[jboss-cvs] Picketlink SVN: r633 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Jan 10 11:25:51 EST 2011


Author: anil.saldhana at jboss.com
Date: 2011-01-10 11:25:50 -0500 (Mon, 10 Jan 2011)
New Revision: 633

Removed:
   federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
   federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
Log:
get rid of redundant valves

Deleted: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java	2011-01-10 16:25:30 UTC (rev 632)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java	2011-01-10 16:25:50 UTC (rev 633)
@@ -1,515 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors. 
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.bindings.tomcat.idp;
-
-import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.util.LifecycleSupport;
-import org.apache.catalina.valves.ValveBase;
-import org.apache.log4j.Logger;
-import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
-import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
-import org.picketlink.identity.federation.bindings.tomcat.TomcatRoleGenerator;
-import org.picketlink.identity.federation.bindings.util.ValveUtil;
-import org.picketlink.identity.federation.core.config.IDPType;
-import org.picketlink.identity.federation.core.config.TrustType;
-import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.core.exceptions.ParsingException;
-import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.interfaces.RoleGenerator;
-import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
-import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.web.constants.GeneralConstants;
-import org.picketlink.identity.federation.web.util.ConfigurationUtil;
-import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
-import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
-
-/**
- * Valve at the IDP that supports the HTTP/Redirect Binding
- * @author Anil.Saldhana at redhat.com
- * @since Dec 9, 2008
- */
-public class IDPRedirectValve extends ValveBase implements Lifecycle
-{ 
-   private static Logger log =  Logger.getLogger(IDPRedirectValve.class); 
-   private boolean trace = log.isTraceEnabled();
-   
-   protected IDPType idpConfiguration = null;
-   
-   private RoleGenerator rg = new TomcatRoleGenerator();
-
-   private long assertionValidity = 5000; // 5 seconds in miliseconds
-   
-   private String identityURL = null; 
-   
-   public IDPRedirectValve()
-   {
-      super();
-   }
-   
-   public void setRoleGenerator(String rgName)
-   {
-      try
-      {
-         Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(rgName);
-         rg = (RoleGenerator) clazz.newInstance();
-      }
-      catch (Exception e)
-      {
-         throw new RuntimeException(e);
-      } 
-   }
-
-   @Override
-   public void invoke(Request request, Response response) throws IOException, ServletException
-   {
-      boolean containsSAMLRequestMessage = this.hasSAMLRequestMessage(request); 
-      
-      //Lets check if the user has been authenticated
-      Principal userPrincipal = request.getPrincipal();
-      if(userPrincipal == null)
-      {
-         //Send it for user authentication
-         try
-         {
-            //Next in the invocation chain
-            getNext().invoke(request, response);
-         }
-         finally
-         { 
-            String referer = request.getHeader("Referer");
-            
-            if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
-            {
-               ResponseType errorResponseType = this.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get()); 
-               try
-               {
-                  send(errorResponseType, 
-                        request.getParameter(GeneralConstants.RELAY_STATE), response);
-               }
-               catch (ParsingException e)
-               {
-                 log.error(e);
-               }
-               catch (ProcessingException e)
-               {
-                  log.error(e);
-               }  
-               return;
-            } 
-
-            //User is authenticated as we are on the return path
-            userPrincipal = request.getPrincipal();
-            if(userPrincipal != null)
-            {
-               //Send valid saml response after processing the request
-               if(containsSAMLRequestMessage)
-               {
-                  RequestAbstractType requestAbstractType =  null;
-                  try
-                  {
-                     requestAbstractType = getSAMLRequest(request); 
-                     boolean isValid = this.validate(request);
-                     if(!isValid)
-                        throw new GeneralSecurityException("Validity Checks Failed");
-                     
-                     this.isTrusted(requestAbstractType.getIssuer().getValue());
-                     
-                     ResponseType responseType = this.getResponse(request, userPrincipal);
-                     send(responseType, request.getParameter(GeneralConstants.RELAY_STATE), response); 
-                  }
-                  catch (Exception e)
-                  { 
-                     log.error("Exception:" ,e); 
-                     if(requestAbstractType != null)
-                        referer = requestAbstractType.getIssuer().getValue();
-                     ResponseType errorResponseType = this.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_RESPONDER.get());
-                     try
-                     {
-                        send(errorResponseType, request.getParameter(GeneralConstants.RELAY_STATE), response);
-                     }
-                     catch (ParsingException e1)
-                     {
-                        log.error(e1);
-                     }
-                     catch (ProcessingException e1)
-                     {
-                        log.error(e1);
-                     }
-                  } 
-               }
-               else
-               {
-                  log.error("No SAML Request Message");
-                  if(trace)
-                     log.trace("Referer="+referer);
-                  throw new ServletException("No SAML Request Message");                
-               }
-            }
-         }
-      }   
-   }
-   
-   /**
-    * Verify that the issuer is trusted
-    * @param issuer
-    * @throws IssuerNotTrustedException
-    */
-   protected void isTrusted(String issuer) throws IssuerNotTrustedException
-   {
-      try
-      {
-         String issuerDomain = ValveUtil.getDomain(issuer);
-         TrustType idpTrust =  idpConfiguration.getTrust();
-         if(idpTrust != null)
-         {
-            String domainsTrusted = idpTrust.getDomains();
-            if(domainsTrusted.indexOf(issuerDomain) < 0)
-               throw new IssuerNotTrustedException(issuer); 
-         }
-      }
-      catch (Exception e)
-      {
-         throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
-      }
-   }
-   
-   protected void send(ResponseType responseType, String relayState, Response response) 
-   throws ParsingException, ProcessingException 
-   {
-      try
-      {
-         SAML2Response saml2Response = new SAML2Response();
-         ByteArrayOutputStream baos = new ByteArrayOutputStream(); 
-         saml2Response.marshall(responseType, baos);
-
-         String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
-
-         String destinationURL = responseType.getDestination();
-         if(trace) log.trace("IDP:Destination=" + destinationURL);
-
-         if(isNotNull(relayState))
-            relayState = RedirectBindingUtil.urlEncode(relayState);
-
-         StringBuilder finalDest = new StringBuilder(destinationURL);
-         if(destinationURL.contains("?"))
-            finalDest.append("&");
-         else
-            finalDest.append("?");
-         
-         finalDest.append( getDestinationQueryString(urlEncodedResponse, relayState) );
-         HTTPRedirectUtil.sendRedirectForResponder(finalDest.toString(), response);
-      } 
-      catch (IOException e)
-      {
-         throw new ProcessingException(e);
-      }   
-   }
-   
-   /**
-    * Generate a Destination URL for the HTTPRedirect binding
-    * with the saml response and relay state
-    * @param urlEncodedResponse
-    * @param urlEncodedRelayState
-    * @return
-    */
-   protected String getDestinationQueryString(String urlEncodedResponse, String urlEncodedRelayState)
-   {
-      StringBuilder sb = new StringBuilder();
-      sb.append("SAMLResponse=").append(urlEncodedResponse);
-      if(isNotNull(urlEncodedRelayState))
-         sb.append("&RelayState=").append(urlEncodedRelayState);
-      return sb.toString();
-   }
-
-   /**
-    * Validate the incoming Request
-    * @param request
-    * @return 
-    */
-   protected boolean validate(Request request) throws IOException,GeneralSecurityException
-   {
-     return this.hasSAMLRequestMessage(request);     
-   }
-   
-   private boolean hasSAMLRequestMessage(Request request)
-   {
-      return request.getParameter(GeneralConstants.SAML_REQUEST_KEY) != null;
-   }
-   
-   private RequestAbstractType getSAMLRequest(Request request) 
-   throws ParsingException, ConfigurationException, ProcessingException
-   {
-      String samlMessage = getSAMLMessage(request);
-      InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage); 
-      SAML2Request saml2Request = new SAML2Request();  
-      return saml2Request.getRequestType(is); 
-   }
-
-    
-   /**
-    * Create a response type
-    * @param request
-    * @param userPrincipal
-    * @return
-    * @throws ParsingException  
-    * @throws ConfigurationException 
-    * @throws ProcessingException 
-    */
-   protected ResponseType getResponse(Request request, Principal userPrincipal) 
-   throws ParsingException, ConfigurationException, ProcessingException
-   {
-      ResponseType responseType = null;
-
-      String samlMessage = getSAMLMessage(request);
-      InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage); 
-      SAML2Request saml2Request = new SAML2Request();
-      
-      AuthnRequestType authnRequestType = saml2Request.getAuthnRequestType(is);
-      
-      if(authnRequestType == null)
-         throw new IllegalStateException("AuthnRequest is null"); 
-
-      if(log.isTraceEnabled())
-      {
-         StringWriter sw = new StringWriter();
-         saml2Request.marshall(authnRequestType, sw);
-         
-         log.trace("IDPRedirectValve::AuthnRequest="+sw.toString()); 
-      }
-      SAML2Response saml2Response = new SAML2Response();
-            
-      //Create a response type
-      String id = IDGenerator.create("ID_");
-
-      IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL); 
-      issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
-
-      IDPInfoHolder idp = new IDPInfoHolder();
-      idp.setNameIDFormatValue(userPrincipal.getName());
-      idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
-      SPInfoHolder sp = new SPInfoHolder();
-      sp.setResponseDestinationURI( authnRequestType.getAssertionConsumerServiceURL().toASCIIString() );
-      responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
-      //Add information on the roles
-      List<String> roles = rg.generateRoles(userPrincipal);
-      AssertionType assertion = (AssertionType) responseType.getAssertions().get(0).getAssertion();
-
-      AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
-      assertion.addStatement( attrStatement );
-      
-      //Add timed conditions
-      try
-      {
-         saml2Response.createTimedConditions(assertion, this.assertionValidity);
-      }
-      catch (IssueInstantMissingException e1)
-      {
-         log.error(e1);
-      }
- 
-      //Lets see how the response looks like 
-      if(log.isTraceEnabled())
-      {
-         StringWriter sw = new StringWriter();
-         saml2Response.marshall(responseType, sw);
-          
-         log.trace("IDPRedirectValve::Response="+sw.toString()); 
-      }
-
-      return responseType; 
-   }
-   
-   private ResponseType getErrorResponse(String responseURL, String status) throws ServletException
-   {
-      try
-      {
-         ResponseType responseType = null; 
-         
-         SAML2Response saml2Response = new SAML2Response();
-               
-         //Create a response type
-         String id = IDGenerator.create("ID_");
-
-         IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL); 
-         issuerHolder.setStatusCode(status);
-         
-         IDPInfoHolder idp = new IDPInfoHolder();
-         idp.setNameIDFormatValue(null);
-         idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
-         SPInfoHolder sp = new SPInfoHolder();
-         sp.setResponseDestinationURI(responseURL);
-         responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder); 
-
-         //Lets see how the response looks like 
-         if(log.isTraceEnabled())
-         {
-            log.trace("ResponseType = ");
-            StringWriter sw = new StringWriter();
-            saml2Response.marshall(responseType, sw);
-            log.trace("IDPRedirectValve::Response="+sw.toString()); 
-         }
-
-         return responseType;       
-      }  
-      catch(Exception e)
-      {
-         log.error("Exception in getErrorResponse::",e);
-         throw new ServletException(e.getLocalizedMessage());
-      }
-   }
-   
-   private String getSAMLMessage(Request request)
-   {
-      return request.getParameter(GeneralConstants.SAML_REQUEST_KEY);
-   }
-   
-   //***************Catalina Lifecyle methods
-   /**
-    * The lifecycle event support for this component.
-    */
-   protected LifecycleSupport lifecycle = new LifecycleSupport(this);
-
-   /**
-    * Has this component been started yet?
-    */
-   private boolean started = false;
-
-
-
-   /**
-    * Add a lifecycle event listener to this component.
-    *
-    * @param listener The listener to add
-    */
-   public void addLifecycleListener(LifecycleListener listener) 
-   {
-       lifecycle.addLifecycleListener(listener);
-   }
-
-
-   /**
-    * Get the lifecycle listeners associated with this lifecycle. If this
-    * Lifecycle has no listeners registered, a zero-length array is returned.
-    */
-   public LifecycleListener[] findLifecycleListeners() 
-   {
-       return lifecycle.findLifecycleListeners();
-   }
-
-
-   /**
-    * Remove a lifecycle event listener from this component.
-    *
-    * @param listener The listener to add
-    */
-   public void removeLifecycleListener(LifecycleListener listener) 
-   {
-       lifecycle.removeLifecycleListener(listener);
-   }
-
-
-   /**
-    * Prepare for the beginning of active use of the public methods of this
-    * component.  This method should be called after <code>configure()</code>,
-    * and before any of the public methods of the component are utilized.
-    *
-    * @exception LifecycleException if this component detects a fatal error
-    *  that prevents this component from being used
-    */
-   public void start() throws LifecycleException
-   {
-       // Validate and update our current component state
-       if (started)
-           throw new LifecycleException
-               ("IDPRedirectValve already Started");
-       lifecycle.fireLifecycleEvent(START_EVENT, null);
-       started = true;
-       
-       String configFile = GeneralConstants.CONFIG_FILE_LOCATION; 
-       Context context = (Context) getContainer();
-       InputStream is = context.getServletContext().getResourceAsStream(configFile);
-       if(is == null)
-          throw new RuntimeException(configFile + " missing");
-       try
-       {
-          idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
-          this.identityURL = idpConfiguration.getIdentityURL();
-          if(trace)
-             log.trace("Identity Provider URL=" + this.identityURL); 
-          this.assertionValidity = idpConfiguration.getAssertionValidity();
-       }
-       catch (Exception e)
-       {
-          throw new RuntimeException(e);
-       }
-   }
-
-
-   /**
-    * Gracefully terminate the active use of the public methods of this
-    * component.  This method should be the last one called on a given
-    * instance of this component.
-    *
-    * @exception LifecycleException if this component detects a fatal error
-    *  that needs to be reported
-    */
-   public void stop() throws LifecycleException 
-   {
-       // Validate and update our current component state
-       if (!started)
-           throw new LifecycleException
-               ("IDPRedirectValve NotStarted");
-       lifecycle.fireLifecycleEvent(STOP_EVENT, null);
-       started = false;
-   } 
-}
\ No newline at end of file

Deleted: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java	2011-01-10 16:25:30 UTC (rev 632)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java	2011-01-10 16:25:50 UTC (rev 633)
@@ -1,238 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors. 
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.bindings.tomcat.idp;
-
-import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull;
-
-import java.io.IOException;
-import java.io.StringReader;
-import java.io.StringWriter;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.List;
-
-import javax.crypto.SecretKey;
-import javax.xml.namespace.QName;
-
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.connector.Request;
-import org.apache.log4j.Logger;
-import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
-import org.picketlink.identity.federation.core.config.AuthPropertyType;
-import org.picketlink.identity.federation.core.config.EncryptionType;
-import org.picketlink.identity.federation.core.config.KeyProviderType;
-import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.core.exceptions.ParsingException;
-import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.interfaces.TrustKeyConfigurationException;
-import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
-import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.CoreConfigUtil;
-import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
-import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
-import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-
-/**
- * Valve at the Identity Provider that supports
- * SAML2 HTTP/Redirect binding with digital signature support
- * and xml encryption
- * @author Anil.Saldhana at redhat.com
- * @since Jan 14, 2009
- */
-public class IDPRedirectWithSignatureValve extends IDPRedirectValve
-{   
-   private static Logger log = Logger.getLogger(IDPRedirectWithSignatureValve.class); 
-   private boolean trace = log.isTraceEnabled();
-   
-   private boolean ignoreSignature = false;
-   
-   private TrustKeyManager keyManager; 
-   
-   public IDPRedirectWithSignatureValve()
-   {
-      super();  
-   }
-   
-   /**
-    * Indicate whether the signature parameter in the request
-    * needs to be ignored
-    * @param val
-    */
-   public void setIgnoreSignature(String val)
-   {
-     if(isNotNull(val))
-        this.ignoreSignature = Boolean.valueOf(val); 
-   } 
-   
-   @Override
-   public void start() throws LifecycleException
-   { 
-      super.start();
-      KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
-      try
-      { 
-         this.keyManager = CoreConfigUtil.getTrustKeyManager(keyProvider);
-
-         List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
-         keyManager.setAuthProperties( authProperties ); 
-         
-         keyManager.setValidatingAlias(keyProvider.getValidatingAlias()); 
-         String canonicalizationMethod = idpConfiguration.getCanonicalizationMethod();
-
-         log.info( "IDPRedirectWithSignatureValve:: Setting the CanonicalizationMethod on XMLSignatureUtil::"  + canonicalizationMethod );
-         XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
-      }
-      catch(Exception e)
-      {
-         log.error("Exception reading configuration:",e);
-         throw new LifecycleException(e.getLocalizedMessage());
-      }
-      if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
-   }   
-   
-   @Override
-   protected boolean validate(Request request) throws IOException, GeneralSecurityException
-   {
-      boolean result = super.validate(request);
-      if( result == false)
-         return result;
-      
-      if(this.ignoreSignature)
-      {
-         if(trace) log.trace("Since signature is to be ignored, validation returns"); 
-         return true;  
-      }
-      
-      String queryString = request.getQueryString();
-      //Check if there is a signature   
-      byte[] sigValue = RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
-      if(sigValue == null)
-         return false;
-      
-      PublicKey validatingKey;
-      try
-      {
-         validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
-      }
-      catch (TrustKeyConfigurationException e)
-      {
-         throw new GeneralSecurityException(e.getCause());
-      }
-      catch (TrustKeyProcessingException e)
-      {
-         throw new GeneralSecurityException(e.getCause());
-      }
-      
-      return RedirectBindingSignatureUtil.validateSignature(queryString, validatingKey, sigValue); 
-   }
-   
-   @Override
-   protected String getDestinationQueryString(String urlEncodedResponse, String urlEncodedRelayState)
-   {
-      try
-      {
-         //Get the signing key  
-         PrivateKey signingKey = keyManager.getSigningKey();
-         String url = RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse, urlEncodedRelayState, signingKey);
-         return url;
-      }
-      catch(Exception e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-   
-   @Override
-   protected ResponseType getResponse(Request request, Principal userPrincipal) 
-   throws ParsingException, ConfigurationException, ProcessingException
-   {
-      SAML2Response saml2Response = new SAML2Response();
-      
-      ResponseType responseType =  super.getResponse(request, userPrincipal);
-     
-      //If there is a configuration to encrypt
-      if(this.idpConfiguration.isEncrypt())
-      {
-         //Need to encrypt the assertion
-         String sp = responseType.getDestination();
-         if(sp == null)
-            throw new IllegalStateException("Unable to handle encryption as SP url is null");
-         try
-         {
-            URL spurl = new URL(sp); 
-            PublicKey publicKey = keyManager.getValidatingKey(spurl.getHost());
-            EncryptionType enc = idpConfiguration.getEncryption();
-            if(enc == null)
-               throw new IllegalStateException("EncryptionType not configured");
-            String encAlgo = enc.getEncAlgo().value();
-            int keyLength = enc.getKeySize();
-            //Generate a key on the fly
-            SecretKey sk = keyManager.getEncryptionKey(spurl.getHost(), encAlgo, keyLength);
-            
-            StringWriter sw = new StringWriter();
-            saml2Response.marshall(responseType, sw);
-            
-            Document responseDoc = DocumentUtil.getDocument(new StringReader(sw.toString()));  
-      
-            String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
-            
-            QName assertionQName = new QName(assertionNS, "EncryptedAssertion", "saml");
-            
-            Element encAssertion = XMLEncryptionUtil.encryptElementInDocument(responseDoc,
-                            publicKey, sk, keyLength, assertionQName, true);
-            
-            
-            EncryptedAssertionType eet = saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
-            responseType.addAssertion( new RTChoiceType( eet ));
-         }
-         catch (MalformedURLException e)
-         {
-            throw new ParsingException(e);
-         }  
-         catch (Exception e)
-         {
-            throw new ProcessingException(e);
-         } 
-      }
-      //Lets see how the response looks like 
-      if(log.isTraceEnabled())
-      {
-         StringWriter sw = new StringWriter();
-         saml2Response.marshall(responseType, sw);
-          
-         log.trace("IDPRedirectValveWithSignature::Response="+sw.toString()); 
-      }
-      return responseType;
-   } 
-}
\ No newline at end of file



More information about the jboss-cvs-commits mailing list