saml: SAMLUtil.java WSSecSignatureSAML.java

coheigea Wed, 22 Dec 2010 03:02:31 -0800

Author: coheigea
Date: Wed Dec 22 11:02:03 2010
New Revision: 1051832

URL: http://svn.apache.org/viewvc?rev=1051832&view=rev
Log:
[WSS-261] - Added support for processing SAML Subject Confirmation keys that 
use issuer serial.


Modified:
    
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java
    
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java

Modified: 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java?rev=1051832&r1=1051831&r2=1051832&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java
 (original)
+++ 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java
 Wed Dec 22 11:02:03 2010
@@ -34,6 +34,7 @@ import org.apache.xml.security.exception
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
 import org.opensaml.SAMLAssertion;
 import org.opensaml.SAMLAttributeStatement;
 import org.opensaml.SAMLAuthenticationStatement;
@@ -145,14 +146,21 @@ public class SAMLUtil {
 
                         if (ki.containsX509Data()) {
                             X509Data data = ki.itemX509Data(0);
-                            XMLX509Certificate certElem = null;
                             if (data != null && data.containsCertificate()) {
-                                certElem = data.itemCertificate(0);
-                            }
-                            if (certElem != null) {
-                                X509Certificate cert = 
certElem.getX509Certificate();
-                                certs = new X509Certificate[1];
-                                certs[0] = cert;
+                                XMLX509Certificate certElem = 
data.itemCertificate(0);
+                                if (certElem != null) {
+                                    X509Certificate cert = 
certElem.getX509Certificate();
+                                    certs = new X509Certificate[1];
+                                    certs[0] = cert;
+                                    return new SAMLKeyInfo(assertion, certs);
+                                }
+                            } else if (data != null && 
data.containsIssuerSerial()) {
+                                XMLX509IssuerSerial issuerSerial = 
data.itemIssuerSerial(0);
+                                String alias = 
+                                    crypto.getAliasForX509Cert(
+                                        issuerSerial.getIssuerName(), 
issuerSerial.getSerialNumber()
+                                    );
+                                certs = crypto.getCertificates(alias);
                                 return new SAMLKeyInfo(assertion, certs);
                             }
                         } else if (ki.containsKeyValue()) {

Modified: 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1051832&r1=1051831&r2=1051832&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
 (original)
+++ 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
 Wed Dec 22 11:02:03 2010
@@ -41,6 +41,7 @@ import org.apache.xml.security.exception
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.signature.XMLSignatureException;
 import org.apache.xml.security.transforms.TransformationException;
@@ -254,14 +255,20 @@ public class WSSecSignatureSAML extends 
 
                 if (ki.containsX509Data()) {
                     X509Data data = ki.itemX509Data(0);
-                    XMLX509Certificate certElem = null;
                     if (data != null && data.containsCertificate()) {
-                        certElem = data.itemCertificate(0);
-                    }
-                    if (certElem != null) {
-                        X509Certificate cert = certElem.getX509Certificate();
-                        certs = new X509Certificate[1];
-                        certs[0] = cert;
+                        XMLX509Certificate certElem = data.itemCertificate(0);
+                        if (certElem != null) {
+                            X509Certificate cert = 
certElem.getX509Certificate();
+                            certs = new X509Certificate[1];
+                            certs[0] = cert;
+                        }
+                    } else if (data != null && data.containsIssuerSerial()) {
+                        XMLX509IssuerSerial issuerSerial = 
data.itemIssuerSerial(0);
+                        String alias = 
+                            userCrypto.getAliasForX509Cert(
+                                issuerSerial.getIssuerName(), 
issuerSerial.getSerialNumber()
+                            );
+                        certs = userCrypto.getCertificates(alias);
                     }
                 }  else if (ki.containsKeyValue()) {
                     publicKey = ki.getPublicKey();

svn commit: r1051832 - in /webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml: SAMLUtil.java WSSecSignatureSAML.java

Reply via email to