Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java?rev=1235132&r1=1235131&r2=1235132&view=diff ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java Tue Jan 24 04:39:03 2012 @@ -21,6 +21,8 @@ import org.apache.axiom.om.OMNode; import org.apache.axiom.soap.SOAPEnvelope; import org.apache.axis2.context.MessageContext; import org.apache.axis2.description.Parameter; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.rahas.RahasConstants; import org.apache.rahas.RahasData; import org.apache.rahas.Token; @@ -30,37 +32,38 @@ import org.apache.rahas.TrustUtil; import org.apache.rahas.impl.util.SAMLAttributeCallback; import org.apache.rahas.impl.util.SAMLCallbackHandler; import org.apache.rahas.impl.util.SAMLNameIdentifierCallback; -import org.apache.ws.security.WSConstants; +import org.apache.rahas.impl.util.SAMLUtils; import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.WSUsernameTokenPrincipal; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; -import org.apache.ws.security.message.WSSecEncryptedKey; import org.apache.ws.security.util.Base64; import org.apache.ws.security.util.Loader; import org.apache.ws.security.util.XmlSchemaDateFormat; import org.apache.xml.security.signature.XMLSignature; -import org.apache.xml.security.utils.EncryptionConstants; -import org.opensaml.SAMLAssertion; -import org.opensaml.SAMLAttribute; -import org.opensaml.SAMLAttributeStatement; -import org.opensaml.SAMLAuthenticationStatement; -import org.opensaml.SAMLException; -import org.opensaml.SAMLNameIdentifier; -import org.opensaml.SAMLStatement; -import org.opensaml.SAMLSubject; + +import org.joda.time.DateTime; +import org.opensaml.common.SAMLException; +import org.opensaml.saml1.core.*; +import org.opensaml.xml.security.*; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.KeyInfo; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import org.w3c.dom.Text; import java.security.Principal; +import java.security.PrivateKey; +import java.security.PublicKey; import java.security.SecureRandom; import java.security.cert.X509Certificate; import java.text.DateFormat; import java.util.ArrayList; import java.util.Arrays; -import java.util.Date; import java.util.List; /** @@ -74,6 +77,12 @@ public class SAMLTokenIssuer implements private String configFile; + + //TODO move this to TrustUtil + private static final String AUTHENTICATION_METHOD_PASSWORD = "urn:oasis:names:tc:SAML:1.0:am:password"; + + private static final Log log = LogFactory.getLog(SAMLTokenIssuer.class); + public SOAPEnvelope issue(RahasData data) throws TrustException { MessageContext inMsgCtx = data.getInMessageContext(); @@ -121,9 +130,8 @@ public class SAMLTokenIssuer implements } // Creation and expiration times - Date creationTime = new Date(); - Date expirationTime = new Date(); - expirationTime.setTime(creationTime.getTime() + config.ttl); + DateTime creationTime = new DateTime(); + DateTime expirationTime = new DateTime(creationTime.getMillis() + config.ttl); // Get the document Document doc = ((Element) env).getOwnerDocument(); @@ -145,7 +153,7 @@ public class SAMLTokenIssuer implements */ String keyType = data.getKeyType(); - SAMLAssertion assertion; + Assertion assertion; if (keyType == null) { throw new TrustException(TrustException.INVALID_REQUEST, new String[] { "Requested KeyType is missing" }); @@ -183,11 +191,11 @@ public class SAMLTokenIssuer implements } if (config.addRequestedAttachedRef) { - TrustUtil.createRequestedAttachedRef(rstrElem, assertion.getId(),wstVersion); + TrustUtil.createRequestedAttachedRef(rstrElem, assertion.getID(),wstVersion); } if (config.addRequestedUnattachedRef) { - TrustUtil.createRequestedUnattachedRef(rstrElem, assertion.getId(),wstVersion); + TrustUtil.createRequestedUnattachedRef(rstrElem, assertion.getID(),wstVersion); } if (data.getAppliesToAddress() != null) { @@ -200,31 +208,31 @@ public class SAMLTokenIssuer implements // Add the Lifetime element TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu - .format(creationTime), zulu.format(expirationTime)); + .format(creationTime.toDate()), zulu.format(expirationTime.toDate())); // Create the RequestedSecurityToken element and add the SAML token // to it OMElement reqSecTokenElem = TrustUtil .createRequestedSecurityTokenElement(wstVersion, rstrElem); Token assertionToken; - try { - Node tempNode = assertion.toDOM(); + //try { + Node tempNode = assertion.getDOM(); reqSecTokenElem.addChild((OMNode) ((Element) rstrElem) .getOwnerDocument().importNode(tempNode, true)); // Store the token - assertionToken = new Token(assertion.getId(), - (OMElement) assertion.toDOM(), creationTime, - expirationTime); + assertionToken = new Token(assertion.getID(), + (OMElement) assertion.getDOM(), creationTime.toDate(), + expirationTime.toDate()); // At this point we definitely have the secret // Otherwise it should fail with an exception earlier assertionToken.setSecret(data.getEphmeralKey()); TrustUtil.getTokenStore(inMsgCtx).add(assertionToken); - } catch (SAMLException e) { + /* } catch (SAMLException e) { throw new TrustException("samlConverstionError", e); - } + }*/ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY) && config.keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) { @@ -237,86 +245,84 @@ public class SAMLTokenIssuer implements return env; } - private SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig config, - Document doc, Crypto crypto, Date creationTime, - Date expirationTime, RahasData data) throws TrustException { - try { - Principal principal = data.getPrincipal(); - SAMLAssertion assertion; - // In the case where the principal is a UT - if (principal instanceof WSUsernameTokenPrincipal) { - SAMLNameIdentifier nameId = null; - if(config.getCallbackHandler() != null){ - SAMLNameIdentifierCallback cb = new SAMLNameIdentifierCallback(data); - cb.setUserId(principal.getName()); - SAMLCallbackHandler callbackHandler = config.getCallbackHandler(); + + + private Assertion createBearerAssertion(SAMLTokenIssuerConfig config, + Document doc, Crypto crypto, DateTime creationTime, + DateTime expirationTime, RahasData data) throws TrustException { + + Principal principal = data.getPrincipal(); + Assertion assertion; + // In the case where the principal is a UT + if (principal instanceof WSUsernameTokenPrincipal) { + NameIdentifier nameId = null; + if (config.getCallbackHandler() != null) { + SAMLNameIdentifierCallback cb = new SAMLNameIdentifierCallback(data); + cb.setUserId(principal.getName()); + SAMLCallbackHandler callbackHandler = config.getCallbackHandler(); + try { callbackHandler.handle(cb); - nameId = cb.getNameId(); - }else{ - nameId = new SAMLNameIdentifier( - principal.getName(), null, SAMLNameIdentifier.FORMAT_EMAIL); + } catch (SAMLException e) { + throw new TrustException("unableToRetrieveCallbackHandler", e); } - assertion = createAuthAssertion(doc, SAMLSubject.CONF_BEARER, - nameId, null, config, crypto, creationTime, - expirationTime, data); - return assertion; + nameId = cb.getNameId(); } else { - throw new TrustException("samlUnsupportedPrincipal", - new String[] { principal.getClass().getName() }); + + nameId = SAMLUtils.createNamedIdentifier(principal.getName(), NameIdentifier.EMAIL); } - } catch (SAMLException e) { - throw new TrustException("samlAssertionCreationError", e); + + assertion = createAuthAssertion(RahasConstants.SAML11_SUBJECT_CONFIRMATION_BEARER, + nameId, null, config, crypto, creationTime, + expirationTime, data); + return assertion; + } else { + throw new TrustException("samlUnsupportedPrincipal", + new String[]{principal.getClass().getName()}); } } - private SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig config, - Document doc, Crypto crypto, Date creationTime, - Date expirationTime, RahasData data) throws TrustException { + private Assertion createHoKAssertion(SAMLTokenIssuerConfig config, + Document doc, Crypto crypto, DateTime creationTime, + DateTime expirationTime, RahasData data) throws TrustException { if (data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) { - Element encryptedKeyElem; X509Certificate serviceCert = null; try { + // TODO what if principal is null ? + NameIdentifier nameIdentifier = null; + if (data.getPrincipal() != null) { + String subjectNameId = data.getPrincipal().getName(); + nameIdentifier =SAMLUtils.createNamedIdentifier(subjectNameId, NameIdentifier.EMAIL); + } + + /** + * In this case we need to create a KeyInfo similar to following, + * * <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> + * <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; + * .... + * </xenc:EncryptedKey> + * </ds:KeyInfo> + */ + // Get ApliesTo to figure out which service to issue the token // for serviceCert = getServiceCert(config, crypto, data .getAppliesToAddress()); - // Create the encrypted key - WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(); - - // Use thumbprint id - encrKeyBuilder - .setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); + // set keySize + int keySize = data.getKeysize(); + keySize = (keySize != -1) ? keySize : config.keySize; - // SEt the encryption cert - encrKeyBuilder.setUseThisCert(serviceCert); - - // set keysize - int keysize = data.getKeysize(); - keysize = (keysize != -1) ? keysize : config.keySize; - encrKeyBuilder.setKeySize(keysize); - - encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret( - data, config.keyComputation, keysize)); - - // Set key encryption algo - encrKeyBuilder - .setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); - - // Build - encrKeyBuilder.prepare(doc, crypto); + // Create the encrypted key + KeyInfo encryptedKeyInfoElement + = SAMLUtils.getSymmetricKeyBasedKeyInfo(doc, data, serviceCert, keySize, + crypto, config.keyComputation); - // Extract the base64 encoded secret value - byte[] tempKey = new byte[keysize / 8]; - System.arraycopy(encrKeyBuilder.getEphemeralKey(), 0, tempKey, - 0, keysize / 8); + return this.createAttributeAssertion(data, encryptedKeyInfoElement, nameIdentifier, config, + crypto, creationTime, expirationTime); - data.setEphmeralKey(tempKey); - // Extract the Encryptedkey DOM element - encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement(); } catch (WSSecurityException e) { if (serviceCert != null) { @@ -332,15 +338,24 @@ public class SAMLTokenIssuer implements } } - - return this.createAttributeAssertion(doc, data ,encryptedKeyElem, config, - crypto, creationTime, expirationTime); } else { try { + + /** + * In this case we need to create KeyInfo as follows, + * <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> + * <X509Data xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; + * xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> + * <X509Certificate> + * MIICNTCCAZ6gAwIBAgIES343.... + * </X509Certificate> + * </X509Data> + * </KeyInfo> + */ + String subjectNameId = data.getPrincipal().getName(); - SAMLNameIdentifier nameId = new SAMLNameIdentifier( - subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL); + NameIdentifier nameId = SAMLUtils.createNamedIdentifier(subjectNameId, NameIdentifier.EMAIL); // Create the ds:KeyValue element with the ds:X509Data X509Certificate clientCert = data.getClientCert(); @@ -351,20 +366,9 @@ public class SAMLTokenIssuer implements clientCert = certs[0]; } - byte[] clientCertBytes = clientCert.getEncoded(); - - String base64Cert = Base64.encode(clientCertBytes); + KeyInfo keyInfo = SAMLUtils.getCertificateBasedKeyInfo(clientCert); - Text base64CertText = doc.createTextNode(base64Cert); - Element x509CertElem = doc.createElementNS(WSConstants.SIG_NS, - "X509Certificate"); - x509CertElem.appendChild(base64CertText); - Element x509DataElem = doc.createElementNS(WSConstants.SIG_NS, - "X509Data"); - x509DataElem.appendChild(x509CertElem); - - return this.createAuthAssertion(doc, - SAMLSubject.CONF_HOLDER_KEY, nameId, x509DataElem, + return this.createAuthAssertion(RahasConstants.SAML11_SUBJECT_CONFIRMATION_HOK, nameId, keyInfo, config, crypto, creationTime, expirationTime, data); } catch (Exception e) { throw new TrustException("samlAssertionCreationError", e); @@ -404,37 +408,27 @@ public class SAMLTokenIssuer implements /** * Create the SAML assertion with the secret held in an * <code>xenc:EncryptedKey</code> - * - * @param doc - * @param keyInfoContent - * @param config - * @param crypto - * @param notBefore - * @param notAfter - * @return - * @throws TrustException + * @param data The Rahas configurations, this is needed to get the callbacks. + * @param keyInfo OpenSAML KeyInfo representation. + * @param subjectNameId Principal as an OpenSAML Subject + * @param config SAML Token issuer configurations. + * @param crypto To get certificate information. + * @param notBefore Validity period start. + * @param notAfter Validity period end + * @return OpenSAML Assertion object. + * @throws TrustException If an error occurred while creating the Assertion. */ - private SAMLAssertion createAttributeAssertion(Document doc, RahasData data, - Element keyInfoContent, SAMLTokenIssuerConfig config, - Crypto crypto, Date notBefore, Date notAfter) throws TrustException { + private Assertion createAttributeAssertion(RahasData data, + KeyInfo keyInfo, NameIdentifier subjectNameId, + SAMLTokenIssuerConfig config, + Crypto crypto, DateTime notBefore, DateTime notAfter) throws TrustException { try { - String[] confirmationMethods = new String[] { SAMLSubject.CONF_HOLDER_KEY }; - Element keyInfoElem = doc.createElementNS(WSConstants.SIG_NS, - "KeyInfo"); - ((OMElement) keyInfoContent).declareNamespace(WSConstants.SIG_NS, - WSConstants.SIG_PREFIX); - ((OMElement) keyInfoContent).declareNamespace(WSConstants.ENC_NS, - WSConstants.ENC_PREFIX); - - keyInfoElem.appendChild(keyInfoContent); - - SAMLSubject subject = new SAMLSubject(null, Arrays - .asList(confirmationMethods), null, keyInfoElem); - - - SAMLAttribute[] attrs = null; - if(config.getCallbackHandler() != null){ + Subject subject + = SAMLUtils.createSubject(subjectNameId, RahasConstants.SAML11_SUBJECT_CONFIRMATION_HOK, keyInfo); + + Attribute[] attrs; + if (config.getCallbackHandler() != null) { SAMLAttributeCallback cb = new SAMLAttributeCallback(data); SAMLCallbackHandler handler = config.getCallbackHandler(); handler.handle(cb); @@ -445,7 +439,7 @@ public class SAMLTokenIssuer implements SAMLCallbackHandler handler = null; MessageContext msgContext = data.getInMessageContext(); ClassLoader classLoader = msgContext.getAxisService().getClassLoader(); - Class cbClass = null; + Class cbClass; try { cbClass = Loader.loadClass(classLoader, config.getCallbackHandlerName()); } catch (ClassNotFoundException e) { @@ -460,34 +454,23 @@ public class SAMLTokenIssuer implements } handler.handle(cb); attrs = cb.getAttributes(); - }else{ + } else { //TODO Remove this after discussing - SAMLAttribute attribute = new SAMLAttribute("Name", - "https://rahas.apache.org/saml/attrns";, null, -1, Arrays - .asList(new String[] { "Colombo/Rahas" })); - attrs = new SAMLAttribute[]{attribute}; - } - - SAMLAttributeStatement attrStmt = new SAMLAttributeStatement( - subject, Arrays.asList(attrs )); - - SAMLStatement[] statements = { attrStmt }; - - SAMLAssertion assertion = new SAMLAssertion(config.issuerName, - notBefore, notAfter, null, null, Arrays.asList(statements)); - - // sign the assertion - X509Certificate[] issuerCerts = crypto - .getCertificates(config.issuerKeyAlias); - - String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA; - String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm(); - if (pubKeyAlgo.equalsIgnoreCase("DSA")) { - sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA; - } - java.security.Key issuerPK = crypto.getPrivateKey( - config.issuerKeyAlias, config.issuerKeyPassword); - assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts)); + Attribute attribute = SAMLUtils.createAttribute("Name", "https://rahas.apache.org/saml/attrns";, + "Colombo/Rahas"); + attrs = new Attribute[]{attribute}; + } + + AttributeStatement attributeStatement = SAMLUtils.createAttributeStatement(subject, Arrays.asList(attrs)); + + + List<Statement> attributeStatements = new ArrayList<Statement>(); + attributeStatements.add(attributeStatement); + + Assertion assertion = SAMLUtils.createAssertion(config.issuerName, notBefore, + notAfter, attributeStatements); + + SAMLUtils.signAssertion(assertion, crypto, config.getIssuerKeyAlias(), config.getIssuerKeyPassword()); return assertion; } catch (Exception e) { @@ -496,66 +479,47 @@ public class SAMLTokenIssuer implements } /** - * @param doc - * @param confMethod - * @param subjectNameId - * @param keyInfoContent - * @param config - * @param crypto - * @param notBefore - * @param notAfter - * @return - * @throws TrustException + * Creates an authentication assertion. + * @param confirmationMethod The confirmation method. (HOK, Bearer ...) + * @param subjectNameId The principal name. + * @param keyInfo OpenSAML representation of KeyInfo. + * @param config Rahas configurations. + * @param crypto Certificate information. + * @param notBefore Validity start. + * @param notAfter Validity end. + * @param data Other Rahas data. + * @return An openSAML Assertion. + * @throws TrustException If an exception occurred while creating the Assertion. */ - private SAMLAssertion createAuthAssertion(Document doc, String confMethod, - SAMLNameIdentifier subjectNameId, Element keyInfoContent, - SAMLTokenIssuerConfig config, Crypto crypto, Date notBefore, - Date notAfter, RahasData data) throws TrustException { + private Assertion createAuthAssertion(String confirmationMethod, + NameIdentifier subjectNameId, KeyInfo keyInfo, + SAMLTokenIssuerConfig config, Crypto crypto, DateTime notBefore, + DateTime notAfter, RahasData data) throws TrustException { try { - String[] confirmationMethods = new String[] { confMethod }; - Element keyInfoElem = null; - if (keyInfoContent != null) { - keyInfoElem = doc - .createElementNS(WSConstants.SIG_NS, "KeyInfo"); - ((OMElement) keyInfoContent).declareNamespace( - WSConstants.SIG_NS, WSConstants.SIG_PREFIX); - ((OMElement) keyInfoContent).declareNamespace( - WSConstants.ENC_NS, WSConstants.ENC_PREFIX); - - keyInfoElem.appendChild(keyInfoContent); - } + Subject subject = SAMLUtils.createSubject(subjectNameId,confirmationMethod, keyInfo); - SAMLSubject subject = new SAMLSubject(subjectNameId, Arrays - .asList(confirmationMethods), null, keyInfoElem); + AuthenticationStatement authenticationStatement + = SAMLUtils.createAuthenticationStatement(subject, AUTHENTICATION_METHOD_PASSWORD, + notBefore); - SAMLAuthenticationStatement authStmt = new SAMLAuthenticationStatement( - subject, - SAMLAuthenticationStatement.AuthenticationMethod_Password, - notBefore, null, null, null); - - List<SAMLStatement> statements = new ArrayList<SAMLStatement>(); + List<Statement> statements = new ArrayList<Statement>(); if (data.getClaimDialect() != null && data.getClaimElem() != null) { - SAMLStatement attrStatement = createSAMLAttributeStatement((SAMLSubject)subject.clone(), data, config); + Statement attrStatement = createSAMLAttributeStatement( + SAMLUtils.createSubject(subject.getNameIdentifier(), + confirmationMethod, keyInfo), data, config); statements.add(attrStatement); } - statements.add(authStmt); - SAMLAssertion assertion = new SAMLAssertion(config.issuerName, - notBefore, notAfter, null, null, statements); + statements.add(authenticationStatement); + + Assertion assertion = SAMLUtils.createAssertion(config.issuerName, + notBefore, notAfter, statements); - // sign the assertion - X509Certificate[] issuerCerts = crypto - .getCertificates(config.issuerKeyAlias); - - String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA; - String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm(); - if (pubKeyAlgo.equalsIgnoreCase("DSA")) { - sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA; - } - java.security.Key issuerPK = crypto.getPrivateKey( - config.issuerKeyAlias, config.issuerKeyPassword); - assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts)); + // Signing the assertion + // The <ds:Signature>...</ds:Signature> element appears only after + // signing. + SAMLUtils.signAssertion(assertion, crypto, config.getIssuerKeyAlias(), config.getIssuerKeyPassword()); return assertion; } catch (Exception e) { @@ -610,53 +574,58 @@ public class SAMLTokenIssuer implements this.configParamName = configParamName; } - private SAMLAttributeStatement createSAMLAttributeStatement(SAMLSubject subject, - RahasData rahasData, - SAMLTokenIssuerConfig config) + private AttributeStatement createSAMLAttributeStatement(Subject subject, + RahasData rahasData, + SAMLTokenIssuerConfig config) throws TrustException { - try { - SAMLAttribute[] attrs = null; - if (config.getCallbackHandler() != null) { - SAMLAttributeCallback cb = new SAMLAttributeCallback(rahasData); - SAMLCallbackHandler handler = config.getCallbackHandler(); + Attribute[] attrs = null; + if (config.getCallbackHandler() != null) { + SAMLAttributeCallback cb = new SAMLAttributeCallback(rahasData); + SAMLCallbackHandler handler = config.getCallbackHandler(); + try { handler.handle(cb); attrs = cb.getAttributes(); - } else if (config.getCallbackHandlerName() != null - && config.getCallbackHandlerName().trim().length() > 0) { - SAMLAttributeCallback cb = new SAMLAttributeCallback(rahasData); - SAMLCallbackHandler handler = null; - MessageContext msgContext = rahasData.getInMessageContext(); - ClassLoader classLoader = msgContext.getAxisService().getClassLoader(); - Class cbClass = null; - try { - cbClass = Loader.loadClass(classLoader, config.getCallbackHandlerName()); - } catch (ClassNotFoundException e) { - throw new TrustException("cannotLoadPWCBClass", - new String[]{config.getCallbackHandlerName()}, e); - } - try { - handler = (SAMLCallbackHandler) cbClass.newInstance(); - } catch (Exception e) { - throw new TrustException("cannotCreatePWCBInstance", - new String[]{config.getCallbackHandlerName()}, e); - } + } catch (SAMLException e) { + throw new TrustException("unableToRetrieveCallbackHandler", e); + } + + } else if (config.getCallbackHandlerName() != null + && config.getCallbackHandlerName().trim().length() > 0) { + SAMLAttributeCallback cb = new SAMLAttributeCallback(rahasData); + SAMLCallbackHandler handler = null; + MessageContext msgContext = rahasData.getInMessageContext(); + ClassLoader classLoader = msgContext.getAxisService().getClassLoader(); + Class cbClass = null; + try { + cbClass = Loader.loadClass(classLoader, config.getCallbackHandlerName()); + } catch (ClassNotFoundException e) { + throw new TrustException("cannotLoadPWCBClass", + new String[]{config.getCallbackHandlerName()}, e); + } + try { + handler = (SAMLCallbackHandler) cbClass.newInstance(); + } catch (Exception e) { + throw new TrustException("cannotCreatePWCBInstance", + new String[]{config.getCallbackHandlerName()}, e); + } + try { handler.handle(cb); - attrs = cb.getAttributes(); - } else { - //TODO Remove this after discussing - SAMLAttribute attribute = new SAMLAttribute("Name", - "https://rahas.apache.org/saml/attrns";, - null, -1, - Arrays.asList(new String[]{"Colombo/Rahas"})); - attrs = new SAMLAttribute[]{attribute}; + } catch (SAMLException e) { + throw new TrustException("unableToRetrieveCallbackHandler", e); } + attrs = cb.getAttributes(); + } else { + //TODO Remove this after discussing + Attribute attribute = + SAMLUtils.createAttribute("Name", "https://rahas.apache.org/saml/attrns";, "Colombo/Rahas"); - SAMLAttributeStatement attrStmt = new SAMLAttributeStatement( - subject, Arrays.asList(attrs)); - return attrStmt; - } catch (SAMLException e) { - throw new TrustException(e.getMessage(), e); + attrs = new Attribute[]{attribute}; } + + AttributeStatement attributeStatement = SAMLUtils.createAttributeStatement(subject, Arrays.asList(attrs)); + + return attributeStatement; + } }
Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java?rev=1235132&r1=1235131&r2=1235132&view=diff ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java Tue Jan 24 04:39:03 2012 @@ -1,8 +1,6 @@ package org.apache.rahas.impl; -import java.security.cert.X509Certificate; import java.text.DateFormat; -import java.util.Arrays; import java.util.Date; import org.apache.axiom.om.OMElement; @@ -17,16 +15,17 @@ import org.apache.rahas.TokenRenewer; import org.apache.rahas.TokenStorage; import org.apache.rahas.TrustException; import org.apache.rahas.TrustUtil; -import org.apache.ws.security.WSSecurityException; +import org.apache.rahas.impl.util.SAMLUtils; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; import org.apache.ws.security.util.XmlSchemaDateFormat; -import org.apache.xml.security.signature.XMLSignature; -import org.opensaml.SAMLAssertion; -import org.opensaml.SAMLException; +import org.joda.time.DateTime; +import org.opensaml.saml1.core.Assertion; +import org.opensaml.saml1.core.Conditions; import org.w3c.dom.Element; import org.w3c.dom.Node; +@SuppressWarnings({"UnusedDeclaration"}) public class SAMLTokenRenewer implements TokenRenewer { private String configParamName; @@ -36,14 +35,14 @@ public class SAMLTokenRenewer implements private String configFile; public SOAPEnvelope renew(RahasData data) throws TrustException { - + // retrieve the message context MessageContext inMsgCtx = data.getInMessageContext(); - + SAMLTokenIssuerConfig config = null; if (this.configElement != null) { config = new SAMLTokenIssuerConfig(configElement - .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG)); + .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG)); } // Look for the file @@ -60,17 +59,17 @@ public class SAMLTokenRenewer implements SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG)); } else { throw new TrustException("expectedParameterMissing", - new String[] { this.configParamName }); + new String[]{this.configParamName}); } } if (config == null) { throw new TrustException("configurationIsNull"); } - + // retrieve the list of tokens from the message context TokenStorage tkStorage = TrustUtil.getTokenStore(inMsgCtx); - + // Create envelope SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx .getEnvelope().getNamespace().getNamespaceURI()); @@ -88,14 +87,14 @@ public class SAMLTokenRenewer implements rstrElem = TrustUtil.createRequestSecurityTokenResponseElement( wstVersion, rstrcElem); } - + Crypto crypto; - if (config.cryptoElement != null) { + if (config.cryptoElement != null) { // crypto props defined as elements crypto = CryptoFactory.getInstance(TrustUtil .toProperties(config.cryptoElement), inMsgCtx .getAxisService().getClassLoader()); - } else { + } else { // crypto props defined in a properties file crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile, inMsgCtx.getAxisService().getClassLoader()); @@ -104,12 +103,12 @@ public class SAMLTokenRenewer implements // Create TokenType element TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText( RahasConstants.TOK_TYPE_SAML_10); - + // Creation and expiration times Date creationTime = new Date(); Date expirationTime = new Date(); expirationTime.setTime(creationTime.getTime() + config.ttl); - + // Use GMT time in milliseconds DateFormat zulu = new XmlSchemaDateFormat(); @@ -121,45 +120,30 @@ public class SAMLTokenRenewer implements Token tk = tkStorage.getToken(data.getTokenId()); OMElement assertionOMElement = tk.getToken(); - SAMLAssertion samlAssertion = null; + Assertion samlAssertion; + + samlAssertion = SAMLUtils.buildAssertion((Element) assertionOMElement); + + if (samlAssertion.getConditions() == null) { + samlAssertion.setConditions((Conditions) SAMLUtils.buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME)); - try { - samlAssertion = new SAMLAssertion((Element) assertionOMElement); - samlAssertion.unsign(); - samlAssertion.setNotBefore(creationTime); - samlAssertion.setNotOnOrAfter(expirationTime); - - // sign the assertion - X509Certificate[] issuerCerts = crypto - .getCertificates(config.issuerKeyAlias); - - String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA; - String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm(); - if (pubKeyAlgo.equalsIgnoreCase("DSA")) { - sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA; - } - java.security.Key issuerPK = crypto.getPrivateKey( - config.issuerKeyAlias, config.issuerKeyPassword); - - samlAssertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts)); - - // Create the RequestedSecurityToken element and add the SAML token - // to it - OMElement reqSecTokenElem = TrustUtil - .createRequestedSecurityTokenElement(wstVersion, rstrElem); - - Node tempNode = samlAssertion.toDOM(); - reqSecTokenElem.addChild((OMNode) ((Element) rstrElem) - .getOwnerDocument().importNode(tempNode, true)); - - - } catch (SAMLException e) { - throw new TrustException("Cannot create SAML Assertion",e); - } catch (WSSecurityException e) { - throw new TrustException("Cannot create SAML Assertion",e); - } catch (Exception e) { - throw new TrustException("Cannot create SAML Assertion",e); } + + samlAssertion.getConditions().setNotBefore(new DateTime(creationTime)); + samlAssertion.getConditions().setNotOnOrAfter(new DateTime(expirationTime)); + + // sign the assertion + SAMLUtils.signAssertion(samlAssertion, crypto, config.getIssuerKeyAlias(), config.getIssuerKeyPassword()); + + // Create the RequestedSecurityToken element and add the SAML token + // to it + OMElement reqSecTokenElem = TrustUtil + .createRequestedSecurityTokenElement(wstVersion, rstrElem); + + Node tempNode = samlAssertion.getDOM(); + reqSecTokenElem.addChild((OMNode) ((Element) rstrElem) + .getOwnerDocument().importNode(tempNode, true)); + return env; } Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java?rev=1235132&r1=1235131&r2=1235132&view=diff ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java Tue Jan 24 04:39:03 2012 @@ -18,15 +18,18 @@ import org.apache.rahas.TokenStorage; import org.apache.rahas.TokenValidator; import org.apache.rahas.TrustException; import org.apache.rahas.TrustUtil; +import org.apache.rahas.impl.util.SAMLUtils; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; -import org.opensaml.SAMLAssertion; -import org.opensaml.SAMLException; +import org.opensaml.saml1.core.Assertion; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.validation.ValidationException; import org.w3c.dom.Element; /** * Implementation of a SAML Token Validator for the Security Token Service. */ +@SuppressWarnings({"UnusedDeclaration"}) public class SAMLTokenValidator implements TokenValidator { Log log = LogFactory.getLog(SAMLTokenValidator.class); @@ -107,23 +110,25 @@ public class SAMLTokenValidator implemen * * @param token * the token to validate. + * @param issuerPBKey Public key which should be used during validation. * @return true if the token has been signed by the issuer. */ private boolean isValid(Token token, PublicKey issuerPBKey) { // extract SAMLAssertion object from token OMElement assertionOMElement = token.getToken(); - SAMLAssertion samlAssertion = null; + Assertion samlAssertion; try { - samlAssertion = new SAMLAssertion((Element) assertionOMElement); + samlAssertion = SAMLUtils.buildAssertion((Element) assertionOMElement); log.info("Verifying token validity..."); // check if the token has been signed by the issuer. - samlAssertion.verify(issuerPBKey); + SignatureValidator validator = new SignatureValidator(samlAssertion.getSignature().getSigningCredential()); + validator.validate(samlAssertion.getSignature()); - } catch (SAMLException e) { - log.error("Could not verify signature", e); + } catch (ValidationException e) { + log.error("Signature verification failed on SAML token.", e); return false; } @@ -189,14 +194,7 @@ public class SAMLTokenValidator implemen return issuerPBKey; } - /** - * Returns the <wst:Status> element. - * - * @param version - * WS-Trust version. - * @param parent - * the parent OMElement. - */ + private static OMElement createMessageElement(int version, OMElement parent, String elementName) throws TrustException { return createOMElement(parent, TrustUtil.getWSTNamespace(version), @@ -216,7 +214,7 @@ public class SAMLTokenValidator implemen * value of the <configuration-file> element of the * token-dispatcher-configuration * - * @param configFile + * @param configFile configuration file to be used. */ public void setConfigurationFile(String configFile) { this.configFile = configFile; @@ -228,7 +226,7 @@ public class SAMLTokenValidator implemen * object available in the via the messageContext when the * <code>TokenValidator</code> is called. * - * @param configParamName + * @param configParamName Parameter name. * @see org.apache.axis2.description.Parameter */ public void setConfigurationParamName(String configParamName) { Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java?rev=1235132&r1=1235131&r2=1235132&view=diff ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java Tue Jan 24 04:39:03 2012 @@ -26,20 +26,21 @@ import javax.xml.parsers.DocumentBuilder import org.apache.axiom.om.OMAbstractFactory; import org.apache.axiom.om.dom.DOMMetaFactory; -import org.opensaml.XML.ParserPool; +import org.opensaml.xml.parse.ParserPool; +import org.opensaml.xml.parse.StaticBasicParserPool; /** * Custom OpenSAML 1.x {@link ParserPool} implementation that uses a DOM aware Axiom implementation * instead of requesting a {@link DocumentBuilderFactory} using JAXP. */ -public class AxiomParserPool extends ParserPool { +public class AxiomParserPool extends StaticBasicParserPool { public AxiomParserPool() { DOMMetaFactory metaFactory = (DOMMetaFactory)OMAbstractFactory.getMetaFactory(FEATURE_DOM); DocumentBuilderFactory dbf = metaFactory.newDocumentBuilderFactory(); // Unfortunately, ParserPool doesn't allow to set the DocumentBuilderFactory, so that we // have to use reflection here. try { - Field dbfField = ParserPool.class.getDeclaredField("dbf"); + Field dbfField = StaticBasicParserPool.class.getDeclaredField("builderFactory"); dbfField.setAccessible(true); dbfField.set(this, dbf); } catch (IllegalAccessException ex) { Added: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java?rev=1235132&view=auto ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java (added) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java Tue Jan 24 04:39:03 2012 @@ -0,0 +1,48 @@ +/* + * Copyright 2004,2005 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.rahas.impl.util; + +import org.apache.axiom.om.OMAbstractFactory; +import org.apache.axiom.om.dom.DOMMetaFactory; +import org.apache.rahas.TrustException; +import org.w3c.dom.Document; + +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import static org.apache.axiom.om.OMAbstractFactory.FEATURE_DOM; + +/** + * This class implements some utility methods common to SAML1 and SAML2. + */ +public class CommonUtil { + + /** + * This method creates a DOM compatible Axiom document. + * @return DOM compatible Axiom document + * @throws TrustException If an error occurred while creating the Document. + */ + public static Document getOMDOMDocument() throws TrustException { + DOMMetaFactory metaFactory = (DOMMetaFactory) OMAbstractFactory.getMetaFactory(FEATURE_DOM); + DocumentBuilderFactory dbf = metaFactory.newDocumentBuilderFactory(); + try { + return dbf.newDocumentBuilder().newDocument(); + } catch (ParserConfigurationException e) { + throw new TrustException("Error creating Axiom compatible DOM Document", e); + } + } +} Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java?rev=1235132&r1=1235131&r2=1235132&view=diff ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java Tue Jan 24 04:39:03 2012 @@ -20,6 +20,7 @@ package org.apache.rahas.impl.util; import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.rahas.RahasConstants; import org.apache.rahas.TrustException; import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSPasswordCallback; @@ -66,7 +67,7 @@ public class SAML2Utils { try { String jaxpProperty = System.getProperty("javax.xml.parsers.DocumentBuilderFactory"); - System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"); + //System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"); MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(xmlObj); @@ -221,7 +222,7 @@ public class SAML2Utils { // Set the "javax.xml.parsers.DocumentBuilderFactory" system property to make sure the endorsed JAXP // implementation is picked over the default jaxp impl shipped with the JDK. String jaxpProperty = System.getProperty("javax.xml.parsers.DocumentBuilderFactory"); - System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"); + //System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"); MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(KIElem); @@ -310,6 +311,21 @@ public class SAML2Utils { } } + /** + * Get the subject confirmation method of a SAML 2.0 assertion + * + * @param assertion SAML 2.0 assertion + * @return Subject Confirmation method + */ + public static String getSAML2SubjectConfirmationMethod(Assertion assertion) { + String subjectConfirmationMethod = RahasConstants.SAML20_SUBJECT_CONFIRMATION_HOK; + List<SubjectConfirmation> subjectConfirmations = assertion.getSubject().getSubjectConfirmations(); + if (subjectConfirmations.size() > 0) { + subjectConfirmationMethod = subjectConfirmations.get(0).getMethod(); + } + return subjectConfirmationMethod; + } + } Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java?rev=1235132&r1=1235131&r2=1235132&view=diff ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java Tue Jan 24 04:39:03 2012 @@ -4,45 +4,56 @@ import java.util.ArrayList; import java.util.List; import org.apache.rahas.RahasData; -import org.opensaml.SAMLAttribute; -import org.opensaml.saml2.core.Attribute; +import org.opensaml.common.SAMLObject; + +@SuppressWarnings({"UnusedDeclaration"}) public class SAMLAttributeCallback implements SAMLCallback{ - private List attributes = null; + private List<SAMLObject> attributes = null; private RahasData data = null; public SAMLAttributeCallback(RahasData data){ - attributes = new ArrayList(); + attributes = new ArrayList<SAMLObject>(); this.data = data; } public int getCallbackType(){ return SAMLCallback.ATTR_CALLBACK; } - - public void addAttributes(SAMLAttribute attribute){ + + /** + * Add SAML1 attribute. + * @param attribute SAML1 attribute + */ + public void addAttributes(org.opensaml.saml1.core.Attribute attribute){ attributes.add(attribute); } /** * Overloaded method to support SAML2 - * @param attr + * @param attribute SAML2 attribute. */ - public void addAttributes(Attribute attr){ - attributes.add(attr); + public void addAttributes(org.opensaml.saml2.core.Attribute attribute){ + attributes.add(attribute); } /** * Get the array of SAML2 attributes. - * @return + * @return SAML2 attribute list. */ - public Attribute[] getSAML2Attributes(){ - return (Attribute[])attributes.toArray(new Attribute[attributes.size()]); + public org.opensaml.saml2.core.Attribute[] getSAML2Attributes(){ + return (org.opensaml.saml2.core.Attribute[])attributes.toArray + (new org.opensaml.saml2.core.Attribute[attributes.size()]); } - - public SAMLAttribute[] getAttributes(){ - return (SAMLAttribute[])attributes.toArray(new SAMLAttribute[attributes.size()]); + + /** + * Get SAML2 attribute + * @return SAML2 attributes. + */ + public org.opensaml.saml1.core.Attribute[] getAttributes(){ + return (org.opensaml.saml1.core.Attribute[])attributes.toArray + (new org.opensaml.saml1.core.Attribute[attributes.size()]); } Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java?rev=1235132&r1=1235131&r2=1235132&view=diff ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java Tue Jan 24 04:39:03 2012 @@ -1,6 +1,6 @@ package org.apache.rahas.impl.util; -import org.opensaml.SAMLException; +import org.opensaml.common.SAMLException; /** * SAMLCallback Handler enables you to add data to the Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java?rev=1235132&r1=1235131&r2=1235132&view=diff ============================================================================== --- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java Tue Jan 24 04:39:03 2012 @@ -1,7 +1,7 @@ package org.apache.rahas.impl.util; import org.apache.rahas.RahasData; -import org.opensaml.SAMLNameIdentifier; +import org.opensaml.saml1.core.NameIdentifier; /** * This is used retrieve data for the SAMLNameIdentifier. @@ -12,7 +12,7 @@ import org.opensaml.SAMLNameIdentifier; */ public class SAMLNameIdentifierCallback implements SAMLCallback{ - private SAMLNameIdentifier nameId = null; + private NameIdentifier nameId = null; private String userId = null; private RahasData data = null; @@ -24,11 +24,11 @@ public class SAMLNameIdentifierCallback return SAMLCallback.NAME_IDENTIFIER_CALLBACK; } - public SAMLNameIdentifier getNameId() { + public NameIdentifier getNameId() { return nameId; } - public void setNameId(SAMLNameIdentifier nameId) { + public void setNameId(NameIdentifier nameId) { this.nameId = nameId; }
