Author: dimuthul
Date: Thu Feb 7 01:25:57 2008
New Revision: 13389
Log:
Formatting my code ..... throwing exceptions ....... making it perfect.
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SignKeyDataHolder.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/IssuerCertificateUtil.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenConsumer.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenVerifier.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SelfSignVerficationKeyHolder.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SignVerificationKeyHolder.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/TokenHolder.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
Thu Feb 7 01:25:57 2008
@@ -59,16 +59,16 @@
try {
Class clazz = Configuration.class;
XMLConfigurator configurator = new XMLConfigurator();
- String[] providerConfigs = {"conf/saml1-assertion-config.xml"};
+ String[] providerConfigs = { "conf/saml1-assertion-config.xml" };
for (String config : providerConfigs) {
configurator.load(new FileInputStream(config));
}
- }catch (FileNotFoundException e){
+ } catch (FileNotFoundException e) {
log.debug(e);
- throw new RuntimeException(e);
- }catch (ConfigurationException e) {
+ throw new RuntimeException(e);
+ } catch (ConfigurationException e) {
log.debug(e);
- throw new RuntimeException(e);
+ throw new RuntimeException(e);
}
}
@@ -85,9 +85,9 @@
confMethod.setConfirmationMethod(CONF_KEY);
subjectConf.getConfirmationMethods().add(confMethod);
subject.setSubjectConfirmation(subjectConf);
-
+
attributeStmt.setSubject(subject);
-
+
Map mapClaims = ipData.getRequestedClaims();
Iterator ite = mapClaims.values().iterator();
@@ -130,10 +130,10 @@
Conditions conditions = (Conditions)
buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
conditions.setNotBefore(notBefore);
conditions.setNotOnOrAfter(notAfter);
-
+
ServerConfiguration config = ServerConfiguration.getInstance();
String host = "http://"; + config.getFirstProperty("HostName");
- assertion.setIssuer(host);
+ assertion.setIssuer(host);
/*
* TODO : is this needed ??? AudienceRestriction audience =
* (AudienceRestriction)
@@ -147,12 +147,13 @@
}
- public void setSignature(String signatureAlgorithm, X509Credential cred)
+ public void setSignature(String signatureAlgorithm, X509Credential cred)
throws IdentityProviderException {
Signature signature = (Signature)
buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(cred);
signature.setSignatureAlgorithm(XMLSignature.ALGO_ID_SIGNATURE_RSA);
-
signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signature
+
.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertion.setSignature(signature);
signatureList.add(signature);
}
@@ -168,7 +169,7 @@
} catch (MarshallingException e) {
log.debug(e);
- throw new IdentityProviderException("errorMarshellingOrSigning",e);
+ throw new IdentityProviderException("errorMarshellingOrSigning",
e);
}
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
Thu Feb 7 01:25:57 2008
@@ -101,12 +101,12 @@
Conditions conditions = (Conditions)
buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
conditions.setNotBefore(notBefore);
conditions.setNotOnOrAfter(notAfter);
-
+
ServerConfiguration config = ServerConfiguration.getInstance();
String host = "http://"; + config.getFirstProperty("HostName");
-
+
Issuer issuer = (Issuer) buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
- assertion.setIssuer(issuer);
+ assertion.setIssuer(issuer);
/*
* TODO : is this needed ??? AudienceRestriction audience =
* (AudienceRestriction)
@@ -117,7 +117,7 @@
assertion.getAttributeStatements().add(this.attributeStmt);
assertion.setID(assertionId);
-
+
Subject subject = (Subject)
buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
SubjectConfirmation subjectConf = (SubjectConfirmation)
buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
SubjectConfirmationData confData = (SubjectConfirmationData)
buildXMLObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenBuilder.java
Thu Feb 7 01:25:57 2008
@@ -6,19 +6,21 @@
import org.w3c.dom.Element;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.sts.IdentityProviderData;
+
/**
- * The builder pattern.
- * Builder interface.
- * Concrete implementations build SAMLAssertions of different types.
+ * The builder pattern. Builder interface. Concrete implementations build
+ * SAMLAssertions of different types.
*/
public interface SAMLTokenBuilder {
- void createStatement(IdentityProviderData ipData, RahasData rahasData)
throws IdentityProviderException;
+ void createStatement(IdentityProviderData ipData, RahasData rahasData)
+ throws IdentityProviderException;
- void createSAMLAssertion(DateTime notAfter, DateTime notBefore,
+ void createSAMLAssertion(DateTime notAfter, DateTime notBefore,
String assertionId) throws IdentityProviderException;
- void setSignature(String signatureAlgorithm, X509Credential cred) throws
IdentityProviderException;
+ void setSignature(String signatureAlgorithm, X509Credential cred)
+ throws IdentityProviderException;
void marshellAndSign() throws IdentityProviderException;
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAMLTokenDirector.java
Thu Feb 7 01:25:57 2008
@@ -20,7 +20,7 @@
private SAMLTokenBuilder builder = null;
private RahasData rahasData = null;
private IdentityProviderData ipData = null;
-
+
static {
try {
DefaultBootstrap.bootstrap();
@@ -37,11 +37,12 @@
this.ipData = iData;
}
- public Element createSAMLToken(DateTime notBefore, DateTime notAfter,
String assertionId) throws IdentityProviderException {
-
+ public Element createSAMLToken(DateTime notBefore, DateTime notAfter,
+ String assertionId) throws IdentityProviderException {
+
SignKeyDataHolder keyDataHolder = SignKeyDataHolder.getInstance();
String signatureAlgorithm = keyDataHolder.getSignatureAlgorithm();
-
+
Element elem = null;
builder.createStatement(ipData, rahasData);
builder.createSAMLAssertion(notAfter, notBefore, assertionId);
@@ -52,7 +53,6 @@
return elem;
}
-
/**
* Obtain the ppid for the given user for the given rp.
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SignKeyDataHolder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SignKeyDataHolder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SignKeyDataHolder.java
Thu Feb 7 01:25:57 2008
@@ -21,21 +21,21 @@
public class SignKeyDataHolder implements X509Credential {
private String signatureAlgorithm = null;
-
+
private static SignKeyDataHolder instance = null;
-
+
private X509Certificate[] issuerCerts = null;
-
+
private PrivateKey issuerPK = null;
-
-
- public static SignKeyDataHolder getInstance() throws
IdentityProviderException{
- if(instance == null){
+
+ public static SignKeyDataHolder getInstance()
+ throws IdentityProviderException {
+ if (instance == null) {
instance = new SignKeyDataHolder();
}
return instance;
}
-
+
private SignKeyDataHolder() throws IdentityProviderException {
//do once - because this is a expensive operation
ServerConfiguration config = ServerConfiguration.getInstance();
@@ -43,11 +43,10 @@
String keyAlias = ServerConfiguration.getInstance().getFirstProperty(
"Security.KeyStore.KeyAlias");
- issuerPK = (PrivateKey)KeyUtil.getPrivateKey(keyAlias);
-
- issuerCerts = KeyUtil
- .getServiceCertificateChain(keyAlias);
-
+ issuerPK = (PrivateKey) KeyUtil.getPrivateKey(keyAlias);
+
+ issuerCerts = KeyUtil.getServiceCertificateChain(keyAlias);
+
signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
@@ -55,7 +54,7 @@
}
}
-
+
public String getSignatureAlgorithm() {
return signatureAlgorithm;
}
@@ -97,11 +96,11 @@
}
public PrivateKey getPrivateKey() {
- return issuerPK;
+ return issuerPK;
}
public PublicKey getPublicKey() {
- return issuerCerts[0].getPublicKey();
+ return issuerCerts[0].getPublicKey();
}
public SecretKey getSecretKey() {
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
Thu Feb 7 01:25:57 2008
@@ -1,3 +1,6 @@
+errorValidatingIssuerPolicy = Error validating issuer policy
+errorBuildingIssuerInfo = Error building issuer info string
+errorInjectingData = Error injecting data to the stream
errorInTokenVerification=Error in token verification : {0}
noAlias = Trust store does not contain the alias provided : {0}
invalidKeyValueCount = Invalid key value count inside KeyInfo
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/IssuerCertificateUtil.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/IssuerCertificateUtil.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/IssuerCertificateUtil.java
Thu Feb 7 01:25:57 2008
@@ -90,7 +90,7 @@
*/
}
-
+
/**
* Performs the black list check
* @param blackList Array of Lists. One Array element contains the
Issuer's cert DN
@@ -98,8 +98,8 @@
* @return
* @throws RelyingPartyException
*/
- public static boolean doBlackListCheck(List[] blackList, X509Certificate
cert)
- throws RelyingPartyException {
+ public static boolean doBlackListCheck(List[] blackList,
+ X509Certificate cert) throws RelyingPartyException {
boolean isGreenLight = true;
if (cert == null) {
@@ -131,8 +131,8 @@
* @return
* @throws RelyingPartyException
*/
- public static boolean doWhiteListCheck(List[] whiteList, X509Certificate
cert)
- throws RelyingPartyException {
+ public static boolean doWhiteListCheck(List[] whiteList,
+ X509Certificate cert) throws RelyingPartyException {
boolean isGreenLight = false;
if (cert == null) {
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenConsumer.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenConsumer.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenConsumer.java
Thu Feb 7 01:25:57 2008
@@ -30,7 +30,6 @@
private static SAMLTokenConsumer consumer = null;
-
static {
try {
DefaultBootstrap.bootstrap();
@@ -39,11 +38,11 @@
throw new RuntimeException(e);
}
}
-
+
private SAMLTokenConsumer() {
}
-
+
/**
* Returns the SAMLTokenConsuer
* @return
@@ -54,10 +53,12 @@
}
return consumer;
}
-
-
+
/**
- * Validates and sets attributes appropriately
+ * The control flow is
+ * 1) Verify
+ * 2) Validate policies
+ * 3) Inject parameters into the HttpServletRequest
* @param request
* @param xmlToken
* @param data
@@ -71,28 +72,19 @@
Element plainTokenElem = verifier.decryptToken(xmlToken, data
.getPrivateKey());
-
boolean isAllSuccess = false;
- try {
-
- if (verifier.verifyDecryptedToken(plainTokenElem,
data.getTrustStore())) {
- if (validateIssuerInfoPolicy(verifier, data)) {
- isAllSuccess = true;
- }
- }
-
- if (isAllSuccess == false) {
- injectDataToRequestOnFailure(verifier, request);
- }else{
- injectDataToRequestOnSuccess(verifier, request);
+
+ if (verifier.verifyDecryptedToken(plainTokenElem,
data.getTrustStore())) {
+ if (validateIssuerInfoPolicy(verifier, data)) {
+ isAllSuccess = true;
}
-
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
}
-
+ if (isAllSuccess == false) {
+ injectDataToRequestOnFailure(verifier, request);
+ } else {
+ injectDataToRequestOnSuccess(verifier, request);
+ }
}
@@ -103,18 +95,19 @@
* @return Whether issue validation successful or not.
* @throws Exception
*/
- protected boolean validateIssuerInfoPolicy(SAMLTokenVerifier verifier,
RelyingPartyData data)
- throws RelyingPartyException {
+ protected boolean validateIssuerInfoPolicy(SAMLTokenVerifier verifier,
+ RelyingPartyData data) throws RelyingPartyException {
boolean validated = false;
String issuerName = verifier.getIssuerName();
String issuerPolicy = data.getIssuerPolicy();
String validatePolicy = data.getValidatePolicy();
-
+
try {
if (IdentityConstants.SELF_ISSUED_ISSUER.equals(issuerName)) {
if (issuerPolicy == null
- ||
issuerPolicy.equals(TokenVerifierConstants.SELF_ONLY)
+ || issuerPolicy
+ .equals(TokenVerifierConstants.SELF_ONLY)
|| issuerPolicy
.equals(TokenVerifierConstants.SELF_AND_MANGED)) {
validated = true;
@@ -122,33 +115,38 @@
} else if (issuerPolicy.equals(TokenVerifierConstants.SELF_ONLY)) {
// not a self issued card when self only
validated = false;
- } else if
(validatePolicy.equals(TokenVerifierConstants.PROMISCUOUS)) {
+ } else if (validatePolicy
+ .equals(TokenVerifierConstants.PROMISCUOUS)) {
validated = true;
} else if
(validatePolicy.equals(TokenVerifierConstants.BLACK_LIST)) {
X509Certificate signedCert = verifier.getSigningCert();
- IssuerCertificateUtil.doCertValidation(signedCert, issuerName,
data.getDefaultStorePass(), data.getTrustStore());
- if
(IssuerCertificateUtil.doBlackListCheck(data.getBlackList(),
verifier.getSigningCert())) {
+ IssuerCertificateUtil.doCertValidation(signedCert, issuerName,
+ data.getDefaultStorePass(), data.getTrustStore());
+ if (IssuerCertificateUtil.doBlackListCheck(data.getBlackList(),
+ verifier.getSigningCert())) {
validated = true;
}
} else if
(validatePolicy.equals(TokenVerifierConstants.WHITE_LIST)) {
X509Certificate signedCert = verifier.getSigningCert();
- IssuerCertificateUtil.doCertValidation(signedCert, issuerName,
data.getDefaultStorePass(), data.getTrustStore());
- if
(IssuerCertificateUtil.doWhiteListCheck(data.getWhiteList(),
verifier.getSigningCert())) {
+ IssuerCertificateUtil.doCertValidation(signedCert, issuerName,
+ data.getDefaultStorePass(), data.getTrustStore());
+ if (IssuerCertificateUtil.doWhiteListCheck(data.getWhiteList(),
+ verifier.getSigningCert())) {
validated = true;
}
- } else if
(validatePolicy.equals(TokenVerifierConstants.CERT_VALIDATE)) {
+ } else if (validatePolicy
+ .equals(TokenVerifierConstants.CERT_VALIDATE)) {
X509Certificate signedCert = verifier.getSigningCert();
- IssuerCertificateUtil.doCertValidation(signedCert, issuerName,
data.getDefaultStorePass(), data.getTrustStore());
+ IssuerCertificateUtil.doCertValidation(signedCert, issuerName,
+ data.getDefaultStorePass(), data.getTrustStore());
validated = true;
}
} catch (Exception e) {
- //TODO
- e.printStackTrace();
+ throw new RelyingPartyException("errorValidatingIssuerPolicy", e);
}
return validated;
}
-
protected void injectDataToRequestOnFailure(SAMLTokenVerifier verifier,
ServletRequest request) {
@@ -158,7 +156,7 @@
}
protected void injectDataToRequestOnSuccess(SAMLTokenVerifier verifier,
- ServletRequest request) throws Exception{
+ ServletRequest request) throws RelyingPartyException {
request.setAttribute(TokenVerifierConstants.SERVLET_ATTR_STATE,
TokenVerifierConstants.STATE_SUCCESS);
@@ -182,7 +180,7 @@
}
protected String getIssuerInfoString(SAMLTokenVerifier verifier)
- throws Exception {
+ throws RelyingPartyException {
String issuerInfo = null;
OMFactory factory = OMAbstractFactory.getOMFactory();
OMNamespace ns = factory.createOMNamespace(TokenVerifierConstants.NS,
@@ -190,38 +188,45 @@
List certficates = verifier.getCertificates();
Element keyInfo = verifier.getKeyInfoElement();
- Iterator ite = certficates.iterator();
- boolean siginingSet = false;
- OMElement certificates = null;
- OMElement certElem = null;
- while (ite.hasNext()) {
- X509Certificate cert = (X509Certificate) ite.next();
- byte[] encodedCert = cert.getEncoded();
- String base64Encoded = Base64.encode(encodedCert);
- if (certificates == null) {
- certificates = factory.createOMElement(
- TokenVerifierConstants.LN_CERTIFICATES, ns);
- }
+ OMElement certificates;
+ OMElement omKeyInfo;
+ try {
+ Iterator ite = certficates.iterator();
+ boolean siginingSet = false;
+ certificates = null;
+ OMElement certElem = null;
+ while (ite.hasNext()) {
+ X509Certificate cert = (X509Certificate) ite.next();
+ byte[] encodedCert = cert.getEncoded();
+ String base64Encoded = Base64.encode(encodedCert);
+ if (certificates == null) {
+ certificates = factory.createOMElement(
+ TokenVerifierConstants.LN_CERTIFICATES, ns);
+ }
- certElem = factory.createOMElement(
- TokenVerifierConstants.LN_CERTIFICATE, ns);
- if (siginingSet == false) {
- certElem.addAttribute(TokenVerifierConstants.LN_SIGNING_CERT,
- "true", null);
- siginingSet = true;
+ certElem = factory.createOMElement(
+ TokenVerifierConstants.LN_CERTIFICATE, ns);
+ if (siginingSet == false) {
+ certElem.addAttribute(
+ TokenVerifierConstants.LN_SIGNING_CERT, "true",
+ null);
+ siginingSet = true;
+ }
+ certElem.setText(base64Encoded);
+ certificates.addChild(certElem);
}
- certElem.setText(base64Encoded);
- certificates.addChild(certElem);
- }
- OMElement omKeyInfo = null;
- if (keyInfo != null) {
- String value = DOM2Writer.nodeToString(keyInfo);
- XMLStreamReader parser = XMLInputFactory.newInstance()
- .createXMLStreamReader(new StringReader(value));
- StAXOMBuilder builder = new StAXOMBuilder(parser);
- omKeyInfo = builder.getDocumentElement();
+ omKeyInfo = null;
+ if (keyInfo != null) {
+ String value = DOM2Writer.nodeToString(keyInfo);
+ XMLStreamReader parser = XMLInputFactory.newInstance()
+ .createXMLStreamReader(new StringReader(value));
+ StAXOMBuilder builder = new StAXOMBuilder(parser);
+ omKeyInfo = builder.getDocumentElement();
+ }
+ } catch (Exception e) {
+ throw new RelyingPartyException("errorBuildingIssuerInfo");
}
if (certificates != null) {
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenVerifier.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenVerifier.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SAMLTokenVerifier.java
Thu Feb 7 01:25:57 2008
@@ -56,9 +56,9 @@
import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
import org.wso2.solutions.identity.relyingparty.TokenVerifierConstants;
import org.wso2.solutions.identity.saml.relyingparty.tokens.SAML1TokenHolder;
+import org.wso2.solutions.identity.saml.relyingparty.tokens.SAML2TokenHolder;
import org.wso2.solutions.identity.saml.relyingparty.tokens.TokenHolder;
-
/**
* A SAML token is sent to a web application in a CardSpace login attempt
* and this can be used for decryption and verification of those tokens.
@@ -75,13 +75,13 @@
private List certificates = new ArrayList();
private Element keyInfoElement = null;
-
+
private String issuerName = null;
-
+
private boolean isMultipleValues = false;
-
+
private X509Certificate signingCert = null;
-
+
static {
Init.init();
}
@@ -128,91 +128,94 @@
* @return true if verification is successful and false if unsuccessful.
* @throws SAMLException
*/
- public boolean verifyDecryptedToken(Element decryptedElem, KeyStore
trustStore)
- throws RelyingPartyException {
-
- if (log.isDebugEnabled()) {
- log.debug(messages.getMessage("verifyingDecryptedToken"));
+ public boolean verifyDecryptedToken(Element decryptedElem,
+ KeyStore trustStore) throws RelyingPartyException {
+
+ if (log.isDebugEnabled()) {
+ log.debug(messages.getMessage("verifyingDecryptedToken"));
+ }
+
+ if (true) {
+ try {
+ String val = DOM2Writer.nodeToString(decryptedElem);
+ FileWriter writer = new FileWriter(new File("stuff.xml"));
+ writer.write(val.toCharArray());
+ writer.flush();
+ writer.close();
+ } catch (IOException e) {
+ e.printStackTrace();
}
-
-
- if(true){
- try {
- String val = DOM2Writer.nodeToString(decryptedElem);
- FileWriter writer = new FileWriter(new File("stuff.xml"));
- writer.write(val.toCharArray());
- } catch (IOException e) {
- e.printStackTrace();
- }
+ }
+
+ try {
+
+ String version = decryptedElem.getNamespaceURI();
+ TokenHolder holder = null;
+ if (version.equals(IdentityConstants.SAML10_URL)) {
+ holder = new SAML1TokenHolder();
+ } else if (version.equals(IdentityConstants.SAML11_URL)) {
+
+ } else if (version.equals(IdentityConstants.SAML20_URL)) {
+ holder = new SAML2TokenHolder();
}
-
-
- try {
-
- String version = decryptedElem.getNamespaceURI();
- TokenHolder holder = null;
- if(version.equals(IdentityConstants.SAML10_URL)){
- holder = new SAML1TokenHolder();
- }else if(version.equals(IdentityConstants.SAML11_URL)){
-
- }
-
- holder.createToken(decryptedElem);
- issuerName = holder.getIssuerName();
- if(issuerName== null){
- throw new RelyingPartyException("issuerIsNull");
- }
-
-
- Signature sig = holder.getSAMLSignature();
- X509Credential credential = null;
-
- if(issuerName.equals(IdentityConstants.SELF_ISSUED_ISSUER)){
-
- List<KeyValue> keyValueList =
sig.getKeyInfo().getKeyValues();
-
- if (keyValueList.size() > 1) {
- throw new
RelyingPartyException("invalidKeyValueCount");
- }
-
- KeyValue val = (KeyValue) keyValueList.get(0);
- RSAKeyValue rsaKey = val.getRSAKeyValue();
-
- Element elem = rsaKey.getDOM();
-
- Element modElem = (Element) elem.getElementsByTagName(
- Modulus.DEFAULT_ELEMENT_LOCAL_NAME).item(0);
- Element expElem = (Element) elem.getElementsByTagName(
- Exponent.DEFAULT_ELEMENT_LOCAL_NAME).item(0);
-
- BigInteger mod =
Base64.decodeBigIntegerFromElement(modElem);
- BigInteger exp =
Base64.decodeBigIntegerFromElement(expElem);
-
- credential = new SelfSignVerficationKeyHolder();
-
((SelfSignVerficationKeyHolder)credential).setPublicKey(mod, exp);
-
- }else{
- String alias = null;
- URI uri = new URI(issuerName);
- alias = uri.getHost();
- credential = new SignVerificationKeyHolder(trustStore,
alias);
- }
-
- SignatureValidator validator = new
SignatureValidator(credential);
- validator.validate(sig);
-
- if(!issuerName.equals(IdentityConstants.SELF_ISSUED_ISSUER)){
- this.signingCert = credential.getEntityCertificate();
- this.certificates =
(List)credential.getEntityCertificateChain();
+
+ holder.createToken(decryptedElem);
+ issuerName = holder.getIssuerName();
+ if (issuerName == null) {
+ throw new RelyingPartyException("issuerIsNull");
+ }
+
+ Signature sig = holder.getSAMLSignature();
+ X509Credential credential = null;
+
+ if (issuerName.equals(IdentityConstants.SELF_ISSUED_ISSUER)) {
+
+ List<KeyValue> keyValueList = sig.getKeyInfo().getKeyValues();
+
+ if (keyValueList.size() > 1) {
+ throw new RelyingPartyException("invalidKeyValueCount");
}
-
- holder.populateAttributeTable(this.attributeTable);
-
- }catch(Exception e){
- log.debug(e);
- throw new RelyingPartyException("errorInTokenVerification",new
Object[]{e.getMessage()});
- }
-
+
+ KeyValue val = (KeyValue) keyValueList.get(0);
+ RSAKeyValue rsaKey = val.getRSAKeyValue();
+
+ Element elem = rsaKey.getDOM();
+
+ Element modElem = (Element) elem.getElementsByTagName(
+ Modulus.DEFAULT_ELEMENT_LOCAL_NAME).item(0);
+ Element expElem = (Element) elem.getElementsByTagName(
+ Exponent.DEFAULT_ELEMENT_LOCAL_NAME).item(0);
+
+ BigInteger mod = Base64.decodeBigIntegerFromElement(modElem);
+ BigInteger exp = Base64.decodeBigIntegerFromElement(expElem);
+
+ credential = new SelfSignVerficationKeyHolder();
+ ((SelfSignVerficationKeyHolder) credential).setPublicKey(mod,
+ exp);
+
+ } else {
+ String alias = null;
+ URI uri = new URI(issuerName);
+ alias = uri.getHost();
+ credential = new SignVerificationKeyHolder(trustStore, alias);
+ }
+
+ SignatureValidator validator = new SignatureValidator(credential);
+ validator.validate(sig);
+
+ if (!issuerName.equals(IdentityConstants.SELF_ISSUED_ISSUER)) {
+ this.signingCert = credential.getEntityCertificate();
+ this.certificates = (List) credential
+ .getEntityCertificateChain();
+ }
+
+ holder.populateAttributeTable(this.attributeTable);
+
+ } catch (Exception e) {
+ log.debug(e);
+ throw new RelyingPartyException("errorInTokenVerification",
+ new Object[] { e.getMessage() });
+ }
if (log.isDebugEnabled()) {
log.debug(messages.getMessage("verifyingDecryptedTokenDone"));
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SelfSignVerficationKeyHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SelfSignVerficationKeyHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SelfSignVerficationKeyHolder.java
Thu Feb 7 01:25:57 2008
@@ -25,9 +25,9 @@
public class SelfSignVerficationKeyHolder implements X509Credential {
private PublicKey publicKey = null;
-
+
public SelfSignVerficationKeyHolder() {
-
+
}
/**
@@ -39,11 +39,10 @@
*/
public void setPublicKey(BigInteger modulus, BigInteger publicExponent)
throws NoSuchAlgorithmException, InvalidKeySpecException {
- RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus,
- publicExponent);
- KeyFactory keyFactory = KeyFactory.getInstance("RSA");
- publicKey = keyFactory.generatePublic(spec);
- }
+ RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, publicExponent);
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ publicKey = keyFactory.generatePublic(spec);
+ }
/**
* Retrieves the publicKey
@@ -51,8 +50,8 @@
public PublicKey getPublicKey() {
return publicKey;
}
-
-// ********** Not implemented
**************************************************************
+
+ // ********** Not implemented
**************************************************************
public Collection<X509CRL> getCRLs() {
// TODO Auto-generated method stub
return null;
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SignVerificationKeyHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SignVerificationKeyHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/SignVerificationKeyHolder.java
Thu Feb 7 01:25:57 2008
@@ -1,6 +1,5 @@
package org.wso2.solutions.identity.saml.relyingparty;
-
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
@@ -21,8 +20,8 @@
import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
/**
- * X509Credential implementation for signature verification of IdP issued
tokens.
- * The store contains the trusted IdP certificates.
+ * X509Credential implementation for signature verification of IdP issued
+ * tokens. The store contains the trusted IdP certificates.
*/
public class SignVerificationKeyHolder implements X509Credential {
@@ -30,26 +29,27 @@
* Trusted Key store
*/
private KeyStore keyStore = null;
-
+
/**
* The entityId of the token issuer
*/
private String entityId = null;
-
-
+
/**
- * Constructor.
- * Must be given the trusted key store and the alias.
- * If trust does not contain the alias an Exception is thrown.
+ * Constructor. Must be given the trusted key store and the alias. If trust
+ * does not contain the alias an Exception is thrown.
+ *
* @param store
* @param alias
* @throws RelyingPartyException
*/
- public SignVerificationKeyHolder(KeyStore store, String alias) throws
RelyingPartyException{
+ public SignVerificationKeyHolder(KeyStore store, String alias)
+ throws RelyingPartyException {
try {
boolean isContained = store.containsAlias(alias);
- if(isContained == false){
- throw new RelyingPartyException("noAlias", new
Object[]{alias});
+ if (isContained == false) {
+ throw new RelyingPartyException("noAlias",
+ new Object[] { alias });
}
} catch (KeyStoreException e) {
throw new RelyingPartyException("errorReadingKeyStore");
@@ -57,7 +57,7 @@
keyStore = store;
entityId = alias;
}
-
+
/**
* Get the certificate chain of the entity
*/
@@ -70,43 +70,44 @@
}
return lst;
}
-
+
/**
- * Retrieves the Entity Certificate
+ * Retrieves the Entity Certificate
*/
public X509Certificate getEntityCertificate() {
X509Certificate cert = null;
try {
- cert = (X509Certificate)keyStore.getCertificate(entityId);
+ cert = (X509Certificate) keyStore.getCertificate(entityId);
} catch (KeyStoreException e) {
throw new RuntimeException(e);
}
return cert;
}
-
+
/**
* Retrieves the public key
*/
public PublicKey getPublicKey() {
PublicKey key = null;
try {
- X509Certificate cert =
(X509Certificate)keyStore.getCertificate(entityId);
+ X509Certificate cert = (X509Certificate) keyStore
+ .getCertificate(entityId);
key = cert.getPublicKey();
} catch (KeyStoreException e) {
throw new RuntimeException(e);
}
return key;
- }
-
+ }
+
/**
- * Get hte entity Id - alias
+ * Get hte entity Id - alias
*/
public String getEntityId() {
return entityId;
}
-
-// ******** Automatically generated required methods
-
+
+ // ******** Automatically generated required methods
+
public Collection<X509CRL> getCRLs() {
// TODO Auto-generated method stub
return null;
@@ -142,5 +143,4 @@
return null;
}
-
}
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
Thu Feb 7 01:25:57 2008
@@ -18,28 +18,26 @@
import org.opensaml.xml.signature.Signature;
import org.w3c.dom.Element;
-public class SAML1TokenHolder implements TokenHolder{
+public class SAML1TokenHolder implements TokenHolder {
private Assertion assertion = null;
-
+
private boolean isMultipleValues = false;
-
+
private static Log log = LogFactory.getLog(SAML1TokenHolder.class);
-
-
+
/**
* Creates the SAML object from the element
* This method must be called first
* @param elem
* @throws UnmarshallingException If the token creation fails
*/
- public void createToken(Element elem) throws UnmarshallingException{
+ public void createToken(Element elem) throws UnmarshallingException {
UnmarshallerFactory unmarshallerFactory = Configuration
.getUnmarshallerFactory();
- Unmarshaller unmarshaller = unmarshallerFactory
- .getUnmarshaller(elem);
-
- assertion = (Assertion) unmarshaller.unmarshall(elem);
+ Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(elem);
+
+ assertion = (Assertion) unmarshaller.unmarshall(elem);
}
/**
@@ -48,14 +46,13 @@
public Signature getSAMLSignature() {
return assertion.getSignature();
}
-
-
+
/**
* Issuer of the SAML token
* @return
*/
public String getIssuerName() {
- return assertion.getIssuer();
+ return assertion.getIssuer();
}
/**
@@ -66,43 +63,43 @@
Iterator statements = assertion.getAttributeStatements().iterator();
while (statements.hasNext()) {
AttributeStatement stmt = (AttributeStatement) statements.next();
- Iterator attrs = stmt.getAttributes().iterator();
- while (attrs.hasNext()) {
- Attribute attr = (Attribute) attrs.next();
- String name = attr.getAttributeNamespace() + "/" +
attr.getAttributeName();
-
- List lst = attr.getAttributeValues();
- Iterator ite = lst.iterator();
- int count = 0;
- StringBuffer buff = new StringBuffer();
- while(ite.hasNext()){
- Object obj = ite.next();
- if(obj instanceof XSString){
- buff.append(((XSString)obj).getValue());
- }else if(obj instanceof XSAny) {
- XSAny any = (XSAny)obj;
- String value = any.getTextContent();
- buff.append(value);
- }
- buff.append(",");
- count++;
- }
-
- if(buff.length()>1){
- buff.deleteCharAt(buff.length()-1);
- }
-
- String value = buff.toString();
-
- if(count>1){
- isMultipleValues = true;
+ Iterator attrs = stmt.getAttributes().iterator();
+ while (attrs.hasNext()) {
+ Attribute attr = (Attribute) attrs.next();
+ String name = attr.getAttributeNamespace() + "/"
+ + attr.getAttributeName();
+
+ List lst = attr.getAttributeValues();
+ Iterator ite = lst.iterator();
+ int count = 0;
+ StringBuffer buff = new StringBuffer();
+ while (ite.hasNext()) {
+ Object obj = ite.next();
+ if (obj instanceof XSString) {
+ buff.append(((XSString) obj).getValue());
+ } else if (obj instanceof XSAny) {
+ XSAny any = (XSAny) obj;
+ String value = any.getTextContent();
+ buff.append(value);
}
-
- attributeTable.put(name, value);
+ buff.append(",");
+ count++;
}
+
+ if (buff.length() > 1) {
+ buff.deleteCharAt(buff.length() - 1);
+ }
+
+ String value = buff.toString();
+
+ if (count > 1) {
+ isMultipleValues = true;
+ }
+
+ attributeTable.put(name, value);
}
-
+ }
+
}
-
}
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/TokenHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/TokenHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/TokenHolder.java
Thu Feb 7 01:25:57 2008
@@ -7,7 +7,7 @@
import org.w3c.dom.Element;
public interface TokenHolder {
-
+
/**
* Creates the SAML object from the element
* This method must be called first
@@ -20,18 +20,17 @@
* @return the SAML signature.
*/
public Signature getSAMLSignature();
-
+
/**
* Populates the attributes.
* @param attributeTable
*/
public void populateAttributeTable(Map attributeTable);
-
+
/**
* Issuer of the SAML token
* @return
*/
public String getIssuerName();
-
-}
+}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
