Author: prabath
Date: Tue May 11 09:13:23 2010
New Revision: 943055
URL: http://svn.apache.org/viewvc?rev=943055&view=rev
Log:
Fixing https://issues.apache.org/jira/browse/RAMPART-285 - Thanks Thilina for
the patch
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=943055&r1=943054&r2=943055&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
Tue May 11 09:13:23 2010
@@ -40,6 +40,7 @@ import org.opensaml.SAMLAssertion;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.Conditions;
import javax.xml.namespace.QName;
import java.security.Principal;
@@ -182,10 +183,29 @@ public class RampartEngine {
final Assertion assertion = (Assertion)
wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
String id = assertion.getID();
Subject subject = assertion.getSubject();
- SubjectConfirmationData scData =
subject.getSubjectConfirmations()
- .get(0).getSubjectConfirmationData();
- Date dateOfCreation = scData.getNotBefore().toDate();
- Date dateOfExpiration = scData.getNotOnOrAfter().toDate();
+
+ Date dateOfCreation = null;
+ Date dateOfExpiration = null;
+
+ //Read the validity period from the 'Conditions' element,
else read it from SC Data
+ if (assertion.getConditions() != null) {
+ Conditions conditions = assertion.getConditions();
+ if (conditions.getNotBefore() != null) {
+ dateOfCreation =
conditions.getNotBefore().toDate();
+ }
+ if (conditions.getNotOnOrAfter() != null) {
+ dateOfExpiration =
conditions.getNotOnOrAfter().toDate();
+ }
+ } else {
+ SubjectConfirmationData scData =
subject.getSubjectConfirmations()
+ .get(0).getSubjectConfirmationData();
+ if (scData.getNotBefore() != null) {
+ dateOfCreation = scData.getNotBefore().toDate();
+ }
+ if (scData.getNotOnOrAfter() != null) {
+ dateOfExpiration =
scData.getNotOnOrAfter().toDate();
+ }
+ }
// TODO : SAML2KeyInfo element needs to be moved to WSS4J.
SAML2KeyInfo saml2KeyInfo = SAML2Utils.
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java?rev=943055&r1=943054&r2=943055&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
Tue May 11 09:13:23 2010
@@ -52,10 +52,7 @@ import org.opensaml.xml.io.*;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.impl.AssertionBuilder;
-import org.opensaml.saml2.core.impl.IssuerBuilder;
-import org.opensaml.saml2.core.impl.NameIDBuilder;
-import org.opensaml.saml2.core.impl.SubjectBuilder;
+import org.opensaml.saml2.core.impl.*;
import org.opensaml.saml2.core.*;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.joda.time.DateTime;
@@ -191,6 +188,11 @@ public class SAML2TokenIssuer implements
Date creationTime = creationDate.toDate();
Date expirationTime = expirationDate.toDate();
+ Conditions conditions = new ConditionsBuilder().buildObject();
+ conditions.setNotBefore(creationDate);
+ conditions.setNotOnOrAfter(expirationDate);
+ assertion.setConditions(conditions);
+
// Create the subject
Subject subject = createSubject(config, doc, crypto, creationDate,
expirationDate, data);
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java?rev=943055&r1=943054&r2=943055&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
Tue May 11 09:13:23 2010
@@ -55,6 +55,8 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.List;
public class SAML2Utils {
@@ -194,14 +196,24 @@ public class SAML2Utils {
}
// Get the subject confirmation data,
KeyInfoConfirmationDataType extends SubjectConfirmationData.
- KeyInfoConfirmationDataType scData =
(KeyInfoConfirmationDataType) subjectConf.getSubjectConfirmationData();
+ SubjectConfirmationData scData =
subjectConf.getSubjectConfirmationData();
+
if (scData == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidSAML2Token", new Object[]{"for Signature
(no Subject Confirmation Data)"});
}
// Get the SAML specific XML representation of the keyInfo
object
- XMLObject KIElem = scData.getKeyInfos() != null ? (XMLObject)
scData.getKeyInfos().get(0) : null;
+ XMLObject KIElem = null;
+ List<XMLObject> scDataElements = scData.getOrderedChildren();
+ Iterator<XMLObject> iterator = scDataElements.iterator();
+ while (iterator.hasNext()) {
+ XMLObject xmlObj = iterator.next();
+ if (xmlObj instanceof org.opensaml.xml.signature.KeyInfo) {
+ KIElem = xmlObj;
+ break;
+ }
+ }
Element keyInfoElement;
@@ -259,8 +271,8 @@ public class SAML2Utils {
}
- // If an authn stmt is presentm then it has a public key.
- else if (authnStmt != null) {
+ // If an authn stmt is present then it has a public key.
+ if (authnStmt != null) {
X509Certificate[] certs = null;
try {
@@ -286,10 +298,6 @@ public class SAML2Utils {
new Object[]{"cannot get certificate (key
holder)"}, e3);
}
- } else {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLsecurity",
- new Object[]{"cannot get certificate or key "});
}
