r...

nandana Thu, 27 Aug 2009 11:51:19 -0700

Author: nandana
Date: Thu Aug 27 18:50:46 2009
New Revision: 808569

URL: http://svn.apache.org/viewvc?rev=808569&view=rev
Log:
RAMPART-231 Applying Thilina's patch for SAML 2.0 support. Thanks Thilina


Modified:
    
webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
    
webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
    webservices/rampart/branches/java/1_5/modules/rampart-trust-mar/module.xml
    
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
    
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
    
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
    
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
    
webservices/rampart/branches/java/1_5/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
    webservices/rampart/branches/java/1_5/pom.xml

Modified: 
webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- 
webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
 (original)
+++ 
webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
 Thu Aug 27 18:50:46 2009
@@ -17,21 +17,15 @@
 package org.apache.rampart;
 
 import org.apache.axiom.om.OMElement;
-import org.apache.axiom.soap.SOAP11Constants;
-import org.apache.axiom.soap.SOAP12Constants;
-import org.apache.axiom.soap.SOAPEnvelope;
-import org.apache.axiom.soap.SOAPFault;
-import org.apache.axiom.soap.SOAPFaultCode;
-import org.apache.axiom.soap.SOAPFaultSubCode;
-import org.apache.axiom.soap.SOAPFaultValue;
-import org.apache.axiom.soap.SOAPHeader;
-import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axiom.soap.*;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.MessageContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.rahas.Token;
 import org.apache.rahas.TokenStorage;
+import org.apache.rahas.impl.util.SAML2KeyInfo;
+import org.apache.rahas.impl.util.SAML2Utils;
 import org.apache.rampart.policy.RampartPolicyData;
 import org.apache.rampart.util.Axis2Util;
 import org.apache.rampart.util.RampartUtil;
@@ -44,10 +38,13 @@
 import org.apache.ws.security.saml.SAMLKeyInfo;
 import org.apache.ws.security.saml.SAMLUtil;
 import org.opensaml.SAMLAssertion;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmationData;
 
 import javax.xml.namespace.QName;
-
 import java.security.Principal;
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.Iterator;
@@ -172,39 +169,76 @@
                 //get the sec context id from the req msg ctx 
                
                //Store username in MessageContext property
-                
-                for (int j = 0; j < results.size(); j++) {
-                    WSSecurityEngineResult wser = (WSSecurityEngineResult) 
results.get(j);
-                    final Integer actInt = 
-                        (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
-                    if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
-                        final SAMLAssertion assertion = 
+
+        for (int j = 0; j < results.size(); j++) {
+            WSSecurityEngineResult wser = (WSSecurityEngineResult) 
results.get(j);
+            final Integer actInt =
+                    (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+            if (WSConstants.ST_UNSIGNED == actInt.intValue()) {
+
+                // If this is a SAML2.0 assertion
+                if (wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) 
instanceof Assertion) {
+
+                    final Assertion assertion = (Assertion) 
wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+                    String id = assertion.getID();
+                    Subject subject = assertion.getSubject();
+                    SubjectConfirmationData scData = 
subject.getSubjectConfirmations()
+                            .get(0).getSubjectConfirmationData();
+                    Date dateOfCreation = scData.getNotBefore().toDate();
+                    Date dateOfExpiration = scData.getNotOnOrAfter().toDate();
+
+                    // TODO : SAML2KeyInfo element needs to be moved to WSS4J.
+                    SAML2KeyInfo saml2KeyInfo = SAML2Utils.
+                            getSAML2KeyInfo(assertion, signatureCrypto, 
tokenCallbackHandler);
+
+                    //Store the token
+                    try {
+                        TokenStorage store = rmd.getTokenStorage();
+                        if (store.getToken(id) == null) {
+                            Token token = new Token(id, (OMElement) 
SAML2Utils.getElementFromAssertion(assertion), dateOfCreation, 
dateOfExpiration);
+                            token.setSecret(saml2KeyInfo.getSecret());
+                            store.add(token);
+                        }
+                    } catch (Exception e) {
+                        throw new RampartException(
+                                "errorInAddingTokenIntoStore", e);
+                    }
+
+                }
+                //if this is a SAML1.1 assertion
+                else {
+                    final SAMLAssertion assertion =
+
                             ((SAMLAssertion) wser
-                                
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
-                        String id = assertion.getId();
-                        Date created = assertion.getNotBefore();
-                        Date expires = assertion.getNotOnOrAfter();
-                        SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion,
-                                signatureCrypto, tokenCallbackHandler);
-                        try {
-                            TokenStorage store = rmd.getTokenStorage(); 
-                            if(store.getToken(id) == null) {
-                                Token token = new Token(id, 
(OMElement)assertion.toDOM(), created, expires);
-                                token.setSecret(samlKi.getSecret());
-                                store.add(token);
-                            }
-                        } catch (Exception e) {
-                            throw new RampartException(
-                                    "errorInAddingTokenIntoStore", e);
+                                    
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
+                    String id = assertion.getId();
+                    Date created = assertion.getNotBefore();
+                    Date expires = assertion.getNotOnOrAfter();
+                    SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion,
+                            signatureCrypto, tokenCallbackHandler);
+                    try {
+                        TokenStorage store = rmd.getTokenStorage();
+                        if (store.getToken(id) == null) {
+                            Token token = new Token(id, (OMElement) 
assertion.toDOM(), created, expires);
+                            token.setSecret(samlKi.getSecret());
+                            store.add(token);
                         }
-                        
-                    } else if (WSConstants.UT == actInt.intValue()) {
-                        String username = 
((Principal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL))
-                                .getName();
-                        msgCtx.setProperty(RampartMessageData.USERNAME, 
username);
+                    } catch (Exception e) {
+                        throw new RampartException(
+                                "errorInAddingTokenIntoStore", e);
                     }
-        
+
                 }
+            } else if (WSConstants.UT == actInt.intValue()) {
+                String username = ((Principal) 
wser.get(WSSecurityEngineResult.TAG_PRINCIPAL))
+                        .getName();
+                msgCtx.setProperty(RampartMessageData.USERNAME, username);
+            } else if (WSConstants.SIGN == actInt.intValue()) {
+                X509Certificate cert = (X509Certificate) 
wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+                msgCtx.setProperty(RampartMessageData.X509_CERT, cert);
+            }
+
+        }
 
                SOAPEnvelope env = 
Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
 

Modified: 
webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- 
webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
 (original)
+++ 
webservices/rampart/branches/java/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
 Thu Aug 27 18:50:46 2009
@@ -105,6 +105,8 @@
     public final static String CANCEL_REQUEST = "cancelrequest";
     
     public final static String SCT_ID = "sctID";
+
+    public final static String X509_CERT ="X509Certificate";
     
     private MessageContext msgContext = null;
 

Modified: 
webservices/rampart/branches/java/1_5/modules/rampart-trust-mar/module.xml
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-trust-mar/module.xml?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_5/modules/rampart-trust-mar/module.xml 
(original)
+++ webservices/rampart/branches/java/1_5/modules/rampart-trust-mar/module.xml 
Thu Aug 27 18:50:46 2009
@@ -26,22 +26,26 @@
                                <issuer 
class="org.apache.rahas.impl.SAMLTokenIssuer">
                                        <configuration 
type="parameter">saml-issuer-config</configuration>
                                        
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
-                               </issuer>
-                               
-                               <validator 
class="org.apache.rahas.impl.SAMLTokenValidator" default="true">
-                    <configuration 
type="parameter">saml-issuer-config</configuration>
-                    
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+                               </issuer>
+                <issuer class="org.apache.rahas.impl.SAML2TokenIssuer">
+                        <configuration 
type="parameter">saml-issuer-config</configuration>
+                        
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</tokenType>
+                </issuer>
+                
+                               <validator 
class="org.apache.rahas.impl.SAMLTokenValidator" default="true">
+                    <configuration 
type="parameter">saml-issuer-config</configuration>
+                    
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
                 </validator>
 
                 <!-- Only a single canceler is allowed -->
                 <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
                                        <configuration 
type="parameter">token-canceler-config</configuration>
-                               </canceler>
-                               
-                               <!-- Renewers. You may have many renewers -->
-                <renewer class="org.apache.rahas.impl.SAMLTokenRenewer" 
default="true">
-                     <configuration 
type="parameter">saml-issuer-config</configuration>
-                     
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+                               </canceler>
+                               
+                               <!-- Renewers. You may have many renewers -->
+                <renewer class="org.apache.rahas.impl.SAMLTokenRenewer" 
default="true">
+                     <configuration 
type="parameter">saml-issuer-config</configuration>
+                     
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
                 </renewer>
 
             </token-dispatcher-configuration>

Modified: 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
 (original)
+++ 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
 Thu Aug 27 18:50:46 2009
@@ -123,7 +123,13 @@
     public static final String TOK_TYPE_SAML_10 = 
"http://docs.oasis-open.org/wss/"; +
                                                   
"oasis-wss-saml-token-profile-1.1#SAMLV1.1";
 
+    public static final String TOK_TYPE_SAML_20 = 
"http://docs.oasis-open.org/wss/"; +
+                                                  
"oasis-wss-saml-token-profile-1.1#SAMLV2.0";
     //Attrs
     public static final String ATTR_TYPE               = "Type";
     public static final String ATTR_CLAIMS_DIALECT     = "Dialect";
+
+    //Constants required for SAML2 assertion generation
+    public final static String X509_CERT ="X509Certificate";
+    public final static String USERNAME = "username";
 }

Modified: 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
 (original)
+++ 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
 Thu Aug 27 18:50:46 2009
@@ -66,6 +66,9 @@
     public void setKeyComputation(int keyComputation) {
         this.keyComputation = keyComputation;
     }
+    public int getKeyComputation() {
+        return keyComputation;
+    }
     public void setProofKeyType(String proofKeyType) {
         this.proofKeyType = proofKeyType;
     }
@@ -75,6 +78,9 @@
     public void setKeySize(int keySize) {
         this.keySize = keySize;
     }
+    public int getKeySize() {
+        return keySize;
+    }
     public String getProofKeyType() {
         return proofKeyType;
     }

Modified: 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
 (original)
+++ 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
 Thu Aug 27 18:50:46 2009
@@ -22,6 +22,7 @@
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Properties;
+import java.security.cert.X509Certificate;
 
 import javax.xml.namespace.QName;
 
@@ -35,6 +36,8 @@
 import org.apache.commons.logging.LogFactory;
 import org.apache.rahas.TrustException;
 import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.WSSecurityException;
 
 /**
  * Configuration manager for the <code>SAMLTokenIssuer</code>
@@ -322,10 +325,18 @@
         this.issuerKeyAlias = issuerKeyAlias;
     }
 
+    public String getIssuerKeyAlias() {
+        return issuerKeyAlias;
+    }
+
     public void setIssuerKeyPassword(String issuerKeyPassword) {
         this.issuerKeyPassword = issuerKeyPassword;
     }
 
+    public String getIssuerKeyPassword() {
+        return issuerKeyPassword;
+    }
+
     public void setIssuerName(String issuerName) {
         this.issuerName = issuerName;
     }
@@ -388,6 +399,31 @@
                this.callbackHander = callbackHander;
        }
 
-       
-    
+    /**
+     * Uses the <code>wst:AppliesTo</code> to figure out the certificate to
+     * encrypt the secret in the SAML token
+     *
+     * @param crypto
+     * @param serviceAddress
+     *            The address of the service
+     * @return
+     * @throws org.apache.ws.security.WSSecurityException
+     */
+    public X509Certificate getServiceCert(Crypto crypto, String 
serviceAddress) throws WSSecurityException {
+
+        if (serviceAddress != null && !"".equals(serviceAddress)) {
+            String alias = (String) this.trustedServices.get(serviceAddress);
+            if (alias != null) {
+                return crypto.getCertificates(alias)[0];
+            } else {
+                alias = (String) this.trustedServices.get("*");
+                return crypto.getCertificates(alias)[0];
+            }
+        } else {
+            String alias = (String) this.trustedServices.get("*");
+            return crypto.getCertificates(alias)[0];
+        }
+
+    }
+
 }

Modified: 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
 (original)
+++ 
webservices/rampart/branches/java/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
 Thu Aug 27 18:50:46 2009
@@ -5,6 +5,7 @@
 
 import org.apache.rahas.RahasData;
 import org.opensaml.SAMLAttribute;
+import org.opensaml.saml2.core.Attribute;
 
 public class SAMLAttributeCallback implements SAMLCallback{
        
@@ -23,6 +24,22 @@
        public void addAttributes(SAMLAttribute attribute){
                attributes.add(attribute);
        }
+
+    /**
+     * Overloaded  method to support SAML2
+     * @param attr
+     */
+    public void addAttributes(Attribute attr){
+        attributes.add(attr);
+    }
+
+    /**
+     * Get the array of SAML2 attributes.
+     * @return
+     */
+    public Attribute[] getSAML2Attributes(){
+        return (Attribute[])attributes.toArray(new 
Attribute[attributes.size()]);
+    }
        
        public SAMLAttribute[] getAttributes(){
                return (SAMLAttribute[])attributes.toArray(new 
SAMLAttribute[attributes.size()]);

Modified: 
webservices/rampart/branches/java/1_5/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- 
webservices/rampart/branches/java/1_5/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
 (original)
+++ 
webservices/rampart/branches/java/1_5/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
 Thu Aug 27 18:50:46 2009
@@ -8,10 +8,13 @@
                <configuration 
type="file">META-INF/saml-issuer-config.xml</configuration>
                
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
        </issuer>
+    <issuer class="org.apache.rahas.impl.SAML2TokenIssuer">
+               <configuration 
type="file">META-INF/saml-issuer-config.xml</configuration>
+               
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</tokenType>
+       </issuer>
 
     <!-- Only a single canceler is allowed -->
     <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
                <configuration 
type="file">META-INF/token-canceler-config.xml</configuration>
        </canceler>
-
 </token-dispatcher-configuration>
\ No newline at end of file

Modified: webservices/rampart/branches/java/1_5/pom.xml
URL: 
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/pom.xml?rev=808569&r1=808568&r2=808569&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_5/pom.xml (original)
+++ webservices/rampart/branches/java/1_5/pom.xml Thu Aug 27 18:50:46 2009
@@ -7,7 +7,7 @@
     <artifactId>rampart-project</artifactId>
     <packaging>pom</packaging>
     <description> WS-Security, WS-Trust and WS-SecureConversation 
implementaion for Apache Axis2 </description>
-    <version>SNAPSHOT</version>
+    <version>1.5-SNAPSHOT</version>
     <name>Apache Rampart</name>
     <url>http://ws.apache.org/rampart</url>
 
@@ -232,10 +232,20 @@
             <version>${xmlsec.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.opensaml</groupId>
+            <groupId>opensaml</groupId>
             <artifactId>opensaml</artifactId>
-            <version>${opensaml.version}</version>
+            <version>1.1</version>
         </dependency>
+       <dependency>
+           <groupId>org.opensaml</groupId>
+           <artifactId>opensaml</artifactId>
+           <version>2.2.3</version>
+       </dependency>
+               <dependency>
+               <groupId>org.slf4j</groupId>
+               <artifactId>slf4j-jdk14</artifactId>
+               <version>1.5.2</version>
+       </dependency>
 
         <dependency>
             <groupId>log4j</groupId>
@@ -366,15 +376,15 @@
     <properties>
 
         <rampart.version>${pom.version}</rampart.version>
-        <rampart.mar.version>SNAPSHOT</rampart.mar.version>
-        <rahas.mar.version>SNAPSHOT</rahas.mar.version>
+        <rampart.mar.version>1.5</rampart.mar.version>
+        <rahas.mar.version>1.5</rahas.mar.version>
 
         <axis2.version>1.5</axis2.version>
         <axis2.transport.version>1.0-SNAPSHOT</axis2.transport.version>
         <addressing.mar.version>1.5</addressing.mar.version>
 
         <wss4j.version>1.5.8</wss4j.version>
-        <xmlsec.version>1.4.2</xmlsec.version>
+       <xmlsec.version>1.4.2</xmlsec.version>
         <opensaml.version>1.1</opensaml.version>
 
         <bcprov.jdk14.version>140</bcprov.jdk14.version>

svn commit: r808569 - in /webservices/rampart/branches/java/1_5: ./ modules/rampart-core/src/main/java/org/apache/rampart/ modules/rampart-trust-mar/ modules/rampart-trust/src/main/java/org/apache/rahas/ modules/rampart-trust/src/main/java/org/apache/r...

Reply via email to