Author: keith Date: Fri Jul 18 23:46:36 2008 New Revision: 19615 URL: http://wso2.org/svn/browse/wso2?view=rev&revision=19615
Log: \commiting in a patch that addresses Mashup-988. This addresses Identity-207 Added: trunk/mashup/java/modules/patches/identity/ trunk/mashup/java/modules/patches/identity/pom.xml trunk/mashup/java/modules/patches/identity/resources/ trunk/mashup/java/modules/patches/identity/resources/identity-patches.txt trunk/mashup/java/modules/patches/identity/src/ trunk/mashup/java/modules/patches/identity/src/org/ trunk/mashup/java/modules/patches/identity/src/org/wso2/ trunk/mashup/java/modules/patches/identity/src/org/wso2/solutions/ trunk/mashup/java/modules/patches/identity/src/org/wso2/solutions/identity/ trunk/mashup/java/modules/patches/identity/src/org/wso2/solutions/identity/relyingparty/ trunk/mashup/java/modules/patches/identity/src/org/wso2/solutions/identity/relyingparty/servletfilter/ trunk/mashup/java/modules/patches/identity/src/org/wso2/solutions/identity/relyingparty/servletfilter/RelyingPartyData.java Modified: trunk/mashup/java/modules/distribution/create-distro-build.xml trunk/mashup/java/modules/patches/pom.xml Modified: trunk/mashup/java/modules/distribution/create-distro-build.xml URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/distribution/create-distro-build.xml?rev=19615&r1=19614&r2=19615&view=diff ============================================================================== --- trunk/mashup/java/modules/distribution/create-distro-build.xml (original) +++ trunk/mashup/java/modules/distribution/create-distro-build.xml Fri Jul 18 23:46:36 2008 @@ -323,5 +323,9 @@ <echo message="### Copying Rampart Patches ###"/> <copy toDir="${dist.dir}/lib/patches" filtering="off" file="../patches/rampart/target/wso2mashup-rampart-patches-${wso2mashup.version}.jar"/> <copy toDir="${dist.dir}/lib/patches" filtering="off" file="../patches/rampart/resources/rampart-patches.txt"/> + + <echo message="### Copying Identity Patches ###"/> + <copy toDir="${dist.dir}/lib/patches" filtering="off" file="../patches/identity/target/wso2mashup-identity-patches-${wso2mashup.version}.jar"/> + <copy toDir="${dist.dir}/lib/patches" filtering="off" file="../patches/identity/resources/identity-patches.txt"/> </target> </project> \ No newline at end of file Added: trunk/mashup/java/modules/patches/identity/pom.xml URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/patches/identity/pom.xml?pathrev=19615 ============================================================================== --- (empty file) +++ trunk/mashup/java/modules/patches/identity/pom.xml Fri Jul 18 23:46:36 2008 @@ -0,0 +1,45 @@ +<!-- + ~ Copyright (c) 2006, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> +<project xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + + <parent> + <groupId>org.wso2.mashup</groupId> + <artifactId>org.wso2.mashup</artifactId> + <version>SNAPSHOT</version> + </parent> + + <modelVersion>4.0.0</modelVersion> + <artifactId>wso2mashup-identity-patches</artifactId> + <packaging>jar</packaging> + <version>SNAPSHOT</version> + <name>WSO2 Mashup Server - Identity Patches</name> + <build> + <sourceDirectory>src</sourceDirectory> + <testSourceDirectory>test</testSourceDirectory> + <resources> + <resource> + <directory>src</directory> + <includes> + <include>**/*.properties</include> + <include>**/*.xml</include> + <include>**/*.xsl</include> + </includes> + </resource> + </resources> + </build> +</project> Added: trunk/mashup/java/modules/patches/identity/resources/identity-patches.txt URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/patches/identity/resources/identity-patches.txt?pathrev=19615 ============================================================================== --- (empty file) +++ trunk/mashup/java/modules/patches/identity/resources/identity-patches.txt Fri Jul 18 23:46:36 2008 @@ -0,0 +1,3 @@ +JIRA issues that this patch address + +https://wso2.org/jira/browse/IDENTITY-207 Added: trunk/mashup/java/modules/patches/identity/src/org/wso2/solutions/identity/relyingparty/servletfilter/RelyingPartyData.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/patches/identity/src/org/wso2/solutions/identity/relyingparty/servletfilter/RelyingPartyData.java?pathrev=19615 ============================================================================== --- (empty file) +++ trunk/mashup/java/modules/patches/identity/src/org/wso2/solutions/identity/relyingparty/servletfilter/RelyingPartyData.java Fri Jul 18 23:46:36 2008 @@ -0,0 +1,257 @@ +package org.wso2.solutions.identity.relyingparty.servletfilter; + +import java.io.File; +import java.io.FileInputStream; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.util.List; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; + +import org.wso2.solutions.identity.relyingparty.TokenVerifierConstants; +import org.wso2.solutions.identity.relyingparty.saml.IssuerCertificateUtil; + +public class RelyingPartyData { + + private KeyStore systemStore = null; + + private PrivateKey privateKey = null; + + private String validatePolicy = null; + + private String issuerPolicy = null; + + private KeyStore trustStore = null; + + /** + * One array contains one DN name + */ + private List[] blackList = null; + + /** + * One array contains one DN name + */ + private List[] whiteList = null; + + /** + * This method read parameters from web.xml Step 1 : Read my private key + * Step 2 : Read the token validation policy Step 3 : Read paramters that is + * needed perform token validation + * + * if(promiscuous) ->read nothing else if(blackList) ->read the blacklist + * and keystore details else if (whiteList)->read the whitelist and keystor + * details + * + */ + public void loadData(FilterConfig filterConfig) throws ServletException { + String keyStore = filterConfig + .getInitParameter(TokenVerifierConstants.KEY_STORE); + String storeType = filterConfig + .getInitParameter(TokenVerifierConstants.STORE_TYPE); + String storePass = filterConfig + .getInitParameter(TokenVerifierConstants.STORE_PASS); + String keyAlias = filterConfig + .getInitParameter(TokenVerifierConstants.KEY_ALIAS); + String keyPass = filterConfig + .getInitParameter(TokenVerifierConstants.KEY_PASS); + + issuerPolicy = filterConfig + .getInitParameter(TokenVerifierConstants.ISSUER_POLICY); + + if (issuerPolicy != null + && !(issuerPolicy.equals(TokenVerifierConstants.SELF_ONLY) + || issuerPolicy + .equals(TokenVerifierConstants.MANGED_ONLY) || issuerPolicy + .equals(TokenVerifierConstants.SELF_AND_MANGED))) { + throw new ServletException("Invalid Issuer Policy!"); + } + + try { + KeyStore store = KeyStore.getInstance(storeType); + String realPath = filterConfig.getServletContext().getRealPath( + keyStore); + FileInputStream fis = new FileInputStream(realPath); + store.load(fis, storePass.toCharArray()); + privateKey = (PrivateKey) store.getKey(keyAlias, keyPass + .toCharArray()); + fis.close(); + } catch (Exception e) { + throw new ServletException("Cannot load the private key", e); + } + + // Step 2: Reading Token validate policy - + // prmiscuous/blacklist/whitelist/certvalidte + validatePolicy = filterConfig + .getInitParameter(TokenVerifierConstants.TOKEN_VALIDATE_POLICY); + + if (validatePolicy == null) { + validatePolicy = TokenVerifierConstants.CERT_VALIDATE; // .PROMISCUOUS; + } + + // Step 3: Reading paramters of each policy + + if (validatePolicy.equals(TokenVerifierConstants.BLACK_LIST)) { + String value = filterConfig + .getInitParameter(TokenVerifierConstants.BLACK_LIST); + if (value != null) { + blackList = readBlackWhiteList(value); + } + } + + if (validatePolicy.equals(TokenVerifierConstants.WHITE_LIST)) { + String value = filterConfig + .getInitParameter(TokenVerifierConstants.WHITE_LIST); + if (value != null) { + whiteList = readBlackWhiteList(value); + } + } + + if (validatePolicy.equals(TokenVerifierConstants.WHITE_LIST) + || validatePolicy.equals(TokenVerifierConstants.BLACK_LIST) + || validatePolicy.equals(TokenVerifierConstants.CERT_VALIDATE)) { + String IdPstoreFilePath = filterConfig + .getInitParameter(TokenVerifierConstants.TRUSTED_KEY_STORE); + String IdPStorePass = filterConfig + .getInitParameter(TokenVerifierConstants.TRUSTED_STORE_PASS); + String IdpStoreType = filterConfig + .getInitParameter(TokenVerifierConstants.TRUSTED_STORE_TYPE); + + try { + trustStore = KeyStore.getInstance(IdpStoreType); + String realPath = filterConfig.getServletContext().getRealPath( + IdPstoreFilePath); + trustStore.load(new FileInputStream(realPath), IdPStorePass + .toCharArray()); + } catch (Exception e) { + throw new ServletException("Cannot load trusted store" + + IdPstoreFilePath + " and " + IdPStorePass); + } + + String defaultStorePass = filterConfig + .getInitParameter(TokenVerifierConstants.SYSTEM_KEY_STORE_PASS); + if (defaultStorePass == null) { + // assume that it hasn't been changed + defaultStorePass = "changeit"; + } + + String javaHome = System.getenv("JAVA_HOME"); + if (javaHome == null) { + throw new ServletException("Cannot find JAVA_HOME"); + } + + String defaultKeyStore = null; + if (File.separator.equals("/")) { + String temp = javaHome + "/lib/security/cacerts"; + File test = new File(temp); + if(!test.exists()){ + temp = javaHome + TokenVerifierConstants.CACERTS_STORE_UNIX; + } + defaultKeyStore = temp; + } else { + String temp = javaHome + "\\lib\\security\\cacerts"; + File test = new File(temp); + if(!test.exists()){ + temp = javaHome + TokenVerifierConstants.CACERTS_STORE_WIN; + } + defaultKeyStore = temp; + } + + try { + FileInputStream is = new FileInputStream(defaultKeyStore); + KeyStore sysKS = KeyStore.getInstance("JKS"); + sysKS.load(is, defaultStorePass.toCharArray()); + this.systemStore = sysKS; + } catch (Exception e) { + throw new ServletException("Cannot load system key store"); + } + + } + } + + public PrivateKey getPrivateKey() { + return privateKey; + } + + public void setPrivateKey(PrivateKey privateKey) { + this.privateKey = privateKey; + } + + public String getValidatePolicy() { + return validatePolicy; + } + + public void setValidatePolicy(String validatePolicy) { + this.validatePolicy = validatePolicy; + } + + public String getIssuerPolicy() { + return issuerPolicy; + } + + public void setIssuerPolicy(String issuerPolicy) { + this.issuerPolicy = issuerPolicy; + } + + public KeyStore getTrustStore() { + return trustStore; + } + + public void setTrustStore(KeyStore trustStore) { + this.trustStore = trustStore; + } + + public List[] getBlackList() { + return blackList; + } + + public void setBlackList(List[] blackList) { + this.blackList = blackList; + } + + public List[] getWhiteList() { + return whiteList; + } + + public void setWhiteList(List[] whiteList) { + this.whiteList = whiteList; + } + + public KeyStore getSystemStore() { + return systemStore; + } + + public void setSystemStore(KeyStore systemStore) { + this.systemStore = systemStore; + } + + private List[] readBlackWhiteList(String paramString) { + List[] dnList = null; + String[] array = paramString.split("\\},\\{"); + + if (array != null) { + if ((array.length > 1) && array[0].startsWith("{")) { + StringBuffer buff = new StringBuffer(array[0]); + buff.deleteCharAt(0); + array[0] = buff.toString(); + + } + int lastIndex = array.length - 1; + if ((array.length > 1) && array[lastIndex].endsWith("}")) { + StringBuffer buff = new StringBuffer(array[lastIndex]); + buff.deleteCharAt(buff.length() - 1); + array[lastIndex] = buff.toString(); + } + + dnList = new List[array.length]; + for (int i = 0; i < array.length; i++) { + List lst = IssuerCertificateUtil.getDNOfIssuer(array[i]); + dnList[i] = lst; + } + + } + + return dnList; + } + +} Modified: trunk/mashup/java/modules/patches/pom.xml URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/patches/pom.xml?rev=19615&r1=19614&r2=19615&view=diff ============================================================================== --- trunk/mashup/java/modules/patches/pom.xml (original) +++ trunk/mashup/java/modules/patches/pom.xml Fri Jul 18 23:46:36 2008 @@ -34,5 +34,6 @@ <module>registry</module> <module>wsas</module> <module>rampart</module> + <module>identity</module> </modules> </project> _______________________________________________ Mashup-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
