You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/14 18:12:48 UTC
cxf-fediz git commit: Cleaning up Metadata a bit
Repository: cxf-fediz
Updated Branches:
refs/heads/master 3957617a1 -> 541c991fa
Cleaning up Metadata a bit
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/541c991f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/541c991f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/541c991f
Branch: refs/heads/master
Commit: 541c991fae9917853ba59c44002dbf1e5c2b4b10
Parents: 3957617
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 14 16:22:53 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 14 16:22:53 2015 +0100
----------------------------------------------------------------------
.../cxf/fediz/service/idp/MetadataServlet.java | 2 +-
.../fediz/service/idp/util/MetadataWriter.java | 156 ++++++++++---------
2 files changed, 82 insertions(+), 76 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/541c991f/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
index 5d76072..b0fbdb8 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
@@ -61,7 +61,7 @@ public class MetadataServlet extends HttpServlet {
Idp idpConfig = cs.getIDP(realm);
LOG.debug(idpConfig.toString());
MetadataWriter mw = new MetadataWriter();
- Document metadata = mw.getMetaData(idpConfig);
+ Document metadata = mw.getMetaData(idpConfig);
out.write(DOM2Writer.nodeToString(metadata));
} catch (Exception ex) {
LOG.error("Failed to get metadata document: ", ex);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/541c991f/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
index bcc7e37..88f0547 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
@@ -28,10 +28,10 @@ import java.security.cert.X509Certificate;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.w3c.dom.Document;
-
import org.apache.cxf.fediz.core.util.CertsUtils;
import org.apache.cxf.fediz.core.util.SignatureUtils;
import org.apache.cxf.fediz.service.idp.domain.Claim;
@@ -62,7 +62,6 @@ public class MetadataWriter {
public Document getMetaData(Idp config) throws RuntimeException {
//Return as text/xml
try {
-
Crypto crypto = CertsUtils.createCrypto(config.getCertificate());
ByteArrayOutputStream bout = new ByteArrayOutputStream(4096);
@@ -82,86 +81,14 @@ public class MetadataWriter {
writer.writeNamespace("wsa", WS_ADDRESSING_NS);
writer.writeNamespace("auth", WS_FEDERATION_NS);
writer.writeNamespace("xsi", SCHEMA_INSTANCE_NS);
-
- writer.writeStartElement("md", "RoleDescriptor", WS_FEDERATION_NS);
- writer.writeAttribute(SCHEMA_INSTANCE_NS, "type", "fed:SecurityTokenServiceType");
- writer.writeAttribute("protocolSupportEnumeration", WS_FEDERATION_NS);
- if (config.getServiceDescription() != null && config.getServiceDescription().length() > 0 ) {
- writer.writeAttribute("ServiceDescription", config.getServiceDescription());
- }
- if (config.getServiceDisplayName() != null && config.getServiceDisplayName().length() > 0 ) {
- writer.writeAttribute("ServiceDisplayName", config.getServiceDisplayName());
- }
-
- //http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
- //missing organization, contactperson
- //KeyDescriptor
- writer.writeStartElement("", "KeyDescriptor", SAML2_METADATA_NS);
- writer.writeAttribute("use", "signing");
- writer.writeStartElement("", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
- writer.writeStartElement("", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
- writer.writeStartElement("", "X509Certificate", "http://www.w3.org/2000/09/xmldsig#");
-
- try {
- String keyAlias = crypto.getDefaultX509Identifier();
- X509Certificate cert = CertsUtils.getX509Certificate(crypto, keyAlias);
- writer.writeCharacters(Base64.encode(cert.getEncoded()));
- } catch (Exception ex) {
- LOG.error("Failed to add certificate information to metadata. Metadata incomplete", ex);
- }
-
- writer.writeEndElement(); // X509Certificate
- writer.writeEndElement(); // X509Data
- writer.writeEndElement(); // KeyInfo
- writer.writeEndElement(); // KeyDescriptor
-
-
- // SecurityTokenServiceEndpoint
- writer.writeStartElement("fed", "SecurityTokenServiceEndpoint", WS_FEDERATION_NS);
- writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
-
- writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
- writer.writeCharacters(config.getStsUrl().toString());
+ writeFederationMetadata(writer, config, crypto);
- writer.writeEndElement(); // Address
- writer.writeEndElement(); // EndpointReference
- writer.writeEndElement(); // SecurityTokenServiceEndpoint
-
-
- // PassiveRequestorEndpoint
- writer.writeStartElement("fed", "PassiveRequestorEndpoint", WS_FEDERATION_NS);
- writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
-
- writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
- writer.writeCharacters(config.getIdpUrl().toString());
-
- writer.writeEndElement(); // Address
- writer.writeEndElement(); // EndpointReference
- writer.writeEndElement(); // PassiveRequestorEndpoint
-
-
- // create ClaimsType section
- if (config.getClaimTypesOffered() != null && config.getClaimTypesOffered().size() > 0) {
- writer.writeStartElement("fed", "ClaimTypesOffered", WS_FEDERATION_NS);
- for (Claim claim : config.getClaimTypesOffered()) {
-
- writer.writeStartElement("auth", "ClaimType", WS_FEDERATION_NS);
- writer.writeAttribute("Uri", claim.getClaimType().toString());
- writer.writeAttribute("Optional", "true");
- writer.writeEndElement(); // ClaimType
-
- }
- writer.writeEndElement(); // ClaimTypesOffered
- }
-
- writer.writeEndElement(); // RoleDescriptor
writer.writeEndElement(); // EntityDescriptor
writer.writeEndDocument();
streamWriter.flush();
bout.flush();
- //
if (LOG.isDebugEnabled()) {
String out = new String(bout.toByteArray());
@@ -184,7 +111,86 @@ public class MetadataWriter {
LOG.error("Error creating service metadata information ", e);
throw new RuntimeException("Error creating service metadata information: " + e.getMessage());
}
+
+ }
+
+ private void writeFederationMetadata(
+ XMLStreamWriter writer, Idp config, Crypto crypto
+ ) throws XMLStreamException {
+
+ writer.writeStartElement("md", "RoleDescriptor", WS_FEDERATION_NS);
+ writer.writeAttribute(SCHEMA_INSTANCE_NS, "type", "fed:SecurityTokenServiceType");
+ writer.writeAttribute("protocolSupportEnumeration", WS_FEDERATION_NS);
+ if (config.getServiceDescription() != null && config.getServiceDescription().length() > 0 ) {
+ writer.writeAttribute("ServiceDescription", config.getServiceDescription());
+ }
+ if (config.getServiceDisplayName() != null && config.getServiceDisplayName().length() > 0 ) {
+ writer.writeAttribute("ServiceDisplayName", config.getServiceDisplayName());
+ }
+
+ //http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
+ //missing organization, contactperson
+
+ //KeyDescriptor
+ writer.writeStartElement("", "KeyDescriptor", SAML2_METADATA_NS);
+ writer.writeAttribute("use", "signing");
+ writer.writeStartElement("", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
+ writer.writeStartElement("", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
+ writer.writeStartElement("", "X509Certificate", "http://www.w3.org/2000/09/xmldsig#");
+
+ try {
+ String keyAlias = crypto.getDefaultX509Identifier();
+ X509Certificate cert = CertsUtils.getX509Certificate(crypto, keyAlias);
+ writer.writeCharacters(Base64.encode(cert.getEncoded()));
+ } catch (Exception ex) {
+ LOG.error("Failed to add certificate information to metadata. Metadata incomplete", ex);
+ }
+
+ writer.writeEndElement(); // X509Certificate
+ writer.writeEndElement(); // X509Data
+ writer.writeEndElement(); // KeyInfo
+ writer.writeEndElement(); // KeyDescriptor
+
+
+ // SecurityTokenServiceEndpoint
+ writer.writeStartElement("fed", "SecurityTokenServiceEndpoint", WS_FEDERATION_NS);
+ writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
+
+ writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
+ writer.writeCharacters(config.getStsUrl().toString());
+
+ writer.writeEndElement(); // Address
+ writer.writeEndElement(); // EndpointReference
+ writer.writeEndElement(); // SecurityTokenServiceEndpoint
+
+
+ // PassiveRequestorEndpoint
+ writer.writeStartElement("fed", "PassiveRequestorEndpoint", WS_FEDERATION_NS);
+ writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
+
+ writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
+ writer.writeCharacters(config.getIdpUrl().toString());
+
+ writer.writeEndElement(); // Address
+ writer.writeEndElement(); // EndpointReference
+ writer.writeEndElement(); // PassiveRequestorEndpoint
+
+
+ // create ClaimsType section
+ if (config.getClaimTypesOffered() != null && config.getClaimTypesOffered().size() > 0) {
+ writer.writeStartElement("fed", "ClaimTypesOffered", WS_FEDERATION_NS);
+ for (Claim claim : config.getClaimTypesOffered()) {
+
+ writer.writeStartElement("auth", "ClaimType", WS_FEDERATION_NS);
+ writer.writeAttribute("Uri", claim.getClaimType().toString());
+ writer.writeAttribute("Optional", "true");
+ writer.writeEndElement(); // ClaimType
+
+ }
+ writer.writeEndElement(); // ClaimTypesOffered
+ }
+ writer.writeEndElement(); // RoleDescriptor
}