Author: dimuthul
Date: Thu Jan 24 03:33:39 2008
New Revision: 12821
Log:
Code to add SAML2 support.
A beautiful builder pattern :)
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/X509CredentialImpl.java
Modified:
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/UIConstants.java
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/EditCardissuerConfigAction.java
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/ShowClaimsAction.java
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/ShowConfigureCardIssuerAction.java
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/UpdateClaimAction.java
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
trunk/solutions/identity/modules/identity-provider/pom.xml
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/Initializer.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/resources.properties
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
Modified:
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/UIConstants.java
==============================================================================
---
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/UIConstants.java
(original)
+++
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/UIConstants.java
Thu Jan 24 03:33:39 2008
@@ -59,6 +59,10 @@
public final static String SAML11 = "SAML11";
+ public final static String SAML20 = "SAML20";
+
+ public final static String OPENID = "OpenId";
+
public final static String MESSAGES = "mainMessages";
public final static String REPORT_USAGE = "usage";
Modified:
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/EditCardissuerConfigAction.java
==============================================================================
---
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/EditCardissuerConfigAction.java
(original)
+++
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/EditCardissuerConfigAction.java
Thu Jan 24 03:33:39 2008
@@ -42,6 +42,8 @@
private boolean samlVersion10 = false;
private boolean samlVersion11 = false;
+
+ private boolean samlVersion20 = false;
private File file = null;
Modified:
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/ShowClaimsAction.java
==============================================================================
---
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/ShowClaimsAction.java
(original)
+++
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/ShowClaimsAction.java
Thu Jan 24 03:33:39 2008
@@ -16,23 +16,27 @@
package org.wso2.solutions.identity.admin.ui.action;
-import org.wso2.solutions.identity.admin.ClaimsAdmin;
-import org.wso2.solutions.identity.persistence.dataobject.DialectDO;
-
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import org.wso2.solutions.identity.admin.ClaimsAdmin;
+import org.wso2.solutions.identity.persistence.dataobject.DialectDO;
+
public class ShowClaimsAction extends ManagedAction {
private static final long serialVersionUID = 8739996362847999381L;
- private List dialects;
+ private List dialects = new ArrayList();
+
+ private List attributeIds = new ArrayList();
public String execute() throws Exception {
ClaimsAdmin claimsAdmin = new ClaimsAdmin();
DialectDO[] dialectDOs = claimsAdmin.getAllDialects();
dialects = Arrays.asList((DialectDO[]) dialectDOs);
+
this.loadMessages();
return SUCCESS;
}
@@ -41,4 +45,13 @@
return dialects;
}
+ public List getAttributeIds() {
+ return attributeIds;
+ }
+
+ public void setAttributeIds(List attributeIds) {
+ this.attributeIds = attributeIds;
+ }
+
+
}
Modified:
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/ShowConfigureCardIssuerAction.java
==============================================================================
---
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/ShowConfigureCardIssuerAction.java
(original)
+++
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/ShowConfigureCardIssuerAction.java
Thu Jan 24 03:33:39 2008
@@ -42,19 +42,26 @@
String types =
admin.getParameterValue(IdentityConstants.PARAM_SUPPORTED_TOKEN_TYPES);
String[] arrTypes = types.split(",");
- tokenTypes = null;
+ tokenTypes = "";
+ StringBuffer buff = new StringBuffer();
for(int i=0; i<arrTypes.length; i++){
if(arrTypes[i].equals(IdentityConstants.SAML10_URL)){
- tokenTypes = UIConstants.SAML10;
+ buff.append(UIConstants.SAML10);
+ buff.append(", ");
} else if(arrTypes[i].equals(IdentityConstants.SAML11_URL)){
- if(tokenTypes == null){
- tokenTypes = UIConstants.SAML11;
- }else{
- tokenTypes = tokenTypes + " , "+UIConstants.SAML11;
- }
+ buff.append(UIConstants.SAML11);
+ buff.append(", ");
+ } else if(arrTypes[i].equals(IdentityConstants.SAML20_URL)){
+ buff.append(UIConstants.SAML20);
+ buff.append(", ");
}
}
+ if(buff.length()>1){
+ buff.deleteCharAt(buff.length()-1);
+ tokenTypes = buff.toString();
+ }
+
useSymmBinding =
admin.getParameter(IdentityConstants.PARAM_USE_SYMM_BINDING) != null;
return SUCCESS;
Modified:
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/UpdateClaimAction.java
==============================================================================
---
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/UpdateClaimAction.java
(original)
+++
trunk/solutions/identity/modules/admin-ui/src/main/java/org/wso2/solutions/identity/admin/ui/action/UpdateClaimAction.java
Thu Jan 24 03:33:39 2008
@@ -55,4 +55,14 @@
this.operation = operation;
}
+ public String getClaimUri() {
+ return claimUri;
+ }
+
+ public String getOperation() {
+ return operation;
+ }
+
+
+
}
Modified:
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
==============================================================================
---
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
(original)
+++
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
Thu Jan 24 03:33:39 2008
@@ -87,6 +87,7 @@
public final static String SAML10_URL =
"urn:oasis:names:tc:SAML:1.0:assertion";
public final static String SAML11_URL =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";;
+ public final static String SAML20_URL =
"urn:oasis:names:tc:SAML:2.0:assertion";
public final static String CARD_IMAGE_PATH = "/conf/card.jpg";
Modified: trunk/solutions/identity/modules/identity-provider/pom.xml
==============================================================================
--- trunk/solutions/identity/modules/identity-provider/pom.xml (original)
+++ trunk/solutions/identity/modules/identity-provider/pom.xml Thu Jan 24
03:33:39 2008
@@ -14,14 +14,17 @@
<resource>
<directory>src/main/java</directory>
</resource>
- </resources>
+ </resources>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
- <target>1.5</target>
- </configuration>
+ <target>1.5</target>
+ <excludes>
+ <exclude>org/wso2/solutions/identity/sts/saml/*</exclude>
+ </excludes>
+ </configuration>
</plugin>
</plugins>
</build>
@@ -90,4 +93,4 @@
</dependency>
</dependencies>
-</project>
\ No newline at end of file
+</project>
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/Initializer.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/Initializer.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/Initializer.java
Thu Jan 24 03:33:39 2008
@@ -293,7 +293,7 @@
}
ClaimDO claim = claimDOs[i];
-
+
// Following claims or a subset of it is required by the OpenID
// Simple Attribute Registration - So, we accept all these as
// required parameters, at a time user registers with us - still
@@ -331,11 +331,13 @@
|| claim.getUri().equals(IdentityConstants.CLAIM_NICKNAME)
|| claim.getUri().equals(IdentityConstants.CLAIM_DOB)
|| claim.getUri().equals(IdentityConstants.CLAIM_GENDER)
- ||
claim.getUri().equals(IdentityConstants.CLAIM_POSTAL_CODE)
+ || claim.getUri().equals(
+ IdentityConstants.CLAIM_POSTAL_CODE)
|| claim.getUri().equals(IdentityConstants.CLAIM_COUNTRY)
|| claim.getUri().equals(IdentityConstants.CLAIM_LANGUAGE)
|| claim.getUri().equals(IdentityConstants.CLAIM_TIME_ZONE)
- ||
claim.getUri().equals(IdentityConstants.CLAIM_GIVEN_NAME)
+ || claim.getUri()
+ .equals(IdentityConstants.CLAIM_GIVEN_NAME)
|| claim.getUri().equals(IdentityConstants.CLAIM_SURNAME)
|| claim.getUri().equals(IdentityConstants.CLAIM_PPID)) {
claim.setSupported(true);
@@ -419,11 +421,14 @@
*/
private void addParameters() throws Exception {
ParameterAdmin admin = new ParameterAdmin();
+
admin.createOrUpdatearameter(
IdentityConstants.PARAM_SUPPORTED_TOKEN_TYPES,
IdentityConstants.SAML10_URL + ","
+ IdentityConstants.SAML11_URL + ","
+ + IdentityConstants.SAML20_URL + ","
+ IdentityConstants.OpenId.OPENID_URL);
+
admin.createOrUpdatearameter(IdentityConstants.PARAM_CARD_NAME,
IdentityConstants.PARAM_VALUE_CARD_NAME);
admin.createOrUpdatearameter(IdentityConstants.PARAM_VALID_PERIOD,
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/resources.properties
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/resources.properties
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/resources.properties
Thu Jan 24 03:33:39 2008
@@ -9,7 +9,7 @@
issuerConfig = Loading information card issuer configuration : {0}
createdInfocardAt = Created information card at : {0}
infocardExpiresAt = Information card expires at : {0}
-
+invalidTokenType = This IdP cannot issue or not configured to issue tokens of
type : {0}
sessionFactoryCreationFailed = Initial SessionFactory creation failed
keyStoreException = Error accessing the keystore : {0}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
Thu Jan 24 03:33:39 2008
@@ -91,6 +91,8 @@
private String userIdentifier = null;
private String primaryId = null;
+
+ private String requiredTokenType = null;
/**
* Populate CardSpace specific meta-data.
@@ -110,6 +112,7 @@
processClaimsData(data, claimElem);
processInfoCardReference(rstElem);
readAuthenticationMechanism(data);
+ readRequestedTokenType(data);
processUserIdentifier(data);
populateClaimValues(data);
extracAndValidatetRPCert(data);
@@ -280,6 +283,11 @@
this.cardID = omCardID.getText();
}
+
+
+ private void readRequestedTokenType(RahasData data){
+ requiredTokenType = data.getTokenType();
+ }
/**
* Process and extract required claims information.
@@ -375,7 +383,6 @@
* used.
*
* @param rahasData
- * @return Identifier of the user.
*/
protected void processUserIdentifier(RahasData rahasData)
throws IdentityProviderException {
@@ -537,4 +544,16 @@
}
return cert;
}
+
+ public String getRequiredTokenType() {
+ return requiredTokenType;
+ }
+
+ public void setRequiredTokenType(String requiredTokenType) {
+ this.requiredTokenType = requiredTokenType;
+ }
+
+
+
+
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
Thu Jan 24 03:33:39 2008
@@ -70,6 +70,7 @@
import org.w3c.dom.Node;
import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderException;
+import org.wso2.solutions.identity.admin.ParameterAdmin;
import org.wso2.solutions.identity.admin.ReportAdmin;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.ActionDO;
@@ -102,8 +103,9 @@
String confileFilePath;
- protected IdentityProviderData ipData;
-
+ protected IdentityProviderData ipData = null;
+
+
public final static String ISSUER_SELF = IdentityConstants.NS
+ "/issuer/self";
@@ -161,7 +163,7 @@
* Create the response SOAP envelope.
*
* @param data
- * WS-Trust information in the issue request.
+ * WS-Trust information in the issue request.
* @return response SOAP envelope.
* @throws TrustException
*/
@@ -170,9 +172,6 @@
try {
- Date notBefore = new Date();
- Date notAfter = new Date();
- notAfter.setTime(notBefore.getTime() + (300 * 1000));
// Set the DOM impl to DOOM
DocumentBuilderFactoryImpl.setDOOMRequired(true);
@@ -212,13 +211,8 @@
}
- SAMLStatement[] statements = createSAMLStatements(ipData,
rahasData);
-
- // Assertion
ServerConfiguration config = ServerConfiguration.getInstance();
String host = "http://"; + config.getFirstProperty("HostName");
- SAMLAssertion assertion = new SAMLAssertion(host, notBefore,
- notAfter, null, null, Arrays.asList(statements));
// Sign the assertion
String keyAlias = ServerConfiguration.getInstance()
@@ -232,11 +226,28 @@
sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
}
Key issuerPK = KeyUtil.getPrivateKey(keyAlias);
+ Date notBefore = new Date();
+ Date notAfter = new Date();
+ notAfter.setTime(notBefore.getTime() + (300 * 1000));
+ SAMLStatement[] statements = createSAMLStatements(ipData,
rahasData);
+ SAMLAssertion assertion = new SAMLAssertion(host, notBefore,
+ notAfter, null, null, Arrays.asList(statements));
+
assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+ Node assertionNode = assertion.toDOM();
+ String assertionId = assertion.getId();
+
+ if (!checkIsValidTokenType(ipData)) {
+ throw new IdentityProviderException("invalidTokenType",
+ new Object[] { ipData.getRequiredTokenType() });
+ }
+
+ // String assertionId = "blah";
+ // Element assertionNode = createSAMLAssertionAsDOM(ipData,
rahasData);
// This will be required to send back to the requester in the RSTR
OMElement rstrElem = createRSTR(rahasData, notBefore, notAfter,
- env, doc, assertion, encryptedKey);
+ env, doc, assertionNode, assertionId, encryptedKey);
if (log.isDebugEnabled()) {
log.debug("Response created");
@@ -275,27 +286,27 @@
* Create the <code>wst:RequstedSecurityTokenRespoonse</code> element.
*
* @param data
- * WS-Trust information in the issue request
+ * WS-Trust information in the issue request
* @param notBefore
- * Created time
+ * Created time
* @param notAfter
- * Expiration time
+ * Expiration time
* @param env
- * Response SOAP envelope
+ * Response SOAP envelope
* @param doc
- * <code>org.w3.dom.Document</code> instance of the
- * response SOAP envelope
+ * <code>org.w3.dom.Document</code> instance of the response
+ * SOAP envelope
* @param assertion
- * SAML Assertion to be sent in the response.
+ * SAML Assertion to be sent in the response.
* @param encryptedKey
- * Key used to encrypt the SAML assertion.
+ * Key used to encrypt the SAML assertion.
* @return <code>wst:RequstedSecurityTokenRespoonse</code> element.
* @throws TrustException
* @throws SAMLException
*/
protected OMElement createRSTR(RahasData data, Date notBefore,
- Date notAfter, SOAPEnvelope env, Document doc,
- SAMLAssertion assertion, WSSecEncryptedKey encryptedKey)
+ Date notAfter, SOAPEnvelope env, Document doc, Node assertionElem,
+ String assertionId, WSSecEncryptedKey encryptedKey)
throws TrustException, SAMLException, IdentityProviderException {
if (log.isDebugEnabled()) {
log.debug("Begin RSTR Element creation.");
@@ -352,8 +363,7 @@
OMElement reqSecTokenElem = TrustUtil
.createRequestedSecurityTokenElement(wstVersion, rstrElem);
- Node tempNode = assertion.toDOM();
- Node assertionElement = doc.importNode(tempNode, true);
+ Node assertionElement = doc.importNode(assertionElem, true);
reqSecTokenElem.addChild((OMNode) assertionElement);
if (log.isDebugEnabled()) {
@@ -364,12 +374,12 @@
encryptSAMLAssertion(doc, (Element) assertionElement,
encryptedKey);
}
- createAttachedRef(rstrElem, assertion.getId());
- createUnattachedRef(rstrElem, assertion.getId());
+ createAttachedRef(rstrElem, assertionId);
+ createUnattachedRef(rstrElem, assertionId);
// Store the Token
- Token assertionToken = new Token(assertion.getId(), (OMElement) doc
- .importNode(assertion.toDOM(), true), notBefore, notAfter);
+ Token assertionToken = new Token(assertionId, (OMElement) doc
+ .importNode(assertionElem, true), notBefore, notAfter);
// At this point we definitely have the secret
// Otherwise it should fail with an exception earlier
@@ -380,7 +390,7 @@
if (log.isDebugEnabled()) {
log.debug("RSTR Elem created.");
}
- log.info("RSTR ready with token : " + assertion.getId());
+ log.info("RSTR ready with token : " + assertionId);
return rstrElem;
}
@@ -388,9 +398,9 @@
* Create and add wst:AttachedReference element
*
* @param rstrElem
- * wst:RequestSecurityToken element
+ * wst:RequestSecurityToken element
* @param id
- * Token identifier
+ * Token identifier
*/
protected void createAttachedRef(OMElement rstrElem, String id) {
OMFactory fac = rstrElem.getOMFactory();
@@ -414,9 +424,9 @@
* Create and add wst:UnattachedReference element
*
* @param rstrElem
- * wst:RequestSecurityToken element
+ * wst:RequestSecurityToken element
* @param id
- * Token identifier
+ * Token identifier
*/
protected void createUnattachedRef(OMElement rstrElem, String id) {
OMFactory fac = rstrElem.getOMFactory();
@@ -470,9 +480,9 @@
* Create the DisplayToken element according to CardSpace specifications.
*
* @param rahasData
- * Information from the WS-Trust request.
+ * Information from the WS-Trust request.
* @param ipData
- * CardSpace specific meta-data for this issuance.
+ * CardSpace specific meta-data for this issuance.
* @return The DisplayToken element.
*/
protected OMElement createDisplayToken(OMElement rstrElem,
@@ -523,9 +533,9 @@
* Create SAML attribute statements for the response token.
*
* @param ipData
- * Meta-data for this issuer.
+ * Meta-data for this issuer.
* @param rahasData
- * WS-Trust common information in the issue request.
+ * WS-Trust common information in the issue request.
* @return An array of SAML attribute statements
* @throws SAMLException
* @throws IdentityProviderException
@@ -594,11 +604,11 @@
* Obtain the ppid for the given user for the given rp.
*
* @param rahasData
- * WS-Trust information in the issue request.
+ * WS-Trust information in the issue request.
* @param name
- * Name of the user/subject.
+ * Name of the user/subject.
* @param appliesToEpr
- * EPR element in wst:AppliesTo element.
+ * EPR element in wst:AppliesTo element.
* @return PPID value. If there's already an issued token then the ppid
* value will be reused.
* @throws IdentityProviderException
@@ -683,7 +693,7 @@
* valid managed information card issued by the identity provider.
*
* @param cardId
- * Identifier of the information card.
+ * Identifier of the information card.
* @return Whether the card is valid or not.
* @throws IdentityProviderException
*/
@@ -712,5 +722,44 @@
throws Exception {
return new IdentityProviderData(rahasData);
}
+/*
+ protected Element createSAMLAssertionAsDOM(IdentityProviderData ipData,
+ RahasData rahasData) throws IdentityProviderException{
+
+ Element elem = null;
+ try {
+ SAMLTokenBuilder builder = null;
+ if
(ipData.getRequiredTokenType().equals(IdentityConstants.SAML10_URL)) {
+ builder = new SAML1TokenBuilder();
+ } else if
(ipData.getRequiredTokenType().equals(IdentityConstants.SAML20_URL)) {
+ builder = new SAML2TokenBuilder();
+ }
+
+ SAMLTokenDirector director = new
SAMLTokenDirector(builder,rahasData, ipData);
+ elem = director.createSAMLToken();
+ } catch (IdentityProviderException e) {
+ //TODO
+ e.printStackTrace();
+ }
+ return elem;
+ }
+*/
+ protected boolean checkIsValidTokenType(IdentityProviderData data)
+ throws IdentityProviderException {
+ boolean isValid = false;
+ String type = data.getRequiredTokenType();
+ ParameterAdmin admin = new ParameterAdmin();
+ String types = admin
+
.getParameterValue(IdentityConstants.PARAM_SUPPORTED_TOKEN_TYPES);
+ String[] arrTypes = types.split(",");
+
+ for (int i = 0; i < arrTypes.length; i++) {
+ if (arrTypes[i].equals(type)) {
+ isValid = true;
+ break;
+ }
+ }
+ return isValid;
+ }
}
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
Thu Jan 24 03:33:39 2008
@@ -0,0 +1,37 @@
+package org.wso2.solutions.identity.sts.saml;
+
+import java.util.Date;
+
+import org.apache.rahas.RahasData;
+import org.w3c.dom.Element;
+import org.wso2.solutions.identity.sts.IdentityProviderData;
+
+public class SAML1TokenBuilder implements SAMLTokenBuilder {
+
+ public void createSAMLAssertion(Date notAfter, Date notBefore,
+ String assertionId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void createStatement(IdentityProviderData ipData, RahasData
rahasData) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public Element getSAMLasDOM() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public void marshellAndSign() {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void setSignature(String signatureAlgorithm) {
+ // TODO Auto-generated method stub
+
+ }
+
+}
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
Thu Jan 24 03:33:39 2008
@@ -0,0 +1,35 @@
+package org.wso2.solutions.identity.sts.saml;
+
+import java.util.Date;
+
+import org.apache.rahas.RahasData;
+import org.w3c.dom.Element;
+import org.wso2.solutions.identity.sts.IdentityProviderData;
+
+public class SAML2TokenBuilder implements SAMLTokenBuilder {
+
+ public void createSAMLAssertion(Date notAfter, Date notBefore,
+ String assertionId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void createStatement(IdentityProviderData ipData, RahasData
rahasData) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public Element getSAMLasDOM() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public void marshellAndSign() {
+ // TODO Auto-generated method stub
+ }
+
+ public void setSignature(String signatureAlgorithm) {
+ // TODO Auto-generated method stub
+ }
+
+}
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
Thu Jan 24 03:33:39 2008
@@ -0,0 +1,24 @@
+package org.wso2.solutions.identity.sts.saml;
+
+import java.util.Date;
+
+import org.apache.rahas.RahasData;
+import org.w3c.dom.Element;
+import org.wso2.solutions.identity.sts.IdentityProviderData;
+/**
+ * The builder pattern.
+ * Builder interface.
+ * Concrete implementations build SAMLAssertions of different types.
+ */
+public interface SAMLTokenBuilder {
+
+ void createStatement(IdentityProviderData ipData, RahasData rahasData);
+
+ void createSAMLAssertion(Date notAfter, Date notBefore, String
assertionId);
+
+ void setSignature(String signatureAlgorithm);
+
+ void marshellAndSign();
+
+ Element getSAMLasDOM();
+}
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
Thu Jan 24 03:33:39 2008
@@ -0,0 +1,77 @@
+package org.wso2.solutions.identity.sts.saml;
+
+import java.util.Date;
+
+import javax.xml.namespace.QName;
+
+import org.apache.rahas.RahasData;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLConfigurator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.w3c.dom.Element;
+import org.wso2.solutions.identity.IdentityProviderException;
+import org.wso2.solutions.identity.sts.IdentityProviderData;
+
+public class SAMLTokenDirector {
+
+ private SAMLTokenBuilder builder = null;
+ private RahasData rahasData = null;
+ private IdentityProviderData ipData = null;
+ private String signatureAlgorithm = null;
+
+ static {
+ try {
+ DefaultBootstrap.bootstrap();
+
+ Class clazz = Configuration.class;
+ XMLConfigurator configurator = new XMLConfigurator();
+ String[] providerConfigs = { "/saml-test-config.xml", };
+ for (String config : providerConfigs) {
+ configurator.load(clazz.getResourceAsStream(config));
+ }
+ } catch (ConfigurationException e) {
+ e.printStackTrace();
+ throw new RuntimeException(e);
+ }
+ }
+
+ public SAMLTokenDirector(SAMLTokenBuilder builder, RahasData rData,
+ IdentityProviderData iData) throws IdentityProviderException {
+ this.builder = builder;
+ this.rahasData = rData;
+ this.ipData = iData;
+ }
+
+ public Element createSAMLToken() throws IdentityProviderException {
+
+ Date notBefore = new Date();
+ Date notAfter = new Date();
+ notAfter.setTime(notBefore.getTime() + (300 * 1000));
+ String assertionId = "blah";
+
+ Element elem = null;
+ builder.createStatement(ipData, rahasData);
+ builder.createSAMLAssertion(notAfter, notBefore, assertionId);
+ builder.setSignature(signatureAlgorithm);
+ builder.marshellAndSign();
+ elem = builder.getSAMLasDOM();
+
+ return elem;
+
+ }
+
+ public static XMLObject buildXMLObject(QName objectQName) throws Exception
{
+ XMLObjectBuilder builder = Configuration.getBuilderFactory()
+ .getBuilder(objectQName);
+ if (builder == null) {
+ throw new Exception("Unable to retrieve builder for object QName "
+ + objectQName);
+ }
+ return builder.buildObject(objectQName.getNamespaceURI(), objectQName
+ .getLocalPart(), objectQName.getPrefix());
+ }
+
+}
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/X509CredentialImpl.java
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/X509CredentialImpl.java
Thu Jan 24 03:33:39 2008
@@ -0,0 +1,132 @@
+package org.wso2.solutions.identity.sts.saml;
+
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import javax.crypto.SecretKey;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.CredentialContextSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.wso2.solutions.identity.sts.KeyUtil;
+import org.wso2.utils.ServerConfiguration;
+
+public class X509CredentialImpl implements Credential {
+
+ private KeyStore store = null;
+
+ public X509CredentialImpl() throws Exception {
+ //****** move to an init block one day
+ ServerConfiguration config = ServerConfiguration.getInstance();
+ String host = "http://"; + config.getFirstProperty("HostName");
+
+ // Sign the assertion
+ String keyAlias = ServerConfiguration.getInstance().getFirstProperty(
+ "Security.KeyStore.KeyAlias");
+ X509Certificate[] issuerCerts = KeyUtil
+ .getServiceCertificateChain(keyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+
+ }
+
+ public Collection<X509CRL> getCRLs() {
+ return null;
+ }
+
+ public X509Certificate getEntityCertificate() {
+ X509Certificate cert = null;
+
+ try {
+ cert = (X509Certificate) store.getCertificate("localhost");
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return cert;
+ }
+
+ public Collection<X509Certificate> getEntityCertificateChain() {
+ List<X509Certificate> lst = new ArrayList();
+ try {
+ X509Certificate[] certs = (X509Certificate[]) store
+ .getCertificateChain("localhost");
+ for (int i = 0; i < certs.length; i++) {
+ lst.add(certs[i]);
+ }
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return lst;
+ }
+
+ public CredentialContextSet getCredentalContextSet() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public Class<? extends Credential> getCredentialType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public String getEntityId() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public Collection<String> getKeyNames() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public PrivateKey getPrivateKey() {
+ PrivateKey key = null;
+ try {
+ key = (PrivateKey) store
+ .getKey("localhost", "wso2is".toCharArray());
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ } catch (UnrecoverableKeyException e) {
+ e.printStackTrace();
+ }
+ return key;
+ }
+
+ public PublicKey getPublicKey() {
+ X509Certificate cert = null;
+
+ try {
+ cert = (X509Certificate) store.getCertificate("localhost");
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return cert.getPublicKey();
+ }
+
+ public SecretKey getSecretKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public UsageType getUsageType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
