Author: dimuthul
Date: Wed Feb 6 18:59:08 2008
New Revision: 13360
Log:
Adding comments to the classes I added yesterday.
Throwing exceptions nicely
Adding internationalization.
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/IssuerCertificateUtil.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenConsumer.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenVerifier.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SelfSignVerficationKeyHolder.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SignVerificationKeyHolder.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/TokenHolder.java
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
Wed Feb 6 18:59:08 2008
@@ -1,3 +1,5 @@
+errorInTokenVerification=Error in token verification : {0}
+noAlias = Trust store does not contain the alias provided : {0}
invalidKeyValueCount = Invalid key value count inside KeyInfo
receivedEncryuptedToken = Received encrypted token : {0}
verifyingDecryptedToken = Verifying decrpted token
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/IssuerCertificateUtil.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/IssuerCertificateUtil.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/IssuerCertificateUtil.java
Wed Feb 6 18:59:08 2008
@@ -90,7 +90,14 @@
*/
}
-
+
+ /**
+ * Performs the black list check
+ * @param blackList Array of Lists. One Array element contains the
Issuer's cert DN
+ * @param cert
+ * @return
+ * @throws RelyingPartyException
+ */
public static boolean doBlackListCheck(List[] blackList, X509Certificate
cert)
throws RelyingPartyException {
boolean isGreenLight = true;
@@ -116,6 +123,14 @@
return isGreenLight;
}
+ /**
+ * Do a white list check
+ *
+ * @param whiteList Array of Lists. One Array element contains the
Issuer's cert DN
+ * @param cert
+ * @return
+ * @throws RelyingPartyException
+ */
public static boolean doWhiteListCheck(List[] whiteList, X509Certificate
cert)
throws RelyingPartyException {
boolean isGreenLight = false;
@@ -137,6 +152,11 @@
return isGreenLight;
}
+ /**
+ * Retrieves the CN of the subject of the given Certificate
+ * @param cert
+ * @return
+ */
public static String getCNOfSubject(X509Certificate cert) {
String dn = cert.getIssuerDN().getName();
if (dn.contains("CN=")) {
@@ -148,6 +168,11 @@
return null;
}
+ /**
+ * Retrieves the DN Of Issuer
+ * @param inString
+ * @return
+ */
public static List getDNOfIssuer(String inString) {
X509NameTokenizer nmTokens = new X509NameTokenizer(inString);
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenConsumer.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenConsumer.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenConsumer.java
Wed Feb 6 18:59:08 2008
@@ -31,14 +31,26 @@
private SAMLTokenConsumer() {
}
-
+
+ /**
+ * Returns the SAMLTokenConsuer
+ * @return
+ */
public static SAMLTokenConsumer getInstance() {
if (consumer == null) {
consumer = new SAMLTokenConsumer();
}
return consumer;
}
-
+
+
+ /**
+ * Validates and sets attributes appropriately
+ * @param request
+ * @param xmlToken
+ * @param data
+ * @throws RelyingPartyException
+ */
public void setInfocardSessionAttributes(HttpServletRequest request,
String xmlToken, RelyingPartyData data)
throws RelyingPartyException {
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenVerifier.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenVerifier.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenVerifier.java
Wed Feb 6 18:59:08 2008
@@ -19,12 +19,9 @@
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.net.URI;
-import java.net.URISyntaxException;
import java.security.KeyStore;
-import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
-import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
@@ -39,11 +36,8 @@
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.EncryptionConstants;
-
-import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Exponent;
import org.opensaml.xml.signature.KeyValue;
@@ -51,7 +45,6 @@
import org.opensaml.xml.signature.RSAKeyValue;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureValidator;
-import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.wso2.solutions.identity.IdentityConstants;
@@ -199,21 +192,10 @@
holder.populateAttributeTable(this.attributeTable);
- }catch(InvalidKeySpecException e){
- e.printStackTrace();
- }catch(NoSuchAlgorithmException e) {
- e.printStackTrace();
- }catch (Base64DecodingException e){
- e.printStackTrace();
- }catch (UnmarshallingException e){
- e.printStackTrace();
- }catch (URISyntaxException e) {
- e.printStackTrace();
- } catch (ValidationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
+ }catch(Exception e){
+ log.debug(e);
+ throw new RelyingPartyException("errorInTokenVerification",new
Object[]{e.getMessage()});
+ }
if (log.isDebugEnabled()) {
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SelfSignVerficationKeyHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SelfSignVerficationKeyHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SelfSignVerficationKeyHolder.java
Wed Feb 6 18:59:08 2008
@@ -18,6 +18,10 @@
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.x509.X509Credential;
+/**
+ * X509Credential implementation for signature verification of self issued
tokens.
+ * The key is constructed from modulus and exponent
+ */
public class SelfSignVerficationKeyHolder implements X509Credential {
private PublicKey publicKey = null;
@@ -26,6 +30,13 @@
}
+ /**
+ * The key is constructed form modulus and exponent.
+ * @param modulus
+ * @param publicExponent
+ * @throws NoSuchAlgorithmException
+ * @throws InvalidKeySpecException
+ */
public void setPublicKey(BigInteger modulus, BigInteger publicExponent)
throws NoSuchAlgorithmException, InvalidKeySpecException {
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus,
@@ -34,6 +45,9 @@
publicKey = keyFactory.generatePublic(spec);
}
+ /**
+ * Retrieves the publicKey
+ */
public PublicKey getPublicKey() {
return publicKey;
}
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SignVerificationKeyHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SignVerificationKeyHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SignVerificationKeyHolder.java
Wed Feb 6 18:59:08 2008
@@ -20,24 +20,47 @@
import org.opensaml.xml.security.x509.X509Credential;
import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
+/**
+ * X509Credential implementation for signature verification of IdP issued
tokens.
+ * The store contains the trusted IdP certificates.
+ */
public class SignVerificationKeyHolder implements X509Credential {
+ /**
+ * Trusted Key store
+ */
private KeyStore keyStore = null;
+
+ /**
+ * The entityId of the token issuer
+ */
private String entityId = null;
+
+ /**
+ * Constructor.
+ * Must be given the trusted key store and the alias.
+ * If trust does not contain the alias an Exception is thrown.
+ * @param store
+ * @param alias
+ * @throws RelyingPartyException
+ */
public SignVerificationKeyHolder(KeyStore store, String alias) throws
RelyingPartyException{
try {
boolean isContained = store.containsAlias(alias);
if(isContained == false){
- throw new RelyingPartyException("TODO");
+ throw new RelyingPartyException("noAlias", new
Object[]{alias});
}
} catch (KeyStoreException e) {
- throw new RelyingPartyException("TODO");
+ throw new RelyingPartyException("errorReadingKeyStore");
}
keyStore = store;
entityId = alias;
}
+ /**
+ * Get the certificate chain of the entity
+ */
public Collection<X509Certificate> getEntityCertificateChain() {
List lst = new ArrayList();
try {
@@ -48,6 +71,9 @@
return lst;
}
+ /**
+ * Retrieves the Entity Certificate
+ */
public X509Certificate getEntityCertificate() {
X509Certificate cert = null;
try {
@@ -58,7 +84,9 @@
return cert;
}
-
+ /**
+ * Retrieves the public key
+ */
public PublicKey getPublicKey() {
PublicKey key = null;
try {
@@ -70,6 +98,9 @@
return key;
}
+ /**
+ * Get hte entity Id - alias
+ */
public String getEntityId() {
return entityId;
}
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
Wed Feb 6 18:59:08 2008
@@ -21,7 +21,12 @@
private boolean isMultipleValues = false;
-
+ /**
+ * Creates the SAML object from the element
+ * This method must be called first
+ * @param elem
+ * @throws UnmarshallingException If the token creation fails
+ */
public void createToken(Element elem) throws UnmarshallingException{
UnmarshallerFactory unmarshallerFactory = Configuration
.getUnmarshallerFactory();
@@ -31,16 +36,26 @@
assertion = (Assertion) unmarshaller.unmarshall(elem);
}
+ /**
+ * @return the SAML signature.
+ */
public Signature getSAMLSignature() {
return assertion.getSignature();
}
-
+ /**
+ * Issuer of the SAML token
+ * @return
+ */
public String getIssuerName() {
return assertion.getIssuer();
}
+ /**
+ * Populates the attributes.
+ * @param attributeTable
+ */
public void populateAttributeTable(Map attributeTable) {
Iterator statements = assertion.getAttributeStatements().iterator();
while (statements.hasNext()) {
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/TokenHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/TokenHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/TokenHolder.java
Wed Feb 6 18:59:08 2008
@@ -8,12 +8,29 @@
public interface TokenHolder {
+ /**
+ * Creates the SAML object from the element
+ * This method must be called first
+ * @param elem
+ * @throws UnmarshallingException If the token creation fails
+ */
public void createToken(Element elem) throws UnmarshallingException;
+ /**
+ * @return the SAML signature.
+ */
public Signature getSAMLSignature();
+ /**
+ * Populates the attributes.
+ * @param attributeTable
+ */
public void populateAttributeTable(Map attributeTable);
+ /**
+ * Issuer of the SAML token
+ * @return
+ */
public String getIssuerName();
}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
