You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by am...@apache.org on 2012/01/24 05:39:04 UTC
svn commit: r1235132 [1/3] - in /axis/axis2/java/rampart/trunk: ./
modules/rampart-core/src/main/java/org/apache/rampart/
modules/rampart-core/src/main/java/org/apache/rampart/saml/
modules/rampart-integration/src/test/java/org/apache/rahas/ modules/ra...
Author: amilaj
Date: Tue Jan 24 04:39:03 2012
New Revision: 1235132
URL: http://svn.apache.org/viewvc?rev=1235132&view=rev
Log:
Fixing issue RAMPART-354. Upgraded OpenSAML version to 2.5.1-1. Added more unit tests to trust module
Added:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandlerFactory.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RampartSAMLBootstrap.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/impl/
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/resources/
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/resources/crypto.config
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/resources/keystore.jks (with props)
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/pom.xml
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
axis/axis2/java/rampart/trunk/pom.xml
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java Tue Jan 24 04:39:03 2012
@@ -16,7 +16,6 @@
package org.apache.rampart;
-import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAP11Constants;
import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axiom.soap.SOAPEnvelope;
@@ -30,13 +29,11 @@ import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.rahas.RahasConstants;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
-import org.apache.rahas.TrustUtil;
-import org.apache.rahas.impl.util.SAML2KeyInfo;
-import org.apache.rahas.impl.util.SAML2Utils;
import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.saml.SAMLAssertionHandler;
+import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
@@ -46,18 +43,10 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.SAMLUtil;
-import org.opensaml.SAMLAssertion;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmationData;
import javax.xml.namespace.QName;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.Date;
import java.util.Iterator;
import java.util.Vector;
@@ -70,7 +59,6 @@ public class RampartEngine {
public Vector process(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
- boolean doDebug = log.isDebugEnabled();
boolean dotDebug = tlog.isDebugEnabled();
log.debug("Enter process(MessageContext msgCtx)");
@@ -103,7 +91,7 @@ public class RampartEngine {
}
- Vector results = null;
+ Vector results;
WSSecurityEngine engine = new WSSecurityEngine();
@@ -188,89 +176,30 @@ public class RampartEngine {
(Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
if (WSConstants.ST_UNSIGNED == actInt.intValue()) {
- // If this is a SAML2.0 assertion
- if (wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) instanceof Assertion) {
- final Assertion assertion = (Assertion) wser.get(
- WSSecurityEngineResult.TAG_SAML_ASSERTION);
-
- // if the subject confirmation method is Bearer, do not try to get the KeyInfo
- if(TrustUtil.getSAML2SubjectConfirmationMethod(assertion).equals(
- RahasConstants.SAML20_SUBJECT_CONFIRMATION_BEARER)){
- break;
- }
-
- String id = assertion.getID();
- Subject subject = assertion.getSubject();
+ Object samlAssertion = wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- Date dateOfCreation = null;
- Date dateOfExpiration = null;
-
- //Read the validity period from the 'Conditions' element, else read it from SC Data
- if (assertion.getConditions() != null) {
- Conditions conditions = assertion.getConditions();
- if (conditions.getNotBefore() != null) {
- dateOfCreation = conditions.getNotBefore().toDate();
- }
- if (conditions.getNotOnOrAfter() != null) {
- dateOfExpiration = conditions.getNotOnOrAfter().toDate();
- }
- } else {
- SubjectConfirmationData scData = subject.getSubjectConfirmations()
- .get(0).getSubjectConfirmationData();
- if (scData.getNotBefore() != null) {
- dateOfCreation = scData.getNotBefore().toDate();
- }
- if (scData.getNotOnOrAfter() != null) {
- dateOfExpiration = scData.getNotOnOrAfter().toDate();
- }
- }
-
- // TODO : SAML2KeyInfo element needs to be moved to WSS4J.
- SAML2KeyInfo saml2KeyInfo = SAML2Utils.
- getSAML2KeyInfo(assertion, signatureCrypto, tokenCallbackHandler);
-
- //Store the token
- try {
- TokenStorage store = rmd.getTokenStorage();
- if (store.getToken(id) == null) {
- Token token = new Token(id, (OMElement) SAML2Utils.getElementFromAssertion(assertion), dateOfCreation, dateOfExpiration);
- token.setSecret(saml2KeyInfo.getSecret());
- store.add(token);
- }
- } catch (Exception e) {
- throw new RampartException(
- "errorInAddingTokenIntoStore", e);
- }
+ SAMLAssertionHandler samlAssertionHandler
+ = SAMLAssertionHandlerFactory.createAssertionHandler(samlAssertion);
+ if (samlAssertionHandler.isBearerAssertion()) {
+ break;
}
- //if this is a SAML1.1 assertion
- else {
- final SAMLAssertion assertion = ((SAMLAssertion) wser.get(
- WSSecurityEngineResult.TAG_SAML_ASSERTION));
-
- // if the subject confirmation method is Bearer, do not try to get the KeyInfo
- if(RahasConstants.SAML11_SUBJECT_CONFIRMATION_BEARER.equals(
- TrustUtil.getSAML11SubjectConfirmationMethod(assertion))){
- break;
+ //Store the token
+ try {
+ TokenStorage store = rmd.getTokenStorage();
+ if (store.getToken(samlAssertionHandler.getAssertionId()) == null) {
+ Token token = new Token(samlAssertionHandler.getAssertionId(),
+ samlAssertionHandler.getAssertionElement(),
+ samlAssertionHandler.getDateNotBefore(),
+ samlAssertionHandler.getDateNotOnOrAfter());
+
+ token.setSecret(samlAssertionHandler.
+ getAssertionKeyInfoSecret(signatureCrypto, tokenCallbackHandler));
+ store.add(token);
}
-
- String id = assertion.getId();
- Date created = assertion.getNotBefore();
- Date expires = assertion.getNotOnOrAfter();
- SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion,
- signatureCrypto, tokenCallbackHandler);
- try {
- TokenStorage store = rmd.getTokenStorage();
- if (store.getToken(id) == null) {
- Token token = new Token(id, (OMElement) assertion.toDOM(), created, expires);
- token.setSecret(samlKi.getSecret());
- store.add(token);
- }
- } catch (Exception e) {
- throw new RampartException(
- "errorInAddingTokenIntoStore", e);
- }
-
+ } catch (Exception e) {
+ throw new RampartException(
+ "errorInAddingTokenIntoStore", e);
}
} else if (WSConstants.UT == actInt.intValue()) {
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java Tue Jan 24 04:39:03 2012
@@ -45,7 +45,7 @@ public class RampartException extends Ex
/**
* Construct the fault properly code for the standard faults
- * @param faultCode2
+ * @param code code as definfed in property file under
* @return
*/
private String getFaultCode(String code) {
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java Tue Jan 24 04:39:03 2012
@@ -36,6 +36,8 @@ import org.apache.rampart.handler.WSSHan
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.saml.SAMLAssertionHandler;
+import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SP11Constants;
@@ -53,7 +55,6 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
import java.util.ArrayList;
@@ -588,10 +589,12 @@ public class RampartMessageData {
final Integer actInt =
(Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
- final SAMLAssertion assertion =
- ((SAMLAssertion) wser
- .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
- return assertion.getId();
+ final Object assertion =
+ wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ SAMLAssertionHandler samlAssertionHandler
+ = SAMLAssertionHandlerFactory.createAssertionHandler(assertion);
+
+ return samlAssertionHandler.getAssertionId();
}
}
Added: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java?rev=1235132&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java (added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java Tue Jan 24 04:39:03 2012
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.saml;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.SAMLUtils;
+import org.apache.rampart.TokenCallbackHandler;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.SAMLUtil;
+import org.opensaml.saml1.core.Assertion;
+import org.opensaml.saml1.core.Conditions;
+
+/**
+ * This class handles SAML1 assertions.Processes SAML1 assertion and will extract SAML1 attributes
+ * such as assertion id, start date, end date etc ...
+ */
+public class SAML1AssertionHandler extends SAMLAssertionHandler{
+
+ private Assertion assertion;
+
+ public SAML1AssertionHandler(Assertion saml1Assertion) {
+ this.assertion = saml1Assertion;
+ this.processSAMLAssertion();
+ }
+
+ @Override
+ public boolean isBearerAssertion() {
+ return RahasConstants.SAML11_SUBJECT_CONFIRMATION_BEARER.equals(
+ SAMLUtils.getSAML11SubjectConfirmationMethod(assertion));
+ }
+
+ @Override
+ protected void processSAMLAssertion() {
+
+ this.setAssertionId(assertion.getID());
+
+ //Read the validity period from the 'Conditions' element, else read it from SC Data
+ if (assertion.getConditions() != null) {
+ Conditions conditions = assertion.getConditions();
+ if (conditions.getNotBefore() != null) {
+ this.setDateNotBefore(conditions.getNotBefore().toDate());
+ }
+ if (conditions.getNotOnOrAfter() != null) {
+ this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate());
+ }
+ }
+ }
+
+ @Override
+ public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler)
+ throws WSSecurityException {
+
+ // TODO change this to use SAMLAssertion parameter once wss4j conversion is done ....
+ SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion.getDOM(),
+ signatureCrypto, tokenCallbackHandler);
+ return samlKi.getSecret();
+ }
+
+
+ @Override
+ public OMElement getAssertionElement() throws TrustException {
+ return (OMElement)this.assertion.getDOM();
+ }
+
+
+}
Added: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java?rev=1235132&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java (added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java Tue Jan 24 04:39:03 2012
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.saml;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.SAML2KeyInfo;
+import org.apache.rahas.impl.util.SAML2Utils;
+import org.apache.rampart.TokenCallbackHandler;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+
+
+/**
+ * This class handles SAML2 assertions.Processes SAML2 assertion and will extract SAML2 attributes
+ * such as assertion id, start date, end date etc ...
+ */
+public class SAML2AssertionHandler extends SAMLAssertionHandler{
+
+ private static final Log log = LogFactory.getLog(SAML2AssertionHandler.class);
+
+ private Assertion assertion;
+
+
+ public SAML2AssertionHandler(Assertion samlAssertion) {
+ this.assertion = samlAssertion;
+ this.processSAMLAssertion();
+ }
+
+ /**
+ * Checks whether SAML assertion is bearer - urn:oasis:names:tc:SAML:2.0:cm:bearer
+ *
+ * @return true if assertion is bearer else false.
+ */
+ public boolean isBearerAssertion() {
+
+ // if the subject confirmation method is Bearer, do not try to get the KeyInfo
+ return SAML2Utils.getSAML2SubjectConfirmationMethod(assertion).equals(
+ RahasConstants.SAML20_SUBJECT_CONFIRMATION_BEARER);
+ }
+
+ protected void processSAMLAssertion() {
+
+ this.setAssertionId(assertion.getID());
+
+ Subject subject = assertion.getSubject();
+
+ //Read the validity period from the 'Conditions' element, else read it from SC Data
+ if (assertion.getConditions() != null) {
+ Conditions conditions = assertion.getConditions();
+ if (conditions.getNotBefore() != null) {
+ this.setDateNotBefore(conditions.getNotBefore().toDate());
+ }
+ if (conditions.getNotOnOrAfter() != null) {
+ this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate());
+ }
+ } else {
+ SubjectConfirmationData scData = subject.getSubjectConfirmations()
+ .get(0).getSubjectConfirmationData();
+ if (scData.getNotBefore() != null) {
+ this.setDateNotBefore(scData.getNotBefore().toDate());
+ }
+ if (scData.getNotOnOrAfter() != null) {
+ this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate());
+ }
+ }
+
+ }
+
+ public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler)
+ throws WSSecurityException {
+ // TODO : SAML2KeyInfo element needs to be moved to WSS4J.
+ SAML2KeyInfo saml2KeyInfo = SAML2Utils.
+ getSAML2KeyInfo(assertion, signatureCrypto, tokenCallbackHandler);
+
+ return saml2KeyInfo.getSecret();
+ }
+
+ public OMElement getAssertionElement() throws TrustException{
+ try {
+ return (OMElement) SAML2Utils.getElementFromAssertion(assertion);
+ } catch (TrustException e) {
+ log.error("Error getting Axiom representation of SAML2 assertion.", e);
+ throw e;
+ }
+ }
+
+
+
+}
Added: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java?rev=1235132&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java (added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java Tue Jan 24 04:39:03 2012
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.saml;
+
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.TokenCallbackHandler;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+
+import java.util.Date;
+
+/**
+ * A class to handle attributes to common SAML1 and SAML2 assertions.
+ */
+public abstract class SAMLAssertionHandler {
+
+
+ private String assertionId;
+
+ private Date dateNotBefore;
+
+ private Date dateNotOnOrAfter;
+
+ public String getAssertionId() {
+ return assertionId;
+ }
+
+ protected void setAssertionId(String assertionId) {
+ this.assertionId = assertionId;
+ }
+
+ public Date getDateNotBefore() {
+ return dateNotBefore;
+ }
+
+ protected void setDateNotBefore(Date dateNotBefore) {
+ this.dateNotBefore = dateNotBefore;
+ }
+
+ public Date getDateNotOnOrAfter() {
+ return dateNotOnOrAfter;
+ }
+
+ protected void setDateNotOnOrAfter(Date dateNotOnOrAfter) {
+ this.dateNotOnOrAfter = dateNotOnOrAfter;
+ }
+
+ /**
+ * Checks whether SAML assertion is bearer - urn:oasis:names:tc:SAML:2.0:cm:bearer
+ *
+ * @return true if assertion is bearer else false.
+ */
+ public abstract boolean isBearerAssertion();
+
+ protected abstract void processSAMLAssertion();
+
+
+ /**
+ * Gets the secret in assertion.
+ * @param signatureCrypto Signature crypto info, private,public keys.
+ * @param tokenCallbackHandler The token callback class. TODO Why ?
+ * @return Secret as a byte array
+ * @throws WSSecurityException If an error occurred while validating the signature.
+ */
+ public abstract byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler)
+ throws WSSecurityException;
+
+ /**
+ * Gets the assertion element as an Axiom OMElement.
+ * @return OMElement representation of assertion.
+ * @throws TrustException if an error occurred while converting Assertion to an OMElement.
+ */
+ public abstract OMElement getAssertionElement() throws TrustException;
+}
Added: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandlerFactory.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandlerFactory.java?rev=1235132&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandlerFactory.java (added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandlerFactory.java Tue Jan 24 04:39:03 2012
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.saml;
+
+/**
+ * Creates SAML assertion handlers based on assertion type.
+ */
+public class SAMLAssertionHandlerFactory {
+
+ public static SAMLAssertionHandler createAssertionHandler(Object samlAssertion) {
+
+ if (samlAssertion instanceof org.opensaml.saml2.core.Assertion) {
+ SAMLAssertionHandler saml2AssertionHandler
+ = new SAML2AssertionHandler((org.opensaml.saml2.core.Assertion) samlAssertion);
+
+ return saml2AssertionHandler;
+ } else {
+ SAML1AssertionHandler saml1AssertionHandler
+ = new SAML1AssertionHandler((org.opensaml.saml1.core.Assertion) samlAssertion);
+ return saml1AssertionHandler;
+ }
+ }
+}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java Tue Jan 24 04:39:03 2012
@@ -7,7 +7,6 @@ import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.neethi.Policy;
import org.apache.ws.secpolicy.SP11Constants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;/*
* Copyright 2004,2005 The Apache Software Foundation.
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java Tue Jan 24 04:39:03 2012
@@ -23,7 +23,6 @@ import org.apache.rampart.handler.config
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.neethi.Policy;
import org.apache.ws.secpolicy.SP11Constants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
public class RahasSAML2TokenTest extends TestClient{
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java Tue Jan 24 04:39:03 2012
@@ -9,8 +9,6 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
public class RahasSAMLTokenAttributeTest extends TestClient{
@@ -67,7 +65,7 @@ public class RahasSAMLTokenAttributeTest
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java Tue Jan 24 04:39:03 2012
@@ -19,13 +19,10 @@ package org.apache.rahas;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
-import org.apache.rahas.PWCallback;
import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -94,7 +91,7 @@ public class RahasSAMLTokenCertForHoKTes
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
@@ -135,5 +132,4 @@ public class RahasSAMLTokenCertForHoKTes
return RahasConstants.VERSION_05_02;
}
-
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java Tue Jan 24 04:39:03 2012
@@ -24,9 +24,7 @@ import org.apache.rampart.handler.WSSHan
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
import org.apache.xml.security.encryption.XMLCipher;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -114,7 +112,7 @@ public class RahasSAMLTokenCertForHoKV12
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java Tue Jan 24 04:39:03 2012
@@ -19,13 +19,10 @@ package org.apache.rahas;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
-import org.apache.rahas.PWCallback;
import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -88,7 +85,7 @@ public class RahasSAMLTokenTest extends
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java Tue Jan 24 04:39:03 2012
@@ -24,7 +24,6 @@ import org.apache.rampart.handler.config
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
import org.opensaml.Configuration;
-import org.opensaml.XML;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.ConfirmationMethod;
@@ -100,7 +99,7 @@ public class RahasSAMLTokenUTForBearerTe
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertion", elem);
Assertion assertion = getAssertionObjectFromOMElement(elem);
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java Tue Jan 24 04:39:03 2012
@@ -23,8 +23,6 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -90,7 +88,7 @@ public class RahasSAMLTokenUTForBearerV1
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java Tue Jan 24 04:39:03 2012
@@ -23,8 +23,6 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -83,7 +81,7 @@ public class RahasSAMLTokenUTForHoKTest
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java Tue Jan 24 04:39:03 2012
@@ -26,10 +26,8 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.opensaml.XML;
public class RahasSAMLTokenUTForHoKV1205Test extends TestClient {
@@ -105,7 +103,7 @@ public class RahasSAMLTokenUTForHoKV1205
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
//Uncomment for inteorp - START
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java Tue Jan 24 04:39:03 2012
@@ -20,12 +20,9 @@ import org.apache.axiom.om.OMAbstractFac
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.neethi.Policy;
-import org.apache.rahas.PWCallback;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -92,7 +89,7 @@ public class RahasSAMLTokenV1205Test ext
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java Tue Jan 24 04:39:03 2012
@@ -1,30 +1,32 @@
package org.apache.rahas;
-import java.util.Arrays;
-
-import org.apache.rahas.impl.util.SAMLAttributeCallback;
-import org.apache.rahas.impl.util.SAMLCallback;
-import org.apache.rahas.impl.util.SAMLCallbackHandler;
-import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
-import org.opensaml.SAMLAttribute;
-import org.opensaml.SAMLException;
-import org.opensaml.SAMLNameIdentifier;
+import org.apache.rahas.impl.util.*;
+import org.opensaml.common.SAMLException;
+import org.opensaml.saml1.core.Attribute;
+import org.opensaml.saml1.core.NameIdentifier;
public class SAMLDataProvider implements SAMLCallbackHandler{
- public void handle(SAMLCallback callback) throws SAMLException{
+ public void handle(SAMLCallback callback) throws SAMLException {
if(callback.getCallbackType() == SAMLCallback.ATTR_CALLBACK){
SAMLAttributeCallback cb = (SAMLAttributeCallback)callback;
- SAMLAttribute attribute = new SAMLAttribute("Name",
- "https://rahas.apache.org/saml/attrns", null, -1, Arrays
- .asList(new String[] { "Custom/Rahas" }));
- cb.addAttributes(attribute);
+
+ try {
+ Attribute attribute = SAMLUtils.createAttribute("Name", "https://rahas.apache.org/saml/attrns", "Custom/Rahas");
+ cb.addAttributes(attribute);
+ } catch (TrustException e) {
+ throw new SAMLException("Error creating attribute", e);
+ }
+
}else if(callback.getCallbackType() == SAMLCallback.NAME_IDENTIFIER_CALLBACK){
SAMLNameIdentifierCallback cb = (SAMLNameIdentifierCallback)callback;
- SAMLNameIdentifier nameId = new SAMLNameIdentifier(
- "David", null, SAMLNameIdentifier.FORMAT_EMAIL);
- cb.setNameId(nameId);
+ try {
+ NameIdentifier nameId = SAMLUtils.createNamedIdentifier("David", NameIdentifier.EMAIL);
+ cb.setNameId(nameId);
+ } catch (TrustException e) {
+ throw new SAMLException("Error creating name identifier", e);
+ }
}
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/pom.xml?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-trust/pom.xml (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-trust/pom.xml Tue Jan 24 04:39:03 2012
@@ -44,6 +44,12 @@
</excludes>
</resource>
</resources>
+ <testResources>
+ <testResource>
+ <directory>${project.basedir}/src/test/resources</directory>
+ </testResource>
+ </testResources>
+
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
@@ -53,6 +59,14 @@
<target>1.5</target>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <!--configuration>
+ <includes>
+ <include>**/*Test.java</include>
+ </includes>
+ </configuration-->
+ </plugin>
</plugins>
</build>
Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java Tue Jan 24 04:39:03 2012
@@ -26,18 +26,19 @@ import org.apache.axis2.modules.Module;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
import org.apache.rahas.impl.util.AxiomParserPool;
+import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
-import org.opensaml.XML;
import org.opensaml.xml.ConfigurationException;
public class Rahas implements Module {
+
public void init(ConfigurationContext configContext, AxisModule module)
throws AxisFault {
// Set up OpenSAML to use a DOM aware Axiom implementation
- XML.parserPool = new AxiomParserPool();
-
+ // Axiom Parser pool is also set within the RampartSAMLBootstrap class.
+
try {
- DefaultBootstrap.bootstrap();
+ RampartSAMLBootstrap.bootstrap();
} catch (ConfigurationException ex) {
throw new AxisFault("Failed to bootstrap OpenSAML", ex);
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java Tue Jan 24 04:39:03 2012
@@ -141,4 +141,6 @@ public class RahasConstants {
public static final String SAML20_SUBJECT_CONFIRMATION_HOK = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
public static final String SAML20_SUBJECT_CONFIRMATION_BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
+
+ public static final String SAML_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java Tue Jan 24 04:39:03 2012
@@ -28,7 +28,7 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.SecurityTokenReference;
-import org.opensaml.SAMLAssertion;
+import org.opensaml.saml1.core.Assertion;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
@@ -84,7 +84,7 @@ public class RahasData {
private String claimDialect;
- private SAMLAssertion assertion;
+ private Assertion assertion;
/**
* Create a new RahasData instance and populate it with the information from
* the request.
@@ -182,7 +182,7 @@ public class RahasData {
this.clientCert = certificates[0];
this.principal = this.clientCert.getSubjectDN();
} else if (act == WSConstants.ST_UNSIGNED) {
- this.assertion = (SAMLAssertion) wser
+ this.assertion = (Assertion) wser
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
}
Added: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RampartSAMLBootstrap.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RampartSAMLBootstrap.java?rev=1235132&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RampartSAMLBootstrap.java (added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RampartSAMLBootstrap.java Tue Jan 24 04:39:03 2012
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.rahas.impl.util.AxiomParserPool;
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.parse.XMLParserException;
+
+/**
+ * Rampart specific SAML bootstrap class. Here we set parser pool to
+ * axiom specific one.
+ */
+public class RampartSAMLBootstrap extends DefaultBootstrap {
+
+ /** List of default XMLTooling configuration files. */
+ private static String[] xmlToolingConfigs = {
+ "/default-config.xml",
+ "/schema-config.xml",
+ "/signature-config.xml",
+ "/signature-validation-config.xml",
+ "/encryption-config.xml",
+ "/encryption-validation-config.xml",
+ "/soap11-config.xml",
+ "/wsfed11-protocol-config.xml",
+ "/saml1-assertion-config.xml",
+ "/saml1-protocol-config.xml",
+ "/saml1-core-validation-config.xml",
+ "/saml2-assertion-config.xml",
+ "/saml2-protocol-config.xml",
+ "/saml2-core-validation-config.xml",
+ "/saml1-metadata-config.xml",
+ "/saml2-metadata-config.xml",
+ "/saml2-metadata-validation-config.xml",
+ "/saml2-metadata-attr-config.xml",
+ "/saml2-metadata-idp-discovery-config.xml",
+ "/saml2-metadata-ui-config.xml",
+ "/saml2-protocol-thirdparty-config.xml",
+ "/saml2-metadata-query-config.xml",
+ "/saml2-assertion-delegation-restriction-config.xml",
+ "/saml2-ecp-config.xml",
+ "/xacml10-saml2-profile-config.xml",
+ "/xacml11-saml2-profile-config.xml",
+ "/xacml20-context-config.xml",
+ "/xacml20-policy-config.xml",
+ "/xacml2-saml2-profile-config.xml",
+ "/xacml3-saml2-profile-config.xml",
+ "/wsaddressing-config.xml",
+ "/wssecurity-config.xml",
+ };
+
+ protected RampartSAMLBootstrap() {
+ super();
+ }
+
+ public static synchronized void bootstrap() throws ConfigurationException {
+ initializeXMLSecurity();
+
+ initializeVelocity();
+
+ initializeXMLTooling(xmlToolingConfigs);
+
+ initializeArtifactBuilderFactories();
+
+ initializeGlobalSecurityConfiguration();
+
+ initializeParserPool();
+
+ initializeESAPI();
+ }
+
+ protected static void initializeParserPool() throws ConfigurationException {
+
+ AxiomParserPool pp = new AxiomParserPool();
+ pp.setMaxPoolSize(50);
+ try {
+ pp.initialize();
+ } catch (XMLParserException e) {
+ throw new ConfigurationException("Error initializing axiom based parser pool", e);
+ }
+ Configuration.setParserPool(pp);
+
+ }
+}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java Tue Jan 24 04:39:03 2012
@@ -20,7 +20,6 @@ import java.security.SecureRandom;
import java.text.DateFormat;
import java.util.Date;
import java.util.Iterator;
-import java.util.List;
import java.util.Properties;
import javax.xml.namespace.QName;
@@ -40,10 +39,6 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.XmlSchemaDateFormat;
-import org.opensaml.SAMLAssertion;
-import org.opensaml.SAMLSubjectStatement;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.SubjectConfirmation;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -618,38 +613,4 @@ public class TrustUtil {
.getAttributeValue().trim());
return properties;
}
-
- /**
- * Get subject confirmation method of the given SAML 1.1 Assertion
- * @param assertion SAML 1.1 Assertion
- * @return subject confirmation method
- */
- public static String getSAML11SubjectConfirmationMethod(SAMLAssertion assertion){
- String subjectConfirmationMethod = RahasConstants.SAML11_SUBJECT_CONFIRMATION_HOK;
- // iterate the statements and get the subject confirmation method.
- Iterator statements = assertion.getStatements();
- if(statements.hasNext()){
- SAMLSubjectStatement stmt = (SAMLSubjectStatement)statements.next();
- Iterator subjectConfirmations = stmt.getSubject().getConfirmationMethods();
- if(subjectConfirmations.hasNext()){
- subjectConfirmationMethod = (String)subjectConfirmations.next();
- }
- }
- return subjectConfirmationMethod;
- }
-
- /**
- * Get the subject confirmation method of a SAML 2.0 assertion
- * @param assertion SAML 2.0 assertion
- * @return Subject Confirmation method
- */
- public static String getSAML2SubjectConfirmationMethod(Assertion assertion){
- String subjectConfirmationMethod = RahasConstants.SAML20_SUBJECT_CONFIRMATION_HOK;
- List<SubjectConfirmation> subjectConfirmations = assertion.getSubject().getSubjectConfirmations();
- if(subjectConfirmations.size() > 0){
- subjectConfirmationMethod = subjectConfirmations.get(0).getMethod();
- }
- return subjectConfirmationMethod;
- }
-
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties Tue Jan 24 04:39:03 2012
@@ -88,4 +88,13 @@ errorInCancelingToken = Error occurred w
errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
lifeTimeElemMissing = Lifetime element is missing in the RSTR
-lifeTimeElemMissing = Lifetime element is missing in the RSTR
\ No newline at end of file
+unableToRetrieveCallbackHandler= Unable to retrieve callback handler
+
+#SAMLUtils errors
+builderNotFound = Unable to find OpenSAML builder for object : \"{0}\"
+issuerCertificateNotFound = Unable to get issuer certificate for issuer alias : \"{0}\"
+issuerPrivateKeyNotFound = Unable to get issuer certificate for issuer alias : \"{0}\"
+errorMarshallingAssertion = Error while marshalling assertion
+errorSigningAssertion = Error signing SAML Assertion. An error occurred while signing SAML Assertion with alias : \"{0}\"
+sha1NotFound = Unable to find SHA-1 algorithm implementation
+certificateEncodingError = Error encoding certificate
\ No newline at end of file
Modified: axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java?rev=1235132&r1=1235131&r2=1235132&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java Tue Jan 24 04:39:03 2012
@@ -43,7 +43,7 @@ import org.apache.xml.security.utils.Enc
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
-import org.opensaml.SAMLException;
+import org.opensaml.common.SAMLException;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml1.core.NameIdentifier;