ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1172285 [22/48] - in /webservices/wss4j/branches/swssf: ./ cxf-integration/ cxf-integration/src/ cxf-integration/src/main/ cxf-integration/src/main/java/ cxf-integration/src/main/java/org/ cxf-integration/src/main/java/org/swssf/ cxf-integ...
Date Sun, 18 Sep 2011 13:51:36 GMT
Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLAssertionWrapper.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLAssertionWrapper.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLAssertionWrapper.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,859 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.impl.saml;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml1.core.*;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.AuthzDecisionStatement;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.validation.ValidationException;
+import org.swssf.crypto.Crypto;
+import org.swssf.ext.*;
+import org.swssf.impl.saml.builder.SAML1ComponentBuilder;
+import org.swssf.impl.saml.builder.SAML2ComponentBuilder;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
+import javax.xml.namespace.QName;
+import java.math.BigInteger;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SAMLAssertionWrapper {
+
+    protected static final transient Log logger = LogFactory.getLog(SAMLAssertionWrapper.class);
+
+    /**
+     * Raw SAML assertion data
+     */
+    private XMLObject xmlObject = null;
+    /**
+     * Typed SAML v1.1 assertion
+     */
+    private org.opensaml.saml1.core.Assertion saml1 = null;
+
+    /**
+     * Typed SAML v2.0 assertion
+     */
+    private org.opensaml.saml2.core.Assertion saml2 = null;
+
+    public SAMLAssertionWrapper(Element element) throws WSSecurityException {
+        OpenSAMLUtil.initSamlEngine();
+        this.xmlObject = OpenSAMLUtil.fromDom(element);
+        if (xmlObject instanceof org.opensaml.saml2.core.Assertion) {
+            this.saml2 = (org.opensaml.saml2.core.Assertion) xmlObject;
+        } else if (xmlObject instanceof org.opensaml.saml1.core.Assertion) {
+            this.saml1 = (org.opensaml.saml1.core.Assertion) xmlObject;
+        }
+    }
+
+    public SAMLAssertionWrapper(SAMLCallback samlCallback) throws WSSecurityException {
+        OpenSAMLUtil.initSamlEngine();
+
+        SAMLVersion samlVersion = samlCallback.getSamlVersion();
+        String issuer = samlCallback.getIssuer();
+
+        if (samlVersion.equals(SAMLVersion.VERSION_11)) {
+            // Build a SAML v1.1 assertion
+            saml1 = SAML1ComponentBuilder.createSamlv1Assertion(issuer);
+
+            try {
+                // Process the SAML authentication statement(s)
+                List<AuthenticationStatement> authenticationStatements =
+                        SAML1ComponentBuilder.createSamlv1AuthenticationStatement(
+                                samlCallback.getAuthenticationStatementData()
+                        );
+                saml1.getAuthenticationStatements().addAll(authenticationStatements);
+
+                // Process the SAML attribute statement(s)
+                List<AttributeStatement> attributeStatements =
+                        SAML1ComponentBuilder.createSamlv1AttributeStatement(
+                                samlCallback.getAttributeStatementData()
+                        );
+                saml1.getAttributeStatements().addAll(attributeStatements);
+
+                // Process the SAML authorization decision statement(s)
+                List<AuthorizationDecisionStatement> authDecisionStatements =
+                        SAML1ComponentBuilder.createSamlv1AuthorizationDecisionStatement(
+                                samlCallback.getAuthDecisionStatementData()
+                        );
+                saml1.getAuthorizationDecisionStatements().addAll(authDecisionStatements);
+
+                // Build the complete assertion
+                org.opensaml.saml1.core.Conditions conditions =
+                        SAML1ComponentBuilder.createSamlv1Conditions(samlCallback.getConditions());
+                saml1.setConditions(conditions);
+            } catch (org.opensaml.xml.security.SecurityException ex) {
+                throw new WSSecurityException(
+                        "Error generating KeyInfo from signing credential", ex
+                );
+            }
+
+            // Set the OpenSaml2 XMLObject instance
+            xmlObject = saml1;
+
+        } else if (samlVersion.equals(SAMLVersion.VERSION_20)) {
+            // Build a SAML v2.0 assertion
+            saml2 = SAML2ComponentBuilder.createAssertion();
+            Issuer samlIssuer = SAML2ComponentBuilder.createIssuer(issuer);
+
+            // Authn Statement(s)
+            List<AuthnStatement> authnStatements =
+                    SAML2ComponentBuilder.createAuthnStatement(
+                            samlCallback.getAuthenticationStatementData()
+                    );
+            saml2.getAuthnStatements().addAll(authnStatements);
+
+            // Attribute statement(s)
+            List<org.opensaml.saml2.core.AttributeStatement> attributeStatements =
+                    SAML2ComponentBuilder.createAttributeStatement(
+                            samlCallback.getAttributeStatementData()
+                    );
+            saml2.getAttributeStatements().addAll(attributeStatements);
+
+            // AuthzDecisionStatement(s)
+            List<AuthzDecisionStatement> authDecisionStatements =
+                    SAML2ComponentBuilder.createAuthorizationDecisionStatement(
+                            samlCallback.getAuthDecisionStatementData()
+                    );
+            saml2.getAuthzDecisionStatements().addAll(authDecisionStatements);
+
+            // Build the SAML v2.0 assertion
+            saml2.setIssuer(samlIssuer);
+
+            try {
+                org.opensaml.saml2.core.Subject subject =
+                        SAML2ComponentBuilder.createSaml2Subject(samlCallback.getSubject());
+                saml2.setSubject(subject);
+            } catch (org.opensaml.xml.security.SecurityException ex) {
+                throw new WSSecurityException(
+                        "Error generating KeyInfo from signing credential", ex
+                );
+            }
+
+            org.opensaml.saml2.core.Conditions conditions =
+                    SAML2ComponentBuilder.createConditions(samlCallback.getConditions());
+            saml2.setConditions(conditions);
+
+            // Set the OpenSaml2 XMLObject instance
+            xmlObject = saml2;
+        }
+
+        if (samlCallback.isSignAssertion()) {
+            signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue());
+        }
+    }
+
+    public SAMLVersion getSAMLVersion() {
+        if (saml1 != null) {
+            return SAMLVersion.VERSION_11;
+        }
+        return SAMLVersion.VERSION_20;
+    }
+
+    public Element toDOM(Document doc) throws WSSecurityException {
+        return OpenSAMLUtil.toDom(xmlObject, doc);
+    }
+
+    /**
+     * Method getId returns the id of this AssertionWrapper object.
+     *
+     * @return the id (type String) of this AssertionWrapper object.
+     */
+    public String getId() {
+        String id = null;
+        if (saml2 != null) {
+            id = saml2.getID();
+        } else {
+            id = saml1.getID();
+        }
+        return id;
+    }
+
+    public boolean isSigned() {
+        if (saml2 != null) {
+            return saml2.isSigned() || saml2.getSignature() != null;
+        } else {
+            return saml1.isSigned() || saml1.getSignature() != null;
+        }
+    }
+
+    /**
+     * Method getIssuerString returns the issuerString of this AssertionWrapper object.
+     *
+     * @return the issuerString (type String) of this AssertionWrapper object.
+     */
+    public String getIssuerString() {
+        if (saml2 != null && saml2.getIssuer() != null) {
+            return saml2.getIssuer().getValue();
+        } else if (saml1 != null) {
+            return saml1.getIssuer();
+        }
+        logger.error(
+                "AssertionWrapper: unable to return Issuer string - no saml assertion "
+                        + "object or issuer is null"
+        );
+        return null;
+    }
+
+    public void signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue) throws WSSecurityException {
+        //
+        // Create the signature
+        //
+        Signature signature = OpenSAMLUtil.buildSignature();
+        signature.setCanonicalizationAlgorithm(
+                SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
+        );
+
+        // prepare to sign the SAML token
+        X509Certificate[] issuerCerts = issuerCrypto.getCertificates(issuerKeyName);
+        if (issuerCerts == null) {
+            throw new WSSecurityException(
+                    "No issuer certs were found to sign the SAML Assertion using issuer name: "
+                            + issuerKeyName
+            );
+        }
+
+        String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
+        String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+        if (logger.isDebugEnabled()) {
+            logger.debug("automatic sig algo detection: " + pubKeyAlgo);
+        }
+        if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+            sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
+        }
+        PrivateKey privateKey = null;
+        try {
+            privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
+        } catch (Exception ex) {
+            throw new WSSecurityException(ex.getMessage(), ex);
+        }
+
+        signature.setSignatureAlgorithm(sigAlgo);
+
+        BasicX509Credential signingCredential = new BasicX509Credential();
+        signingCredential.setEntityCertificate(issuerCerts[0]);
+        signingCredential.setPrivateKey(privateKey);
+
+        signature.setSigningCredential(signingCredential);
+
+        X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
+        if (sendKeyValue) {
+            kiFactory.setEmitPublicKeyValue(true);
+        } else {
+            kiFactory.setEmitEntityCertificate(true);
+        }
+        try {
+            KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
+            signature.setKeyInfo(keyInfo);
+        } catch (org.opensaml.xml.security.SecurityException ex) {
+            throw new WSSecurityException(
+                    "Error generating KeyInfo from signing credential", ex
+            );
+        }
+
+        // add the signature to the assertion
+        if (xmlObject instanceof SignableSAMLObject) {
+            SignableSAMLObject signableObject = (SignableSAMLObject) xmlObject;
+            signableObject.setSignature(signature);
+            signableObject.releaseDOM();
+            signableObject.releaseChildrenDOM(true);
+        } else {
+            logger.error("Attempt to sign an unsignable object " + xmlObject.getClass().getName());
+        }
+    }
+
+    /**
+     * Verify the signature of this assertion
+     *
+     * @throws ValidationException
+     */
+    public SAMLKeyInfo verifySignature(SecurityProperties securityProperties) throws WSSecurityException {
+        Signature sig = null;
+        if (saml2 != null && saml2.getSignature() != null) {
+            sig = saml2.getSignature();
+        } else if (saml1 != null && saml1.getSignature() != null) {
+            sig = saml1.getSignature();
+        }
+
+        KeyInfo keyInfo = sig.getKeyInfo();
+        SAMLKeyInfo samlKeyInfo = getCredentialFromKeyInfo(keyInfo.getDOM(), securityProperties);
+
+        if (samlKeyInfo == null) {
+            throw new WSSecurityException(
+                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
+                    "cannot get certificate or key"
+            );
+        }
+
+        SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
+        try {
+            validator.validate(sig);
+        } catch (ValidationException ex) {
+            throw new WSSecurityException("SAML signature validation failed", ex);
+        }
+
+        BasicX509Credential credential = new BasicX509Credential();
+        if (samlKeyInfo.getCerts() != null) {
+            credential.setEntityCertificate(samlKeyInfo.getCerts()[0]);
+        } else if (samlKeyInfo.getPublicKey() != null) {
+            credential.setPublicKey(samlKeyInfo.getPublicKey());
+        } else {
+            throw new WSSecurityException(
+                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
+                    "cannot get certificate or key"
+            );
+        }
+        SignatureValidator sigValidator = new SignatureValidator(credential);
+        try {
+            sigValidator.validate(sig);
+        } catch (ValidationException ex) {
+            throw new WSSecurityException("SAML signature validation failed", ex);
+        }
+        return samlKeyInfo;
+    }
+
+    /**
+     * This method returns a SAMLKeyInfo corresponding to the credential found in the
+     * KeyInfo (DOM Element) argument.
+     *
+     * @param keyInfoElement The KeyInfo as a DOM Element
+     * @return The credential (as a SAMLKeyInfo object)
+     * @throws WSSecurityException
+     */
+    private SAMLKeyInfo getCredentialFromKeyInfo(Element keyInfoElement, SecurityProperties securityProperties) throws WSSecurityException {
+        // First try to find an EncryptedKey or a BinarySecret via DOM
+        Node node = keyInfoElement.getFirstChild();
+        while (node != null) {
+            if (Node.ELEMENT_NODE == node.getNodeType()) {
+                QName el = new QName(node.getNamespaceURI(), node.getLocalName());
+                if (el.equals(Constants.TAG_xenc_EncryptedKey)) {
+                    //todo:
+                    /*
+                    EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
+                    List<WSSecurityEngineResult> result =
+                            proc.handleToken((Element) node, data, docInfo);
+                    byte[] secret =
+                            (byte[]) result.get(0).get(
+                                    WSSecurityEngineResult.TAG_SECRET
+                            );
+                    return new SAMLKeyInfo(secret);
+                    */
+                    return null;
+                } else if (el.equals(Constants.TAG_wst_BinarySecret)) {
+                    Text txt = (Text) node.getFirstChild();
+                    return new SAMLKeyInfo(Base64.decodeBase64(txt.getData()));
+                }
+            }
+            node = node.getNextSibling();
+        }
+
+        // Next marshal the KeyInfo DOM element into a javax KeyInfo object and get the
+        // (public key) credential
+        X509Certificate[] certs = null;
+        KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM");
+        XMLStructure keyInfoStructure = new DOMStructure(keyInfoElement);
+
+        try {
+            javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo =
+                    keyInfoFactory.unmarshalKeyInfo(keyInfoStructure);
+            List<?> list = keyInfo.getContent();
+
+            for (int i = 0; i < list.size(); i++) {
+                XMLStructure xmlStructure = (XMLStructure) list.get(i);
+                if (xmlStructure instanceof KeyValue) {
+                    PublicKey publicKey = ((KeyValue) xmlStructure).getPublicKey();
+                    return new SAMLKeyInfo(publicKey);
+                } else if (xmlStructure instanceof X509Data) {
+                    List<?> x509Data = ((X509Data) xmlStructure).getContent();
+                    for (int j = 0; j < x509Data.size(); j++) {
+                        Object x509obj = x509Data.get(j);
+                        if (x509obj instanceof X509Certificate) {
+                            certs = new X509Certificate[1];
+                            certs[0] = (X509Certificate) x509obj;
+                            return new SAMLKeyInfo(certs);
+                        } else if (x509obj instanceof X509IssuerSerial) {
+                            if (securityProperties.getSignatureVerificationCrypto() == null) {
+                                throw new WSSecurityException(
+                                        WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile"
+                                );
+                            }
+                            certs = securityProperties.getSignatureVerificationCrypto().getCertificates(((X509IssuerSerial) x509obj).getIssuerName(), ((X509IssuerSerial) x509obj).getSerialNumber());
+                            if (certs == null || certs.length < 1) {
+                                throw new WSSecurityException(
+                                        WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
+                                        "cannot get certificate or key"
+                                );
+                            }
+                            return new SAMLKeyInfo(certs);
+                        }
+                    }
+                }
+            }
+        } catch (Exception ex) {
+            throw new WSSecurityException(
+                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
+                    ex, "cannot get certificate or key"
+            );
+        }
+        return null;
+    }
+
+    /**
+     * This method parses the KeyInfo of the Subject for the holder-of-key confirmation
+     * method, as required by the SAML Token spec. It then stores the SAMLKeyInfo object that
+     * has been obtained for future processing by the SignatureProcessor.
+     *
+     * @throws WSSecurityException
+     */
+    public SAMLKeyInfo parseHOKSubject(SecurityProperties securityProperties) throws WSSecurityException {
+        String confirmMethod = null;
+        List<String> methods = getConfirmationMethods();
+        if (methods != null && methods.size() > 0) {
+            confirmMethod = methods.get(0);
+        }
+        SAMLKeyInfo samlKeyInfo = null;
+        if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) {
+
+            if (saml2 != null) {
+                samlKeyInfo = getCredentialFromSubject(saml2, securityProperties);
+            } else if (saml1 != null) {
+                samlKeyInfo = getCredentialFromSubject(saml1, securityProperties);
+            }
+
+            if (samlKeyInfo == null) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKeyInSAMLToken");
+            }
+            // The assertion must have been signed for HOK
+            if (!isSigned()) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+            }
+        }
+        return samlKeyInfo;
+    }
+
+    /**
+     * Verify trust in the signature of a signed Assertion. This method is separate so that
+     * the user can override if if they want.
+     *
+     * @return A Credential instance
+     * @throws WSSecurityException
+     */
+    public void verifySignedAssertion(SAMLKeyInfo samlKeyInfo, SecurityProperties securityProperties) throws WSSecurityException {
+        validate(samlKeyInfo.getCerts(), samlKeyInfo.getPublicKey(), securityProperties);
+    }
+
+    /**
+     * Validate the credential argument. It must contain a non-null X509Certificate chain
+     * or a PublicKey. A Crypto implementation is also required to be set.
+     * <p/>
+     * This implementation first attempts to verify trust on the certificate (chain). If
+     * this is not successful, then it will attempt to verify trust on the Public Key.
+     *
+     * @throws WSSecurityException on a failed validation
+     */
+    protected void validate(X509Certificate[] certs, PublicKey publicKey, SecurityProperties securityProperties) throws WSSecurityException {
+        Crypto crypto = securityProperties.getSignatureVerificationCrypto();
+        if (crypto == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
+        }
+
+        if (certs != null && certs.length > 0) {
+            validateCertificates(certs);
+            boolean trust = false;
+            if (certs.length == 1) {
+                trust = verifyTrustInCert(certs[0], crypto);
+            } else {
+                trust = verifyTrustInCerts(certs, crypto);
+            }
+            if (trust) {
+                return;
+            }
+        }
+        if (publicKey != null) {
+            boolean trust = validatePublicKey(publicKey, crypto);
+            if (trust) {
+                return;
+            }
+        }
+        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+    }
+
+    /**
+     * Validate the certificates by checking the validity of each cert
+     *
+     * @throws WSSecurityException
+     */
+    protected void validateCertificates(X509Certificate[] certificates)
+            throws WSSecurityException {
+        try {
+            for (int i = 0; i < certificates.length; i++) {
+                certificates[i].checkValidity();
+            }
+        } catch (CertificateExpiredException e) {
+            throw new WSSecurityException(
+                    WSSecurityException.ErrorCode.FAILED_CHECK, "invalidCert", e
+            );
+        } catch (CertificateNotYetValidException e) {
+            throw new WSSecurityException(
+                    WSSecurityException.ErrorCode.FAILED_CHECK, "invalidCert", e
+            );
+        }
+    }
+
+    /**
+     * Method getConfirmationMethods returns the confirmationMethods of this
+     * AssertionWrapper object.
+     *
+     * @return the confirmationMethods of this AssertionWrapper object.
+     */
+    public List<String> getConfirmationMethods() {
+        List<String> methods = new ArrayList<String>();
+        if (saml2 != null) {
+            org.opensaml.saml2.core.Subject subject = saml2.getSubject();
+            List<org.opensaml.saml2.core.SubjectConfirmation> confirmations =
+                    subject.getSubjectConfirmations();
+            for (org.opensaml.saml2.core.SubjectConfirmation confirmation : confirmations) {
+                methods.add(confirmation.getMethod());
+            }
+        } else if (saml1 != null) {
+            List<SubjectStatement> subjectStatements = new ArrayList<SubjectStatement>();
+            subjectStatements.addAll(saml1.getSubjectStatements());
+            subjectStatements.addAll(saml1.getAuthenticationStatements());
+            subjectStatements.addAll(saml1.getAttributeStatements());
+            subjectStatements.addAll(saml1.getAuthorizationDecisionStatements());
+            for (SubjectStatement subjectStatement : subjectStatements) {
+                Subject subject = subjectStatement.getSubject();
+                if (subject != null) {
+                    SubjectConfirmation confirmation = subject.getSubjectConfirmation();
+                    if (confirmation != null) {
+                        XMLObject data = confirmation.getSubjectConfirmationData();
+                        if (data instanceof ConfirmationMethod) {
+                            ConfirmationMethod method = (ConfirmationMethod) data;
+                            methods.add(method.getConfirmationMethod());
+                        }
+                        List<ConfirmationMethod> confirmationMethods =
+                                confirmation.getConfirmationMethods();
+                        for (ConfirmationMethod confirmationMethod : confirmationMethods) {
+                            methods.add(confirmationMethod.getConfirmationMethod());
+                        }
+                    }
+                }
+            }
+        }
+        return methods;
+    }
+
+    /**
+     * Parse a SAML Assertion to obtain a SAMLKeyInfo object from
+     * the Subject of the assertion
+     *
+     * @return a SAMLKeyInfo object
+     * @throws WSSecurityException
+     */
+    public SAMLKeyInfo getCredentialFromSubject(SecurityProperties securityProperties) throws WSSecurityException {
+        if (this.saml2 != null) {
+            return getCredentialFromSubject(this.saml2, securityProperties);
+        } else {
+            return getCredentialFromSubject(this.saml1, securityProperties);
+        }
+    }
+
+    /**
+     * Get the SAMLKeyInfo object corresponding to the credential stored in the Subject of a
+     * SAML 1.1 assertion
+     *
+     * @param assertion The SAML 1.1 assertion
+     * @return The SAMLKeyInfo object obtained from the Subject
+     * @throws WSSecurityException
+     */
+    public SAMLKeyInfo getCredentialFromSubject(org.opensaml.saml1.core.Assertion assertion, SecurityProperties securityProperties) throws WSSecurityException {
+        // First try to get the credential from a CallbackHandler
+        WSPasswordCallback passwordCallback = new WSPasswordCallback(assertion.getID(), WSPasswordCallback.Usage.SECRET_KEY);
+        Utils.doSecretKeyCallback(securityProperties.getCallbackHandler(), passwordCallback, assertion.getID());
+        final byte[] key = passwordCallback.getKey();
+        if (key != null && key.length > 0) {
+            return new SAMLKeyInfo(key);
+        }
+
+        for (org.opensaml.saml1.core.Statement stmt : assertion.getStatements()) {
+            org.opensaml.saml1.core.Subject samlSubject = null;
+            if (stmt instanceof org.opensaml.saml1.core.AttributeStatement) {
+                org.opensaml.saml1.core.AttributeStatement attrStmt =
+                        (org.opensaml.saml1.core.AttributeStatement) stmt;
+                samlSubject = attrStmt.getSubject();
+            } else if (stmt instanceof org.opensaml.saml1.core.AuthenticationStatement) {
+                org.opensaml.saml1.core.AuthenticationStatement authStmt =
+                        (org.opensaml.saml1.core.AuthenticationStatement) stmt;
+                samlSubject = authStmt.getSubject();
+            } else {
+                org.opensaml.saml1.core.AuthorizationDecisionStatement authzStmt =
+                        (org.opensaml.saml1.core.AuthorizationDecisionStatement) stmt;
+                samlSubject = authzStmt.getSubject();
+            }
+
+            if (samlSubject == null) {
+                throw new WSSecurityException(
+                        WSSecurityException.ErrorCode.FAILURE, "invalidSAMLToken",
+                        "for Signature (no Subject)"
+                );
+            }
+
+            Element sub = samlSubject.getSubjectConfirmation().getDOM();
+            Element keyInfoElement =
+                    XMLUtils.getDirectChildElement(sub, Constants.TAG_dsig_KeyInfo.getLocalPart(), Constants.TAG_dsig_KeyInfo.getNamespaceURI());
+            if (keyInfoElement != null) {
+                return getCredentialFromKeyInfo(keyInfoElement, securityProperties);
+            }
+        }
+
+        return null;
+    }
+
+
+    /**
+     * Get the SAMLKeyInfo object corresponding to the credential stored in the Subject of a
+     * SAML 2 assertion
+     *
+     * @param assertion The SAML 2 assertion
+     * @return The SAMLKeyInfo object obtained from the Subject
+     * @throws WSSecurityException
+     */
+    public SAMLKeyInfo getCredentialFromSubject(org.opensaml.saml2.core.Assertion assertion, SecurityProperties securityProperties) throws WSSecurityException {
+        // First try to get the credential from a CallbackHandler
+        WSPasswordCallback passwordCallback = new WSPasswordCallback(assertion.getID(), WSPasswordCallback.Usage.SECRET_KEY);
+        Utils.doSecretKeyCallback(securityProperties.getCallbackHandler(), passwordCallback, assertion.getID());
+        final byte[] key = passwordCallback.getKey();
+        if (key != null && key.length > 0) {
+            return new SAMLKeyInfo(key);
+        }
+
+        org.opensaml.saml2.core.Subject samlSubject = assertion.getSubject();
+        if (samlSubject == null) {
+            throw new WSSecurityException(
+                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLToken",
+                    "for Signature (no Subject)"
+            );
+        }
+        List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfList =
+                samlSubject.getSubjectConfirmations();
+        for (org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation : subjectConfList) {
+            SubjectConfirmationData subjConfData =
+                    subjectConfirmation.getSubjectConfirmationData();
+            Element sub = subjConfData.getDOM();
+            Element keyInfoElement =
+                    XMLUtils.getDirectChildElement(sub, Constants.TAG_dsig_KeyInfo.getLocalPart(), Constants.TAG_dsig_KeyInfo.getNamespaceURI());
+            if (keyInfoElement != null) {
+                return getCredentialFromKeyInfo(keyInfoElement, securityProperties);
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Check to see if the certificate argument is in the keystore
+     *
+     * @param crypto The Crypto instance to use
+     * @param cert   The certificate to check
+     * @return true if cert is in the keystore
+     * @throws WSSecurityException
+     */
+    protected boolean isCertificateInKeyStore(Crypto crypto, X509Certificate cert) throws WSSecurityException {
+        String issuerString = cert.getIssuerX500Principal().getName();
+        BigInteger issuerSerial = cert.getSerialNumber();
+
+        X509Certificate[] foundCerts = crypto.getCertificates(issuerString, issuerSerial);
+
+        //
+        // If a certificate has been found, the certificates must be compared
+        // to ensure against phony DNs (compare encoded form including signature)
+        //
+        if (foundCerts != null && foundCerts[0] != null && foundCerts[0].equals(cert)) {
+            if (logger.isDebugEnabled()) {
+                logger.debug(
+                        "Direct trust for certificate with " + cert.getSubjectX500Principal().getName()
+                );
+            }
+            return true;
+        }
+        if (logger.isDebugEnabled()) {
+            logger.debug(
+                    "No certificate found for subject from issuer with " + issuerString
+                            + " (serial " + issuerSerial + ")"
+            );
+        }
+        return false;
+    }
+
+    /**
+     * Evaluate whether a given certificate should be trusted.
+     * <p/>
+     * Policy used in this implementation:
+     * 1. Search the keystore for the transmitted certificate
+     * 2. Search the keystore for a connection to the transmitted certificate
+     * (that is, search for certificate(s) of the issuer of the transmitted certificate
+     * 3. Verify the trust path for those certificates found because the search for the issuer
+     * might be fooled by a phony DN (String!)
+     *
+     * @param cert   the certificate that should be validated against the keystore
+     * @param crypto A crypto instance to use for trust validation
+     * @return true if the certificate is trusted, false if not
+     * @throws WSSecurityException
+     */
+    protected boolean verifyTrustInCert(X509Certificate cert, Crypto crypto)
+            throws WSSecurityException {
+        String subjectString = cert.getSubjectX500Principal().getName();
+        String issuerString = cert.getIssuerX500Principal().getName();
+        BigInteger issuerSerial = cert.getSerialNumber();
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("Transmitted certificate has subject " + subjectString);
+            logger.debug(
+                    "Transmitted certificate has issuer " + issuerString + " (serial "
+                            + issuerSerial + ")"
+            );
+        }
+
+        //
+        // FIRST step - Search the keystore for the transmitted certificate
+        //
+        if (isCertificateInKeyStore(crypto, cert)) {
+            return true;
+        }
+
+        //
+        // SECOND step - Search for the issuer cert (chain) of the transmitted certificate in the
+        // keystore or the truststore
+        //
+        X509Certificate[] foundCerts = crypto.getCertificates(issuerString);
+
+        // If the certs have not been found, the issuer is not in the keystore/truststore
+        // As a direct result, do not trust the transmitted certificate
+        if (foundCerts == null || foundCerts.length < 1) {
+            if (logger.isDebugEnabled()) {
+                logger.debug(
+                        "No certs found in keystore for issuer " + issuerString
+                                + " of certificate for " + subjectString
+                );
+            }
+            return false;
+        }
+
+        //
+        // THIRD step
+        // Check the certificate trust path for the issuer cert chain
+        //
+        if (logger.isDebugEnabled()) {
+            logger.debug(
+                    "Preparing to validate certificate path for issuer " + issuerString
+            );
+        }
+        //
+        // Form a certificate chain from the transmitted certificate
+        // and the certificate(s) of the issuer from the keystore/truststore
+        //
+        X509Certificate[] x509certs = new X509Certificate[foundCerts.length + 1];
+        x509certs[0] = cert;
+        System.arraycopy(foundCerts, 0, x509certs, 1, foundCerts.length);
+
+        //
+        // Use the validation method from the crypto to check whether the subjects'
+        // certificate was really signed by the issuer stated in the certificate
+        //
+        if (crypto.verifyTrust(x509certs)) {
+            if (logger.isDebugEnabled()) {
+                logger.debug(
+                        "Certificate path has been verified for certificate with subject "
+                                + subjectString
+                );
+            }
+            return true;
+        }
+
+        if (logger.isDebugEnabled()) {
+            logger.debug(
+                    "Certificate path could not be verified for certificate with subject "
+                            + subjectString
+            );
+        }
+        return false;
+    }
+
+    /**
+     * Evaluate whether the given certificate chain should be trusted.
+     *
+     * @param certificates the certificate chain that should be validated against the keystore
+     * @return true if the certificate chain is trusted, false if not
+     * @throws WSSecurityException
+     */
+    protected boolean verifyTrustInCerts(X509Certificate[] certificates, Crypto crypto)
+            throws WSSecurityException {
+        //
+        // Use the validation method from the crypto to check whether the subjects'
+        // certificate was really signed by the issuer stated in the certificate
+        //
+        if (certificates != null && certificates.length > 0
+                && crypto.verifyTrust(certificates)) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Validate a public key
+     *
+     * @throws WSSecurityException
+     */
+    protected boolean validatePublicKey(PublicKey publicKey, Crypto crypto)
+            throws WSSecurityException {
+        return crypto.verifyTrust(publicKey);
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLAssertionWrapper.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLCallback.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLCallback.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLCallback.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLCallback.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,272 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.impl.saml;
+
+import org.opensaml.common.SAMLVersion;
+import org.swssf.crypto.Crypto;
+import org.swssf.impl.saml.bean.*;
+
+import javax.security.auth.callback.Callback;
+import java.util.ArrayList;
+import java.util.List;
+
+
+/**
+ * Class SAMLCallback will be called by the <code>AssertionWrapper</code> during the creation
+ * of SAML statements (authentication, attribute, and authz decision).
+ * <p/>
+ * Created on May 18, 2009
+ */
+public class SAMLCallback implements Callback {
+
+    /**
+     * The SAML Version of the Assertion to create
+     */
+    private SAMLVersion samlVersion = SAMLVersion.VERSION_11;
+
+    private boolean signAssertion = true;
+
+    private String issuerKeyName;
+
+    private String issuerKeyPassword;
+
+    private Crypto issuerCrypto;
+
+    private boolean sendKeyValue;
+
+    /**
+     * SAML subject representation
+     */
+    private SubjectBean subject;
+
+    /**
+     * The issuer of the Assertion
+     */
+    private String issuer;
+
+    /**
+     * SAML Conditions representation
+     */
+    private ConditionsBean conditions;
+
+    /**
+     * A list of <code>AuthenticationStatementBean</code> values
+     */
+    private List<AuthenticationStatementBean> authenticationStatementData;
+
+    /**
+     * A list of <code>AttributeStatementBean</code> values
+     */
+    private List<AttributeStatementBean> attributeStatementData;
+
+    /**
+     * A list of <code>AuthDecisionStatementBean</code> values
+     */
+    private List<AuthDecisionStatementBean> authDecisionStatementData;
+
+    /**
+     * Constructor SAMLCallback creates a new SAMLCallback instance.
+     */
+    public SAMLCallback() {
+        authenticationStatementData = new ArrayList<AuthenticationStatementBean>();
+        attributeStatementData = new ArrayList<AttributeStatementBean>();
+        authDecisionStatementData = new ArrayList<AuthDecisionStatementBean>();
+    }
+
+    /**
+     * Method getAuthenticationStatementData returns the authenticationStatementData of this
+     * SAMLCallback object.
+     *
+     * @return the authenticationStatementData (type List<AuthenticationStatementBean>) of
+     *         this SAMLCallback object.
+     */
+    public List<AuthenticationStatementBean> getAuthenticationStatementData() {
+        return authenticationStatementData;
+    }
+
+    /**
+     * Method setAuthenticationStatementData sets the authenticationStatementData of this
+     * SAMLCallback object.
+     *
+     * @param authenticationStatementData the authenticationStatementData of this
+     *                                    SAMLCallback object.
+     */
+    public void setAuthenticationStatementData(
+            List<AuthenticationStatementBean> authenticationStatementData
+    ) {
+        this.authenticationStatementData = authenticationStatementData;
+    }
+
+    /**
+     * Method getAttributeStatementData returns the attributeStatementData of this
+     * SAMLCallback object.
+     *
+     * @return the attributeStatementData (type List<AttributeStatementBean>) of this
+     *         SAMLCallback object.
+     */
+    public List<AttributeStatementBean> getAttributeStatementData() {
+        return attributeStatementData;
+    }
+
+    /**
+     * Method setAttributeStatementData sets the attributeStatementData of this SAMLCallback object.
+     *
+     * @param attributeStatementData the attributeStatementData of this SAMLCallback object.
+     */
+    public void setAttributeStatementData(List<AttributeStatementBean> attributeStatementData) {
+        this.attributeStatementData = attributeStatementData;
+    }
+
+    /**
+     * Method getAuthDecisionStatementData returns the authDecisionStatementData of this
+     * SAMLCallback object.
+     *
+     * @return the authDecisionStatementData (type List<AuthDecisionStatementBean>) of this
+     *         SAMLCallback object.
+     */
+    public List<AuthDecisionStatementBean> getAuthDecisionStatementData() {
+        return authDecisionStatementData;
+    }
+
+    /**
+     * Method setAuthDecisionStatementData sets the authDecisionStatementData of this
+     * SAMLCallback object.
+     *
+     * @param authDecisionStatementData the authDecisionStatementData of this
+     *                                  SAMLCallback object.
+     */
+    public void setAuthDecisionStatementData(
+            List<AuthDecisionStatementBean> authDecisionStatementData
+    ) {
+        this.authDecisionStatementData = authDecisionStatementData;
+    }
+
+    public boolean isSignAssertion() {
+        return signAssertion;
+    }
+
+    public void setSignAssertion(boolean signAssertion) {
+        this.signAssertion = signAssertion;
+    }
+
+    public String getIssuerKeyName() {
+        return issuerKeyName;
+    }
+
+    public void setIssuerKeyName(String issuerKeyName) {
+        this.issuerKeyName = issuerKeyName;
+    }
+
+    public String getIssuerKeyPassword() {
+        return issuerKeyPassword;
+    }
+
+    public void setIssuerKeyPassword(String issuerKeyPassword) {
+        this.issuerKeyPassword = issuerKeyPassword;
+    }
+
+    public Crypto getIssuerCrypto() {
+        return issuerCrypto;
+    }
+
+    public void setIssuerCrypto(Crypto issuerCrypto) {
+        this.issuerCrypto = issuerCrypto;
+    }
+
+    public boolean isSendKeyValue() {
+        return sendKeyValue;
+    }
+
+    public void setSendKeyValue(boolean sendKeyValue) {
+        this.sendKeyValue = sendKeyValue;
+    }
+
+    /**
+     * Method getSubject returns the subject of this SAMLCallback object.
+     *
+     * @return the subject (type SubjectBean) of this SAMLCallback object.
+     */
+    public SubjectBean getSubject() {
+        return subject;
+    }
+
+    /**
+     * Method setSubject sets the subject of this SAMLCallback object.
+     *
+     * @param subject the subject of this SAMLCallback object.
+     */
+    public void setSubject(SubjectBean subject) {
+        this.subject = subject;
+    }
+
+    /**
+     * Method getIssuer returns the issuer of this SAMLCallback object.
+     *
+     * @return the issuer of this SAMLCallback object.
+     */
+    public String getIssuer() {
+        return issuer;
+    }
+
+    /**
+     * Method setIssuer sets the issuer of this SAMLCallback object.
+     *
+     * @param issuer the issuer of this SAMLCallback object.
+     */
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+
+    /**
+     * Method getConditions returns the conditions of this SAMLCallback object.
+     *
+     * @return the conditions (type ConditionsBean) of this SAMLCallback object.
+     */
+    public ConditionsBean getConditions() {
+        return conditions;
+    }
+
+    /**
+     * Method setConditions sets the conditions of this SAMLCallback object.
+     *
+     * @param conditions the conditions of this SAMLCallback object.
+     */
+    public void setConditions(ConditionsBean conditions) {
+        this.conditions = conditions;
+    }
+
+    /**
+     * Set the SAMLVersion of the assertion to create
+     *
+     * @param samlVersion the SAMLVersion of the assertion to create
+     */
+    public void setSamlVersion(SAMLVersion samlVersion) {
+        this.samlVersion = samlVersion;
+    }
+
+    /**
+     * Get the SAMLVersion of the assertion to create
+     *
+     * @return the SAMLVersion of the assertion to create
+     */
+    public SAMLVersion getSamlVersion() {
+        return samlVersion;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLCallback.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLKeyInfo.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLKeyInfo.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLKeyInfo.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLKeyInfo.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.impl.saml;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * This holds key/cert information extracted from a SAML assertion
+ */
+public class SAMLKeyInfo {
+
+    /**
+     * Certificates
+     */
+    private X509Certificate[] certs;
+
+    /**
+     * Key bytes (e.g.: held in an encrypted key)
+     */
+    private byte[] secret;
+
+    /**
+     * The public key {e.g.: held in a ds:KeyInfo).
+     */
+    private PublicKey publicKey;
+
+    /**
+     * The private key
+     */
+    private PrivateKey privateKey;
+
+    public SAMLKeyInfo(X509Certificate[] certs) {
+        this.certs = certs;
+    }
+
+    public SAMLKeyInfo(byte[] secret) {
+        this.secret = secret;
+    }
+
+    public SAMLKeyInfo(PrivateKey privateKey) {
+        this.privateKey = privateKey;
+    }
+
+    public SAMLKeyInfo(PublicKey publicKey) {
+        this.publicKey = publicKey;
+    }
+
+    public X509Certificate[] getCerts() {
+        return certs;
+    }
+
+    public void setCerts(X509Certificate[] certs) {
+        this.certs = certs;
+    }
+
+    public byte[] getSecret() {
+        return secret;
+    }
+
+    public void setSecret(byte[] secret) {
+        this.secret = secret;
+    }
+
+    public PublicKey getPublicKey() {
+        return this.publicKey;
+    }
+
+    public void setPublicKey(PublicKey publicKey) {
+        this.publicKey = publicKey;
+    }
+
+    public PrivateKey getPrivateKey() {
+        return privateKey;
+    }
+
+    public void setPrivateKey(PrivateKey privateKey) {
+        this.privateKey = privateKey;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/SAMLKeyInfo.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/XMLUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/XMLUtils.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/XMLUtils.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/XMLUtils.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.impl.saml;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+public class XMLUtils {
+
+    /**
+     * Gets a direct child with specified localname and namespace. <p/>
+     *
+     * @param parentNode the node where to start the search
+     * @param localName  local name of the child to get
+     * @param namespace  the namespace of the child to get
+     * @return the node or <code>null</code> if not such node found
+     */
+    public static Element getDirectChildElement(Node parentNode, String localName, String namespace) {
+        if (parentNode == null) {
+            return null;
+        }
+        for (
+                Node currentChild = parentNode.getFirstChild();
+                currentChild != null;
+                currentChild = currentChild.getNextSibling()
+                ) {
+            if (Node.ELEMENT_NODE == currentChild.getNodeType()
+                    && localName.equals(currentChild.getLocalName())
+                    && namespace.equals(currentChild.getNamespaceURI())) {
+                return (Element) currentChild;
+            }
+        }
+        return null;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/XMLUtils.java
------------------------------------------------------------------------------
    svn:executable = *

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/XMLUtils.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ActionBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ActionBean.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ActionBean.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ActionBean.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,129 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.impl.saml.bean;
+
+
+/**
+ * Class SamlAction represents the raw data required by the <code>AssertionWrapper</code> when
+ * creating the <code>Action</code> element of the SAML Authorization Decision Statement.
+ * <p/>
+ * Created on May 19, 2009
+ */
+public class ActionBean {
+
+    /**
+     * A URI reference representing the namespace in which the name of the specified action is to be
+     * interpreted. If this element is absent, the namespace
+     * urn:oasis:names:tc:SAML:1.0:action:rwedcnegation specified in Section 7.2.2 is in effect.
+     */
+    private String actionNamespace;
+
+    /**
+     * An action sought to be performed on the specified resource (i.e. Read, Write, Update, Delete)
+     */
+    private String contents;
+
+    /**
+     * Constructor SamlAction creates a new SamlAction instance.
+     */
+    public ActionBean() {
+    }
+
+    /**
+     * Constructor SamlAction creates a new SamlAction instance.
+     *
+     * @param actionNamespace of type String
+     * @param contents        of type String
+     */
+    public ActionBean(String actionNamespace, String contents) {
+        this.actionNamespace = actionNamespace;
+        this.contents = contents;
+    }
+
+    /**
+     * Method getActionNamespace returns the actionNamespace of this SamlAction object.
+     *
+     * @return the actionNamespace (type String) of this SamlAction object.
+     */
+    public String getActionNamespace() {
+        return actionNamespace;
+    }
+
+    /**
+     * Method setActionNamespace sets the actionNamespace of this SamlAction object.
+     *
+     * @param actionNamespace the actionNamespace of this SamlAction object.
+     */
+    public void setActionNamespace(String actionNamespace) {
+        this.actionNamespace = actionNamespace;
+    }
+
+    /**
+     * Method getContents returns the contents of this SamlAction object.
+     *
+     * @return the contents (type String) of this SamlAction object.
+     */
+    public String getContents() {
+        return contents;
+    }
+
+    /**
+     * Method setContents sets the contents of this SamlAction object.
+     *
+     * @param contents the contents of this SamlAction object.
+     */
+    public void setContents(String contents) {
+        this.contents = contents;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof ActionBean)) return false;
+
+        ActionBean that = (ActionBean) o;
+
+        if (contents == null && that.contents != null) {
+            return false;
+        } else if (contents != null && !contents.equals(that.contents)) {
+            return false;
+        }
+
+        if (actionNamespace == null && that.actionNamespace != null) {
+            return false;
+        } else if (actionNamespace != null && !actionNamespace.equals(that.actionNamespace)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = 0;
+        if (contents != null) {
+            result = 31 * result + contents.hashCode();
+        }
+        if (actionNamespace != null) {
+            result = 31 * result + actionNamespace.hashCode();
+        }
+        return result;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ActionBean.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeBean.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeBean.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeBean.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,152 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.impl.saml.bean;
+
+import java.util.ArrayList;
+import java.util.List;
+
+
+/**
+ * Class SamlAttribute represents an instance of a SAML attribute.
+ * <p/>
+ * Created on May 18, 2009
+ */
+public class AttributeBean {
+    private String simpleName;
+    private String qualifiedName;
+    private List<String> attributeValues;
+
+    /**
+     * Constructor SamlAttribute creates a new SamlAttribute instance.
+     */
+    public AttributeBean() {
+        attributeValues = new ArrayList<String>();
+    }
+
+    /**
+     * Constructor SamlAttribute creates a new SamlAttribute instance.
+     *
+     * @param simpleName      of type String
+     * @param qualifiedName   of type String
+     * @param attributeValues of type List<String>
+     */
+    public AttributeBean(String simpleName, String qualifiedName, List<String> attributeValues) {
+        this.simpleName = simpleName;
+        this.qualifiedName = qualifiedName;
+        this.attributeValues = attributeValues;
+    }
+
+    /**
+     * Method getSimpleName returns the simpleName of this SamlAttribute object.
+     *
+     * @return the simpleName (type String) of this SamlAttribute object.
+     */
+    public String getSimpleName() {
+        return simpleName;
+    }
+
+    /**
+     * Method setSimpleName sets the simpleName of this SamlAttribute object.
+     *
+     * @param simpleName the simpleName of this SamlAttribute object.
+     */
+    public void setSimpleName(String simpleName) {
+        this.simpleName = simpleName;
+    }
+
+    /**
+     * Method getQualifiedName returns the qualifiedName of this SamlAttribute object.
+     *
+     * @return the qualifiedName (type String) of this SamlAttribute object.
+     */
+    public String getQualifiedName() {
+        return qualifiedName;
+    }
+
+    /**
+     * Method setQualifiedName sets the qualifiedName of this SamlAttribute object.
+     *
+     * @param qualifiedName the qualifiedName of this SamlAttribute object.
+     */
+    public void setQualifiedName(String qualifiedName) {
+        this.qualifiedName = qualifiedName;
+    }
+
+    /**
+     * Method getAttributeValues returns the attributeValues of this SamlAttribute object.
+     *
+     * @return the attributeValues (type Map) of this SamlAttribute object.
+     */
+    public List<String> getAttributeValues() {
+        return attributeValues;
+    }
+
+    /**
+     * Method setAttributeValues sets the attributeValues of this SamlAttribute object.
+     *
+     * @param attributeValues the attributeValues of this SamlAttribute object.
+     */
+    public void setAttributeValues(List<String> attributeValues) {
+        this.attributeValues = attributeValues;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof AttributeBean)) return false;
+
+        AttributeBean that = (AttributeBean) o;
+
+        if (attributeValues == null && that.attributeValues != null) {
+            return false;
+        } else if (attributeValues != null && !attributeValues.equals(that.attributeValues)) {
+            return false;
+        }
+
+        if (qualifiedName == null && that.qualifiedName != null) {
+            return false;
+        } else if (qualifiedName != null && !qualifiedName.equals(that.qualifiedName)) {
+            return false;
+        }
+
+        if (simpleName == null && that.simpleName != null) {
+            return false;
+        } else if (simpleName != null && !simpleName.equals(that.simpleName)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = 0;
+        if (simpleName != null) {
+            result = 31 * result + simpleName.hashCode();
+        }
+        if (qualifiedName != null) {
+            result = 31 * result + qualifiedName.hashCode();
+        }
+        if (attributeValues != null) {
+            result = 31 * result + attributeValues.hashCode();
+        }
+        return result;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeBean.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeStatementBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeStatementBean.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeStatementBean.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeStatementBean.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.impl.saml.bean;
+
+import java.util.ArrayList;
+import java.util.List;
+
+
+/**
+ * Class SamlAttributeStatement represents a SAML attribute statement
+ * <p/>
+ * Created on May 20, 2009
+ */
+public class AttributeStatementBean {
+    private SubjectBean subject;
+    private List<AttributeBean> attributeBeans;
+
+    /**
+     * Constructor SamlAttributeStatement creates a new SamlAttributeStatement instance.
+     */
+    public AttributeStatementBean() {
+        attributeBeans = new ArrayList<AttributeBean>();
+    }
+
+    /**
+     * Constructor SamlAttributeStatement creates a new SamlAttributeStatement instance.
+     *
+     * @param subject        A new SubjectBean instance
+     * @param attributeBeans A list of Attributes
+     */
+    public AttributeStatementBean(
+            SubjectBean subject,
+            List<AttributeBean> attributeBeans
+    ) {
+        this.subject = subject;
+        this.attributeBeans = attributeBeans;
+    }
+
+    /**
+     * Method getSamlAttributes returns the samlAttributes of this SamlAttributeStatement object.
+     *
+     * @return the samlAttributes (type List<SamlAttribute>) of this SamlAttributeStatement object.
+     */
+    public List<AttributeBean> getSamlAttributes() {
+        return attributeBeans;
+    }
+
+    /**
+     * Method setSamlAttributes sets the samlAttributes of this SamlAttributeStatement object.
+     *
+     * @param attributeBeans the samlAttributes of this SamlAttributeStatement object.
+     */
+    public void setSamlAttributes(List<AttributeBean> attributeBeans) {
+        this.attributeBeans = attributeBeans;
+    }
+
+    /**
+     * Get the Subject
+     *
+     * @return the Subject
+     */
+    public SubjectBean getSubject() {
+        return subject;
+    }
+
+    /**
+     * Set the Subject
+     *
+     * @param subject the SubjectBean instance to set
+     */
+    public void setSubject(SubjectBean subject) {
+        this.subject = subject;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof AttributeStatementBean)) return false;
+
+        AttributeStatementBean that = (AttributeStatementBean) o;
+
+        if (attributeBeans == null && that.attributeBeans != null) {
+            return false;
+        } else if (attributeBeans != null && !attributeBeans.equals(that.attributeBeans)) {
+            return false;
+        }
+
+        if (subject == null && that.subject != null) {
+            return false;
+        } else if (subject != null && !subject.equals(that.subject)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = subject != null ? subject.hashCode() : 0;
+        result = 31 * result + (attributeBeans != null ? attributeBeans.hashCode() : 0);
+        return result;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AttributeStatementBean.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthDecisionStatementBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthDecisionStatementBean.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthDecisionStatementBean.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthDecisionStatementBean.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,235 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.impl.saml.bean;
+
+import java.util.ArrayList;
+import java.util.List;
+
+
+/**
+ * Class SamlDecision represents the raw data to be used by the <code>AssertionWrapper</code> when
+ * creating SAML Authorization Decision Statements.
+ * <p/>
+ * Created on May 19, 2009
+ */
+public class AuthDecisionStatementBean {
+
+    /**
+     * The SAML subject
+     */
+    private SubjectBean subject;
+
+    /**
+     * enum representing the possible decision types as specified in the SAML spec
+     */
+    public enum Decision {
+        PERMIT, INDETERMINATE, DENY
+    }
+
+    /**
+     * The decision rendered by the SAML authority with respect to the specified resource
+     */
+    private Decision decision;
+
+    /**
+     * A URI reference identifying the resource to which access authorization is sought
+     */
+    private String resource;
+
+    /**
+     * The set of actions authorized to be performed on the specified resource (one or more)
+     */
+    private List<ActionBean> actionBeans;
+
+    /**
+     * A set of assertions that the SAML authority relied on in making the decision (optional)
+     */
+    private Object evidence;
+
+    /**
+     * Constructor SamlDecision creates a new SamlDecision instance.
+     */
+    public AuthDecisionStatementBean() {
+        actionBeans = new ArrayList<ActionBean>();
+    }
+
+    /**
+     * Constructor SamlDecision creates a new SamlDecision instance.
+     *
+     * @param decision    of type Decision
+     * @param resource    of type String
+     * @param subject     of type SubjectBean
+     * @param evidence    of type Object
+     * @param actionBeans of type List<SamlAction>
+     */
+    public AuthDecisionStatementBean(
+            Decision decision,
+            String resource,
+            SubjectBean subject,
+            Object evidence,
+            List<ActionBean> actionBeans
+    ) {
+        this.decision = decision;
+        this.resource = resource;
+        this.subject = subject;
+        this.evidence = evidence;
+        this.actionBeans = actionBeans;
+    }
+
+    /**
+     * Method getResource returns the resource of this SamlDecision object.
+     *
+     * @return the resource (type String) of this SamlDecision object.
+     */
+    public String getResource() {
+        return resource;
+    }
+
+    /**
+     * Method setResource sets the resource of this SamlDecision object.
+     *
+     * @param resource the resource of this SamlDecision object.
+     */
+    public void setResource(String resource) {
+        this.resource = resource;
+    }
+
+    /**
+     * Method getActions returns the actions of this SamlDecision object.
+     *
+     * @return the actions (type List<SamlAction>) of this SamlDecision object.
+     */
+    public List<ActionBean> getActions() {
+        return actionBeans;
+    }
+
+    /**
+     * Method setActions sets the actions of this SamlDecision object.
+     *
+     * @param actionBeans the actions of this SamlDecision object.
+     */
+    public void setActions(List<ActionBean> actionBeans) {
+        this.actionBeans = actionBeans;
+    }
+
+    /**
+     * Method getDecision returns the decision of this SamlDecision object.
+     *
+     * @return the decision (type Decision) of this SamlDecision object.
+     */
+    public Decision getDecision() {
+        return decision;
+    }
+
+    /**
+     * Method setDecision sets the decision of this SamlDecision object.
+     *
+     * @param decision the decision of this SamlDecision object.
+     */
+    public void setDecision(Decision decision) {
+        this.decision = decision;
+    }
+
+    /**
+     * Method getEvidence returns the evidence of this SamlDecision object.
+     *
+     * @return the evidence (type Object) of this SamlDecision object.
+     */
+    public Object getEvidence() {
+        return evidence;
+    }
+
+    /**
+     * Method setEvidence sets the evidence of this SamlDecision object.
+     *
+     * @param evidence the evidence of this SamlDecision object.
+     */
+    public void setEvidence(Object evidence) {
+        this.evidence = evidence;
+    }
+
+    /**
+     * Get the Subject
+     *
+     * @return the Subject
+     */
+    public SubjectBean getSubject() {
+        return subject;
+    }
+
+    /**
+     * Set the Subject
+     *
+     * @param subject the SubjectBean instance to set
+     */
+    public void setSubject(SubjectBean subject) {
+        this.subject = subject;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof AuthDecisionStatementBean)) return false;
+
+        AuthDecisionStatementBean that = (AuthDecisionStatementBean) o;
+
+        if (subject == null && that.subject != null) {
+            return false;
+        } else if (subject != null && !subject.equals(that.subject)) {
+            return false;
+        }
+
+        if (decision == null && that.decision != null) {
+            return false;
+        } else if (decision != null && !decision.equals(that.decision)) {
+            return false;
+        }
+
+        if (evidence == null && that.evidence != null) {
+            return false;
+        } else if (evidence != null && !evidence.equals(that.evidence)) {
+            return false;
+        }
+
+        if (actionBeans == null && that.actionBeans != null) {
+            return false;
+        } else if (actionBeans != null && !actionBeans.equals(that.actionBeans)) {
+            return false;
+        }
+
+        if (resource == null && that.resource != null) {
+            return false;
+        } else if (resource != null && !resource.equals(that.resource)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = subject != null ? subject.hashCode() : 0;
+        result = 31 * result + (decision != null ? decision.hashCode() : 0);
+        result = 31 * result + (evidence != null ? evidence.hashCode() : 0);
+        result = 31 * result + (actionBeans != null ? actionBeans.hashCode() : 0);
+        result = 31 * result + (resource != null ? resource.hashCode() : 0);
+        return result;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthDecisionStatementBean.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthenticationStatementBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthenticationStatementBean.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthenticationStatementBean.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthenticationStatementBean.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.impl.saml.bean;
+
+import org.joda.time.DateTime;
+
+
+/**
+ * Class AuthenticationStatementBean represents the raw data required to create
+ * a SAML v1.1 or v2.0 authentication statement.
+ * <p/>
+ * Created on May 20, 2009
+ */
+public class AuthenticationStatementBean {
+    private SubjectBean subject;
+    DateTime authenticationInstant;
+    private String authenticationMethod;
+
+    /**
+     * Default constructor
+     */
+    public AuthenticationStatementBean() {
+    }
+
+    /**
+     * Construct a new AuthenticationStatementBean
+     *
+     * @param subject               the Subject to set
+     * @param authenticationMethod  the Authentication Method to set
+     * @param authenticationInstant the Authentication Instant to set
+     */
+    public AuthenticationStatementBean(
+            SubjectBean subject,
+            String authenticationMethod,
+            DateTime authenticationInstant
+    ) {
+        this.subject = subject;
+        this.authenticationMethod = authenticationMethod;
+        this.authenticationInstant = authenticationInstant;
+    }
+
+    /**
+     * Get the Subject
+     *
+     * @return the subject
+     */
+    public SubjectBean getSubject() {
+        return subject;
+    }
+
+    /**
+     * Set the subject
+     *
+     * @param subject the SubjectBean instance to set
+     */
+    public void setSubject(SubjectBean subject) {
+        this.subject = subject;
+    }
+
+    /**
+     * Get the authentication method
+     *
+     * @return the authentication method
+     */
+    public String getAuthenticationMethod() {
+        return authenticationMethod;
+    }
+
+    /**
+     * Set the authentication method
+     *
+     * @param authenticationMethod the authentication method
+     */
+    public void setAuthenticationMethod(String authenticationMethod) {
+        this.authenticationMethod = authenticationMethod;
+    }
+
+    /**
+     * Get the authentication instant
+     *
+     * @return the authentication instant
+     */
+    public DateTime getAuthenticationInstant() {
+        return authenticationInstant;
+    }
+
+    /**
+     * Set the authentication instant
+     *
+     * @param authenticationInstant the authentication instant
+     */
+    public void setAuthenticationInstant(DateTime authenticationInstant) {
+        this.authenticationInstant = authenticationInstant;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof AuthenticationStatementBean)) return false;
+
+        AuthenticationStatementBean that = (AuthenticationStatementBean) o;
+
+        if (authenticationInstant == null && that.authenticationInstant != null) {
+            return false;
+        } else if (authenticationInstant != null
+                && !authenticationInstant.equals(that.authenticationInstant)) {
+            return false;
+        }
+
+        if (authenticationMethod == null && that.authenticationMethod != null) {
+            return false;
+        } else if (authenticationMethod != null
+                && !authenticationMethod.equals(that.authenticationMethod)) {
+            return false;
+        }
+
+        if (subject == null && that.subject != null) {
+            return false;
+        } else if (subject != null
+                && !subject.equals(that.subject)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = subject != null ? subject.hashCode() : 0;
+        result = 31 * result + (authenticationInstant != null ? authenticationInstant.hashCode() : 0);
+        result = 31 * result + (authenticationMethod != null ? authenticationMethod.hashCode() : 0);
+        return result;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/AuthenticationStatementBean.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ConditionsBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ConditionsBean.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ConditionsBean.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ConditionsBean.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,165 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.impl.saml.bean;
+
+import org.joda.time.DateTime;
+
+
+/**
+ * Class ConditionsBean represents a SAML Conditions object (can be used to create
+ * both SAML v1.1 and v2.0 statements)
+ * <p/>
+ * Created on May 20, 2009
+ */
+public class ConditionsBean {
+    private DateTime notBefore;
+    private DateTime notAfter;
+    private int tokenPeriodMinutes;
+
+    /**
+     * Constructor ConditionsBean creates a new ConditionsBean instance.
+     */
+    public ConditionsBean() {
+    }
+
+    /**
+     * Constructor ConditionsBean creates a new ConditionsBean instance.
+     *
+     * @param notBefore The notBefore instance
+     * @param notAfter  The notAfter instance
+     */
+    public ConditionsBean(
+            DateTime notBefore,
+            DateTime notAfter
+    ) {
+        this.notBefore = notBefore;
+        this.notAfter = notAfter;
+    }
+
+    /**
+     * Constructor ConditionsBean creates a new ConditionsBean instance.
+     *
+     * @param tokenPeriodMinutes how long the token is valid for in minutes
+     */
+    public ConditionsBean(
+            int tokenPeriodMinutes
+    ) {
+        this.tokenPeriodMinutes = tokenPeriodMinutes;
+    }
+
+    /**
+     * Get the notBefore instance
+     *
+     * @return the notBefore instance
+     */
+    public DateTime getNotBefore() {
+        return notBefore;
+    }
+
+    /**
+     * Set the notBefore instance
+     *
+     * @param notBefore the notBefore instance to set
+     */
+    public void setNotBefore(DateTime notBefore) {
+        this.notBefore = notBefore;
+    }
+
+    /**
+     * Get the notAfter instance
+     *
+     * @return the notAfter instance
+     */
+    public DateTime getNotAfter() {
+        return notAfter;
+    }
+
+    /**
+     * Set the notAfter instance
+     *
+     * @param notAfter the notAfter instance to set
+     */
+    public void setNotAfter(DateTime notAfter) {
+        this.notAfter = notAfter;
+    }
+
+    /**
+     * Get the tokenPeriodMinutes of this object.
+     *
+     * @return the tokenPeriodMinutes (type int)
+     */
+    public int getTokenPeriodMinutes() {
+        return tokenPeriodMinutes;
+    }
+
+    /**
+     * Set the tokenPeriodMinutes.
+     *
+     * @param tokenPeriodMinutes the tokenPeriodMinutes to set
+     */
+    public void setTokenPeriodMinutes(int tokenPeriodMinutes) {
+        this.tokenPeriodMinutes = tokenPeriodMinutes;
+    }
+
+    /**
+     * Method equals ...
+     *
+     * @param o of type Object
+     * @return boolean
+     */
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof ConditionsBean)) return false;
+
+        ConditionsBean that = (ConditionsBean) o;
+
+        if (tokenPeriodMinutes != that.tokenPeriodMinutes) return false;
+
+        if (notBefore == null && that.notBefore != null) {
+            return false;
+        } else if (notBefore != null && !notBefore.equals(that.notBefore)) {
+            return false;
+        }
+
+        if (notAfter == null && that.notAfter != null) {
+            return false;
+        } else if (notAfter != null && !notAfter.equals(that.notAfter)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * @return the hashcode of this object
+     */
+    @Override
+    public int hashCode() {
+        int result = tokenPeriodMinutes;
+        if (notBefore != null) {
+            result = 31 * result + notBefore.hashCode();
+        }
+        if (notAfter != null) {
+            result = 31 * result + notAfter.hashCode();
+        }
+        return result;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/saml/bean/ConditionsBean.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision



Mime
View raw message