Author: dimuthul
Date: Fri Jan 25 01:25:11 2008
New Revision: 12883
Log:
Implementation of SAML1TokenBuilder.java
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/KeyDataHolder.java
Removed:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/X509CredentialImpl.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
Fri Jan 25 01:25:11 2008
@@ -435,7 +435,7 @@
}
}
- protected String getDisplayName(String URI) {
+ public String getDisplayName(String URI) {
ClaimDO temp = (ClaimDO) claimObjs.get(URI);
return temp.getDisplayTag();
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
Fri Jan 25 01:25:11 2008
@@ -109,6 +109,7 @@
public final static String ISSUER_SELF = IdentityConstants.NS
+ "/issuer/self";
+
/**
* [EMAIL PROTECTED]
*/
@@ -236,16 +237,20 @@
assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
Node assertionNode = assertion.toDOM();
String assertionId = assertion.getId();
-
+
if (!checkIsValidTokenType(ipData)) {
throw new IdentityProviderException("invalidTokenType",
new Object[] { ipData.getRequiredTokenType() });
}
- // String assertionId = "blah";
- // Element assertionNode = createSAMLAssertionAsDOM(ipData,
rahasData);
- // This will be required to send back to the requester in the RSTR
+/* DateTime notBefore = new DateTime();
+ DateTime notAfter = new DateTime(notBefore.getMillis() + (300 *
1000));
+ String assertionId = "bah";
+
+ Element assertionNode = createSAMLAssertionAsDOM(ipData,
rahasData, notBefore, notAfter, assertionId);
+ */
+
OMElement rstrElem = createRSTR(rahasData, notBefore, notAfter,
env, doc, assertionNode, assertionId, encryptedKey);
@@ -581,6 +586,7 @@
throw new IdentityProviderException("unknownClaimUri",
new String[] { uri });
}
+
SAMLAttribute attr = new SAMLAttribute(uri.substring(index + 1, uri
.length()), uri.substring(0, index), null, -1, list);
assertionList.add(attr);
@@ -724,7 +730,7 @@
}
/*
protected Element createSAMLAssertionAsDOM(IdentityProviderData ipData,
- RahasData rahasData) throws IdentityProviderException{
+ RahasData rahasData, DateTime notBefore, DateTime notAfter, String
assertionId) throws IdentityProviderException{
Element elem = null;
try {
@@ -736,7 +742,7 @@
}
SAMLTokenDirector director = new
SAMLTokenDirector(builder,rahasData, ipData);
- elem = director.createSAMLToken();
+ elem = director.createSAMLToken(notBefore, notAfter, assertionId);
} catch (IdentityProviderException e) {
//TODO
e.printStackTrace();
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/KeyDataHolder.java
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/KeyDataHolder.java
Fri Jan 25 01:25:11 2008
@@ -0,0 +1,117 @@
+package org.wso2.solutions.identity.sts.saml;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+
+import javax.crypto.SecretKey;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.CredentialContextSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.wso2.solutions.identity.IdentityProviderException;
+import org.wso2.solutions.identity.sts.KeyUtil;
+import org.wso2.utils.ServerConfiguration;
+
+public class KeyDataHolder implements X509Credential {
+
+ private String signatureAlgorithm = null;
+
+ private static KeyDataHolder instance = null;
+
+ private X509Certificate[] issuerCerts = null;
+
+ private PrivateKey issuerPK = null;
+
+
+ public static KeyDataHolder getInstance() throws IdentityProviderException{
+ if(instance == null){
+ instance = new KeyDataHolder();
+ }
+ return instance;
+ }
+
+ private KeyDataHolder() throws IdentityProviderException {
+ //do once - because this is a expensive operation
+ ServerConfiguration config = ServerConfiguration.getInstance();
+ String host = "http://"; + config.getFirstProperty("HostName");
+
+ String keyAlias = ServerConfiguration.getInstance().getFirstProperty(
+ "Security.KeyStore.KeyAlias");
+ issuerPK = (PrivateKey)KeyUtil.getPrivateKey(keyAlias);
+
+ issuerCerts = KeyUtil
+ .getServiceCertificateChain(keyAlias);
+
+ signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+
+ }
+
+ public String getSignatureAlgorithm() {
+ return signatureAlgorithm;
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgorithm) {
+ this.signatureAlgorithm = signatureAlgorithm;
+ }
+
+ public Collection<X509CRL> getCRLs() {
+ return null;
+ }
+
+ public X509Certificate getEntityCertificate() {
+ return issuerCerts[0];
+ }
+
+ public Collection<X509Certificate> getEntityCertificateChain() {
+ return Arrays.asList(issuerCerts);
+ }
+
+ public CredentialContextSet getCredentalContextSet() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public Class<? extends Credential> getCredentialType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public String getEntityId() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public Collection<String> getKeyNames() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public PrivateKey getPrivateKey() {
+ return issuerPK;
+ }
+
+ public PublicKey getPublicKey() {
+ return issuerCerts[0].getPublicKey();
+ }
+
+ public SecretKey getSecretKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public UsageType getUsageType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
Fri Jan 25 01:25:11 2008
@@ -1,37 +1,186 @@
package org.wso2.solutions.identity.sts.saml;
-import java.util.Date;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.namespace.QName;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
+import org.apache.xml.security.signature.XMLSignature;
+import org.joda.time.DateTime;
+import org.opensaml.saml1.core.Assertion;
+import org.opensaml.saml1.core.Attribute;
+import org.opensaml.saml1.core.AttributeStatement;
+import org.opensaml.saml1.core.AttributeValue;
+import org.opensaml.saml1.core.Conditions;
+import org.opensaml.saml1.core.ConfirmationMethod;
+import org.opensaml.saml1.core.Subject;
+import org.opensaml.saml1.core.SubjectConfirmation;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLConfigurator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallerFactory;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Element;
+import org.wso2.solutions.identity.IdentityConstants;
+import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.sts.IdentityProviderData;
+import org.wso2.solutions.identity.sts.IdentityProviderData.RequestedClaimData;
public class SAML1TokenBuilder implements SAMLTokenBuilder {
- public void createSAMLAssertion(Date notAfter, Date notBefore,
- String assertionId) {
- // TODO Auto-generated method stub
+ private static Log log = LogFactory.getLog(SAML2TokenBuilder.class);
+
+ private Assertion assertion = null;
+ private AttributeStatement attributeStmt = null;
+ private List signatureList = new ArrayList();
+ private Element signedAssertion = null;
+
+ public static final String CONF_KEY =
"urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
+
+ static {
+ try {
+ Class clazz = Configuration.class;
+ XMLConfigurator configurator = new XMLConfigurator();
+ String[] providerConfigs = { "conf/saml1-assertion-config.xml", };
+ for (String config : providerConfigs) {
+ configurator.load(clazz.getResourceAsStream(config));
+ }
+ } catch (ConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ public void createStatement(IdentityProviderData ipData, RahasData
rahasData)
+ throws IdentityProviderException {
+ if (log.isDebugEnabled()) {
+ log.debug("Begin SAML statement creation.");
+ }
+
+ attributeStmt = (AttributeStatement)
buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+
+ Subject subject = (Subject)
buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
+ SubjectConfirmation subjectConf = (SubjectConfirmation)
buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
+ ConfirmationMethod confMethod = (ConfirmationMethod)
buildXMLObject(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
+ confMethod.setConfirmationMethod(CONF_KEY);
+ subjectConf.getConfirmationMethods().add(confMethod);
+ subject.setSubjectConfirmation(subjectConf);
+
+ Map mapClaims = ipData.getRequestedClaims();
+
+ Iterator ite = mapClaims.values().iterator();
+
+ while (ite.hasNext()) {
+ RequestedClaimData claim = (RequestedClaimData) ite.next();
+ String uri = claim.uri;
+ if (uri.equals(IdentityConstants.CLAIM_PPID)) {
+ // Get this user's PPID
+ String name = ipData.getUserIdentifier();
+ claim.value = SAMLTokenDirector.createPPID(rahasData, name,
+ rahasData.getAppliesToEpr());
+ }
+
+ int index = uri.lastIndexOf("/");
+ String attrName = uri.substring(index + 1, uri.length());
+ String attrNamespace = uri.substring(0, index);
+
+ Attribute attribute = (Attribute)
buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
+ attribute.setAttributeName(attrName);
+ attribute.setAttributeNamespace(attrNamespace);
+
+ XMLObjectBuilderFactory builderFactory = Configuration
+ .getBuilderFactory();
+ XSStringBuilder attributeValueBuilder = (XSStringBuilder)
builderFactory
+ .getBuilder(XSString.TYPE_NAME);
+
+ XSString stringValue = attributeValueBuilder.buildObject(
+ AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(claim.value);
+ attribute.getAttributeValues().add(stringValue);
+ attributeStmt.getAttributes().add(attribute);
+ }
}
- public void createStatement(IdentityProviderData ipData, RahasData
rahasData) {
- // TODO Auto-generated method stub
+ public void createSAMLAssertion(DateTime notAfter, DateTime notBefore,
+ String assertionId) throws IdentityProviderException {
+ assertion = (Assertion) buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
+ Conditions conditions = (Conditions)
buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
+ conditions.setNotBefore(notBefore);
+ conditions.setNotOnOrAfter(notAfter);
+
+ /*
+ * TODO : is this needed ??? AudienceRestriction audience =
+ * (AudienceRestriction)
+ *
SAMLTokenDirector.buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
+ * audience. conditions.getAudienceRestrictionConditions()
+ */
+ assertion.setConditions(conditions);
+
+ assertion.getAttributeStatements().add(this.attributeStmt);
+ assertion.setID(assertionId);
}
- public Element getSAMLasDOM() {
- // TODO Auto-generated method stub
- return null;
+ public void setSignature(String signatureAlgorithm, X509Credential cred)
+ throws IdentityProviderException {
+ Signature signature = (Signature)
buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
+ signature.setSigningCredential(cred);
+ signature.setSignatureAlgorithm(XMLSignature.ALGO_ID_SIGNATURE_RSA);
+ signature
+
.setCanonicalizationAlgorithm(CanonicalizationMethod.INCLUSIVE);
+ assertion.setSignature(signature);
+ signatureList.add(signature);
+
}
- public void marshellAndSign() {
- // TODO Auto-generated method stub
+ public void marshellAndSign() throws IdentityProviderException {
+
+ try {
+ MarshallerFactory marshallerFactory = Configuration
+ .getMarshallerFactory();
+ Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
+ signedAssertion = marshaller.marshall(assertion);
+
+ Signer.signObjects(signatureList);
+
+ } catch (MarshallingException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
}
- public void setSignature(String signatureAlgorithm) {
- // TODO Auto-generated method stub
+ public Element getSAMLasDOM() throws IdentityProviderException {
+ return signedAssertion;
+ }
+ protected static XMLObject buildXMLObject(QName objectQName)
+ throws IdentityProviderException {
+ XMLObjectBuilder builder = Configuration.getBuilderFactory()
+ .getBuilder(objectQName);
+ if (builder == null) {
+ throw new IdentityProviderException(
+ "Unable to retrieve builder for object QName "
+ + objectQName);
+ }
+ return builder.buildObject(objectQName.getNamespaceURI(), objectQName
+ .getLocalPart(), objectQName.getPrefix());
}
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
Fri Jan 25 01:25:11 2008
@@ -1,21 +1,69 @@
package org.wso2.solutions.identity.sts.saml;
-import java.util.Date;
-
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.xml.security.x509.X509Credential;
import org.w3c.dom.Element;
+import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.sts.IdentityProviderData;
public class SAML2TokenBuilder implements SAMLTokenBuilder {
+
+ private static Log log = LogFactory.getLog(SAML2TokenBuilder.class);
+
+ private AttributeStatement attributeStatement = null;
+
+ public void createSAMLAssertion(DateTime notAfter, DateTime notBefore,
+ String assertionId) throws IdentityProviderException{
+
+ // String[] confirmationMethods = new String[] {
SAMLSubject.CONF_HOLDER_KEY };
+
+ // SAMLSubject subject = new SAMLSubject(null, Arrays//
+ // .asList(confirmationMethods), null, null);
- public void createSAMLAssertion(Date notAfter, Date notBefore,
- String assertionId) {
- // TODO Auto-generated method stub
}
- public void createStatement(IdentityProviderData ipData, RahasData
rahasData) {
- // TODO Auto-generated method stub
+ public void createStatement(IdentityProviderData ipData, RahasData
rahasData) throws IdentityProviderException{
+ // The SAMLSubject
+/* if (log.isDebugEnabled()) {
+ log.debug("Begin SAML statement creation.");
+ }
+
+ attributeStatement = (AttributeStatement)
SAMLTokenDirector.buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ Map mapClaims = ipData.getRequestedClaims();
+
+ Iterator ite = mapClaims.values().iterator();
+
+ while (ite.hasNext()) {
+ RequestedClaimData claim = (RequestedClaimData) ite.next();
+ String uri = claim.uri;
+ if (uri.equals(IdentityConstants.CLAIM_PPID)) {
+ // Get this user's PPID
+ String name = ipData.getUserIdentifier();
+ claim.value = SAMLTokenDirector.createPPID(rahasData, name,
rahasData
+ .getAppliesToEpr());
+ }
+
+ int index = uri.lastIndexOf("/");
+ String attributeName = uri.substring(index + 1, uri.length());
+ String attrNamespace = uri.substring(0, index);
+
+ Attribute attribute = (Attribute)
SAMLTokenDirector.buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration
+ .getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(
+ AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+
+ stringValue.setValue(claim.value);
+ attribute.getAttributeValues().add(stringValue);
+
+ attributeStatement.getAttributes().add(attribute);
+
+ }*/
}
@@ -28,7 +76,7 @@
// TODO Auto-generated method stub
}
- public void setSignature(String signatureAlgorithm) {
+ public void setSignature(String signatureAlgorithm, X509Credential cred) {
// TODO Auto-generated method stub
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
Fri Jan 25 01:25:11 2008
@@ -1,9 +1,10 @@
package org.wso2.solutions.identity.sts.saml;
-import java.util.Date;
-
import org.apache.rahas.RahasData;
+import org.joda.time.DateTime;
+import org.opensaml.xml.security.x509.X509Credential;
import org.w3c.dom.Element;
+import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.sts.IdentityProviderData;
/**
* The builder pattern.
@@ -12,13 +13,14 @@
*/
public interface SAMLTokenBuilder {
- void createStatement(IdentityProviderData ipData, RahasData rahasData);
+ void createStatement(IdentityProviderData ipData, RahasData rahasData)
throws IdentityProviderException;
- void createSAMLAssertion(Date notAfter, Date notBefore, String
assertionId);
+ void createSAMLAssertion(DateTime notAfter, DateTime notBefore,
+ String assertionId) throws IdentityProviderException;
- void setSignature(String signatureAlgorithm);
+ void setSignature(String signatureAlgorithm, X509Credential cred) throws
IdentityProviderException;
- void marshellAndSign();
+ void marshellAndSign() throws IdentityProviderException;
- Element getSAMLasDOM();
+ Element getSAMLasDOM() throws IdentityProviderException;
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
Fri Jan 25 01:25:11 2008
@@ -1,37 +1,29 @@
package org.wso2.solutions.identity.sts.saml;
-import java.util.Date;
-
-import javax.xml.namespace.QName;
-
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.rahas.RahasData;
+import org.apache.xml.security.utils.Base64;
+import org.joda.time.DateTime;
import org.opensaml.DefaultBootstrap;
-import org.opensaml.xml.Configuration;
import org.opensaml.xml.ConfigurationException;
-import org.opensaml.xml.XMLConfigurator;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.XMLObjectBuilder;
import org.w3c.dom.Element;
import org.wso2.solutions.identity.IdentityProviderException;
+import org.wso2.solutions.identity.persistence.IPPersistenceManager;
+import org.wso2.solutions.identity.persistence.dataobject.PPIDValueDO;
+import org.wso2.solutions.identity.persistence.dataobject.RelyingPartyDO;
import org.wso2.solutions.identity.sts.IdentityProviderData;
+import org.wso2.solutions.identity.sts.IdentityProviderUtil;
public class SAMLTokenDirector {
private SAMLTokenBuilder builder = null;
private RahasData rahasData = null;
private IdentityProviderData ipData = null;
- private String signatureAlgorithm = null;
-
+
static {
try {
DefaultBootstrap.bootstrap();
-
- Class clazz = Configuration.class;
- XMLConfigurator configurator = new XMLConfigurator();
- String[] providerConfigs = { "/saml-test-config.xml", };
- for (String config : providerConfigs) {
- configurator.load(clazz.getResourceAsStream(config));
- }
} catch (ConfigurationException e) {
e.printStackTrace();
throw new RuntimeException(e);
@@ -45,33 +37,88 @@
this.ipData = iData;
}
- public Element createSAMLToken() throws IdentityProviderException {
-
- Date notBefore = new Date();
- Date notAfter = new Date();
- notAfter.setTime(notBefore.getTime() + (300 * 1000));
- String assertionId = "blah";
-
+ public Element createSAMLToken(DateTime notBefore, DateTime notAfter,
String assertionId) throws IdentityProviderException {
+
+ KeyDataHolder keyDataHolder = KeyDataHolder.getInstance();
+ String signatureAlgorithm = keyDataHolder.getSignatureAlgorithm();
+
Element elem = null;
builder.createStatement(ipData, rahasData);
builder.createSAMLAssertion(notAfter, notBefore, assertionId);
- builder.setSignature(signatureAlgorithm);
+ builder.setSignature(signatureAlgorithm, keyDataHolder);
builder.marshellAndSign();
elem = builder.getSAMLasDOM();
return elem;
}
+
+
+ /**
+ * Obtain the ppid for the given user for the given rp.
+ *
+ * @param rahasData
+ * WS-Trust information in the issue request.
+ * @param name
+ * Name of the user/subject.
+ * @param appliesToEpr
+ * EPR element in wst:AppliesTo element.
+ * @return PPID value. If there's already an issued token then the ppid
+ * value will be reused.
+ * @throws IdentityProviderException
+ */
+ public static String createPPID(RahasData rahasData, String name,
+ OMElement appliesToEpr) throws IdentityProviderException {
+
+ String appliesToHostName = IdentityProviderUtil
+ .getAppliesToHostName(rahasData);
+ IPPersistenceManager db = IPPersistenceManager.getPersistanceManager();
+ PPIDValueDO[] ppidValueDOs = db.getPPIDValuesForUser(name);
+ PPIDValueDO ppidValueDO = null;
+ for (int i = 0; i < ppidValueDOs.length; i++) {
+ String hostName = null;
+ if (ppidValueDOs[i].getRelyingParty() != null) {
+ hostName = ppidValueDOs[i].getRelyingParty().getHostName();
+ } else if (ppidValueDOs[i].getPersonalRelyingParty() != null) {
+ hostName = ppidValueDOs[i].getPersonalRelyingParty()
+ .getIdentifier().getHostName();
+ }
+
+ if (hostName == null) {
+ throw new IdentityProviderException("hostNotTrusted",
+ new String[] { hostName });
+ }
+
+ if (appliesToHostName.equals(hostName)) {
+ ppidValueDO = ppidValueDOs[i];
+ }
+ }
+
+ if (ppidValueDO != null) {
+ // If we have already issued a PPID
+ // Then return that value
+ return ppidValueDO.getPpid();
+ } else {
+ // A new request targeted for a new RP
+ String newPpid = Base64.encode(UUIDGenerator.getUUID().getBytes());
+ ppidValueDO = new PPIDValueDO();
+ ppidValueDO.setUserId(name);
+ ppidValueDO.setPpid(newPpid);
+
+ // If the host is globally trusted
+ RelyingPartyDO rp = db.getRelyingParty(appliesToHostName);
+ if (rp != null) {
+ ppidValueDO.setRelyingParty(rp);
+ } else {
+ // Else the host MUST be personally trusted
+ ppidValueDO.setPersonalRelyingParty(db.getPersonalRelyingParty(
+ name, appliesToHostName));
+ }
+
+ db.create(ppidValueDO);
- public static XMLObject buildXMLObject(QName objectQName) throws Exception
{
- XMLObjectBuilder builder = Configuration.getBuilderFactory()
- .getBuilder(objectQName);
- if (builder == null) {
- throw new Exception("Unable to retrieve builder for object QName "
- + objectQName);
+ return newPpid;
}
- return builder.buildObject(objectQName.getNamespaceURI(), objectQName
- .getLocalPart(), objectQName.getPrefix());
}
}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
