVER, identityServer);
}
+
+ //Ensure the configuration in the STS
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ sts.installDefaultConfiguration();
}
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java 2010-12-30
16:49:15 UTC (rev 621)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java 2010-12-30
19:30:38 UTC (rev 622)
@@ -192,7 +192,7 @@
String identityURL,
long assertionValidity,
boolean supportSignature)
- throws ConfigurationException, IssueInstantMissingException
+ throws ConfigurationException, IssueInstantMissingException, ProcessingException
{
Document samlResponseDocument = null;
@@ -498,11 +498,11 @@
* @param status
* @param identityURL
* @param supportSignature
- * @return
+ * @return
* @throws ConfigurationException
*/
public Document getErrorResponse(String responseURL, String status,
- String identityURL, boolean supportSignature)
+ String identityURL, boolean supportSignature)
{
Document samlResponse = null;
ResponseType responseType = null;
@@ -529,6 +529,11 @@
{
if(trace) log.trace(e1);
responseType = saml2Response.createResponseType();
+ }
+ catch (ProcessingException e)
+ {
+ if(trace) log.trace( e );
+ responseType = saml2Response.createResponseType();
}
//Lets see how the response looks like
5105
days inactive
5105
days old
picketlink-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
picketlink-commits@lists.jboss.org