ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1333081 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/saml/ext/bean/ main/java/org/apache/ws/security/saml/ext/builder/ test/java/org/apache/ws/security/common/ test/java/org/apache/ws/security/saml/
Date Wed, 02 May 2012 15:48:47 GMT
Author: coheigea
Date: Wed May  2 15:48:47 2012
New Revision: 1333081

URL: http://svn.apache.org/viewvc?rev=1333081&view=rev
Log:
[WSS-388] - Add support for populating SAML2 SubjectConfirmationData attributes when creating
a SAML Assertion

Added:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectConfirmationDataBean.java
Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java?rev=1333081&r1=1333080&r2=1333081&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java
Wed May  2 15:48:47 2012
@@ -33,6 +33,7 @@ public class SubjectBean {
     private String subjectNameQualifier;
     private String subjectConfirmationMethod;
     private KeyInfoBean keyInfo;
+    private SubjectConfirmationDataBean subjectConfirmationData;
 
     /**
      * Constructor SubjectBean creates a new SubjectBean instance.
@@ -171,6 +172,24 @@ public class SubjectBean {
     }
     
     /**
+     * Set the SubjectConfirmationData of this SubjectBean object
+     * @return the SubjectConfirmationData of this SubjectBean object
+     */
+    public SubjectConfirmationDataBean getSubjectConfirmationData() {
+        return subjectConfirmationData;
+    }
+
+    /**
+     * Get the SubjectConfirmationData of this SubjectBean object
+     * @param subjectConfirmationData the SubjectConfirmationData of this SubjectBean object
+     */
+    public void setSubjectConfirmationData(
+        SubjectConfirmationDataBean subjectConfirmationData
+    ) {
+        this.subjectConfirmationData = subjectConfirmationData;
+    }
+    
+    /**
      * Method equals ...
      *
      * @param o of type Object
@@ -215,6 +234,13 @@ public class SubjectBean {
         } else if (keyInfo != null && !keyInfo.equals(that.keyInfo)) {
             return false;
         }
+        
+        if (subjectConfirmationData == null && that.subjectConfirmationData != null)
{
+            return false;
+        } else if (subjectConfirmationData != null 
+            && !subjectConfirmationData.equals(that.subjectConfirmationData)) {
+            return false;
+        }
 
         return true;
     }
@@ -240,6 +266,10 @@ public class SubjectBean {
         if (keyInfo != null) {
             result = 31 * result + keyInfo.hashCode();
         }
+        if (subjectConfirmationData != null) {
+            result = 31 * result + subjectConfirmationData.hashCode();
+        }
         return result;
     }
+
 }

Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectConfirmationDataBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectConfirmationDataBean.java?rev=1333081&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectConfirmationDataBean.java
(added)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectConfirmationDataBean.java
Wed May  2 15:48:47 2012
@@ -0,0 +1,191 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.saml.ext.bean;
+
+import org.joda.time.DateTime;
+
+/**
+ * Class SubjectConfirmationDataBean represents a SAML (2) SubjectConfirmationData. Please
note that
+ * KeyInfo functionality is in SubjectBean for backwards compatibility reasons.
+ */
+public class SubjectConfirmationDataBean {
+    private String recipient;
+    private String address;
+    private String inResponseTo;
+    private DateTime notBefore;
+    private DateTime notAfter;
+
+    /**
+     * Constructor SubjectConfirmationDataBean creates a new SubjectConfirmationDataBean
instance.
+     */
+    public SubjectConfirmationDataBean() {
+    }
+
+    /**
+     * Get the recipient of the SubjectConfirmationDataBean
+     * @return the recipient of the SubjectConfirmationDataBean
+     */
+    public String getRecipient() {
+        return recipient;
+    }
+
+    /**
+     * Set the recipient of the SubjectConfirmationDataBean
+     * @param recipient the recipient of the SubjectConfirmationDataBean
+     */
+    public void setRecipient(String recipient) {
+        this.recipient = recipient;
+    }
+
+    /**
+     * Get the address of the SubjectConfirmationDataBean
+     * @return the address of the SubjectConfirmationDataBean
+     */
+    public String getAddress() {
+        return address;
+    }
+
+    /**
+     * Set the address of the SubjectConfirmationDataBean
+     * @param address the address of the SubjectConfirmationDataBean
+     */
+    public void setAddress(String address) {
+        this.address = address;
+    }
+
+    /**
+     * Get the InResponseTo element of the SubjectConfirmationDataBean
+     * @return the InResponseTo element of the SubjectConfirmationDataBean
+     */
+    public String getInResponseTo() {
+        return inResponseTo;
+    }
+
+    /**
+     * Set the InResponseTo element of the SubjectConfirmationDataBean
+     * @param inResponseTo the InResponseTo element of the SubjectConfirmationDataBean
+     */
+    public void setInResponseTo(String inResponseTo) {
+        this.inResponseTo = inResponseTo;
+    }
+
+    /**
+     * Get the NotBefore time of the SubjectConfirmationDataBean
+     * @return the NotBefore time of the SubjectConfirmationDataBean
+     */
+    public DateTime getNotBefore() {
+        return notBefore;
+    }
+
+    /**
+     * Set the NotBefore time of the SubjectConfirmationDataBean
+     * @param notBefore the NotBefore time of the SubjectConfirmationDataBean
+     */
+    public void setNotBefore(DateTime notBefore) {
+        this.notBefore = notBefore;
+    }
+
+    /**
+     * Get the NotOnOrAfter time of the SubjectConfirmationDataBean
+     * @return the NotOnOrAfter time of the SubjectConfirmationDataBean
+     */
+    public DateTime getNotAfter() {
+        return notAfter;
+    }
+
+    /**
+     * Set the NotOnOrAfter time of the SubjectConfirmationDataBean
+     * @param notAfter the NotOnOrAfter time of the SubjectConfirmationDataBean
+     */
+    public void setNotAfter(DateTime notAfter) {
+        this.notAfter = notAfter;
+    }
+    
+    /**
+     * Method equals ...
+     *
+     * @param o of type Object
+     * @return boolean
+     */
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof SubjectConfirmationDataBean)) return false;
+
+        SubjectConfirmationDataBean that = (SubjectConfirmationDataBean) o;
+
+        if (recipient == null && that.recipient != null) {
+            return false;
+        } else if (recipient != null && !recipient.equals(that.recipient)) {
+            return false;
+        }
+        
+        if (address == null && that.address != null) {
+            return false;
+        } else if (address != null && !address.equals(that.address)) {
+            return false;
+        }
+        
+        if (inResponseTo == null && that.inResponseTo != null) {
+            return false;
+        } else if (inResponseTo != null && !inResponseTo.equals(that.inResponseTo))
{
+            return false;
+        }
+        
+        if (notBefore == null && that.notBefore != null) {
+            return false;
+        } else if (notBefore != null && !notBefore.equals(that.notBefore)) {
+            return false;
+        }
+        
+        if (notAfter == null && that.notAfter != null) {
+            return false;
+        } else if (notAfter != null && !notAfter.equals(that.notAfter)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * @return the hashcode of this object
+     */
+    @Override
+    public int hashCode() {
+        int result = 0;
+        if (recipient != null) {
+            result = recipient.hashCode();
+        }
+        if (address != null) {
+            result = 31 * result + address.hashCode();
+        }
+        if (inResponseTo != null) {
+            result = 31 * result + inResponseTo.hashCode();
+        }
+        if (notBefore != null) {
+            result = 31 * result + notBefore.hashCode();
+        }
+        if (notAfter != null) {
+            result = 31 * result + notAfter.hashCode();
+        }
+        return result;
+    }
+
+}

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java?rev=1333081&r1=1333080&r2=1333081&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
Wed May  2 15:48:47 2012
@@ -28,6 +28,7 @@ import org.apache.ws.security.saml.ext.b
 import org.apache.ws.security.saml.ext.bean.ConditionsBean;
 import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
 import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
 import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
 import org.apache.ws.security.util.UUIDGenerator;
 
@@ -385,12 +386,10 @@ public class SAML2ComponentBuilder {
         subject.setNameID(nameID);
         
         SubjectConfirmationData subjectConfData = null;
-        if (subjectBean.getKeyInfo() != null) {
+        if (subjectBean.getKeyInfo() != null || subjectBean.getSubjectConfirmationData()
!= null) {
             subjectConfData = 
                 SAML2ComponentBuilder.createSubjectConfirmationData(
-                    null, 
-                    null, 
-                    null, 
+                    subjectBean.getSubjectConfirmationData(), 
                     subjectBean.getKeyInfo() 
                 );
         }
@@ -417,13 +416,33 @@ public class SAML2ComponentBuilder {
      * @param keyInfoBean of type KeyInfoBean
      * @return a SubjectConfirmationData object
      */
-    @SuppressWarnings("unchecked")
+    @Deprecated
     public static SubjectConfirmationData createSubjectConfirmationData(
         String inResponseTo, 
         String recipient, 
         DateTime notOnOrAfter,
         KeyInfoBean keyInfoBean
     ) throws org.opensaml.xml.security.SecurityException, WSSecurityException {
+        SubjectConfirmationDataBean subjectConfirmationDataBean = 
+            new SubjectConfirmationDataBean();
+        subjectConfirmationDataBean.setInResponseTo(inResponseTo);
+        subjectConfirmationDataBean.setRecipient(recipient);
+        subjectConfirmationDataBean.setNotAfter(notOnOrAfter);
+        return createSubjectConfirmationData(subjectConfirmationDataBean, keyInfoBean);
+    }
+    
+    /**
+     * Create a SubjectConfirmationData object
+     *
+     * @param subjectConfirmationDataBean of type SubjectConfirmationDataBean
+     * @param keyInfoBean of type KeyInfoBean
+     * @return a SubjectConfirmationData object
+     */
+    @SuppressWarnings("unchecked")
+    public static SubjectConfirmationData createSubjectConfirmationData(
+        SubjectConfirmationDataBean subjectConfirmationDataBean,
+        KeyInfoBean keyInfoBean
+    ) throws org.opensaml.xml.security.SecurityException, WSSecurityException {
         SubjectConfirmationData subjectConfirmationData = null;
         KeyInfo keyInfo = null;
         if (keyInfoBean == null) {
@@ -442,14 +461,22 @@ public class SAML2ComponentBuilder {
             ((KeyInfoConfirmationDataType)subjectConfirmationData).getKeyInfos().add(keyInfo);
         }
         
-        if (inResponseTo != null) {
-            subjectConfirmationData.setInResponseTo(inResponseTo);
-        }
-        if (recipient != null) {
-            subjectConfirmationData.setRecipient(recipient);
-        }
-        if (notOnOrAfter != null) {
-            subjectConfirmationData.setNotOnOrAfter(notOnOrAfter);
+        if (subjectConfirmationDataBean != null) {
+            if (subjectConfirmationDataBean.getInResponseTo() != null) {
+                subjectConfirmationData.setInResponseTo(subjectConfirmationDataBean.getInResponseTo());
+            }
+            if (subjectConfirmationDataBean.getRecipient() != null) {
+                subjectConfirmationData.setRecipient(subjectConfirmationDataBean.getRecipient());
+            }
+            if (subjectConfirmationDataBean.getAddress() != null) {
+                subjectConfirmationData.setAddress(subjectConfirmationDataBean.getAddress());
+            }
+            if (subjectConfirmationDataBean.getNotAfter() != null) {
+                subjectConfirmationData.setNotOnOrAfter(subjectConfirmationDataBean.getNotAfter());
+            }
+            if (subjectConfirmationDataBean.getNotBefore() != null) {
+                subjectConfirmationData.setNotBefore(subjectConfirmationDataBean.getNotBefore());
+            }
         }
         
         return subjectConfirmationData;

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?rev=1333081&r1=1333080&r2=1333081&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
Wed May  2 15:48:47 2012
@@ -30,6 +30,7 @@ import org.apache.ws.security.saml.ext.b
 import org.apache.ws.security.saml.ext.bean.ConditionsBean;
 import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
 import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
 import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
 import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
 import org.w3c.dom.Document;
@@ -67,6 +68,11 @@ public abstract class AbstractSAMLCallba
     protected String resource = null;
     protected List<?> customAttributeValues = null;
     protected ConditionsBean conditions = null;
+    protected SubjectConfirmationDataBean subjectConfirmationData = null;
+    
+    public void setSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationData)
{
+        this.subjectConfirmationData = subjectConfirmationData;
+    }
     
     public void setConditions(ConditionsBean conditionsBean) {
         this.conditions = conditionsBean;

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java?rev=1333081&r1=1333080&r2=1333081&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java
Wed May  2 15:48:47 2012
@@ -69,6 +69,7 @@ public class SAML2CallbackHandler extend
                 if (subjectNameIDFormat != null) {
                     subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
                 }
+                subjectBean.setSubjectConfirmationData(subjectConfirmationData);
                 if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                     try {
                         KeyInfoBean keyInfo = createKeyInfo();

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1333081&r1=1333080&r2=1333081&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Wed
May  2 15:48:47 2012
@@ -36,6 +36,7 @@ import org.apache.ws.security.message.WS
 import org.apache.ws.security.message.WSSecSAMLToken;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
 import org.apache.ws.security.saml.ext.builder.SAML1Constants;
 import org.apache.ws.security.util.WSSecurityUtil;
 
@@ -742,6 +743,52 @@ public class SamlTokenTest extends org.j
     }
     
     /**
+     * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
with
+     * SubjectConfirmationData information.
+     */
+    @org.junit.Test
+    public void testSAML2SubjectConfirmationData() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
+        subjectConfirmationData.setAddress("http://apache.org");
+        subjectConfirmationData.setInResponseTo("12345");
+        subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
+        subjectConfirmationData.setRecipient("http://recipient.apache.org");
+        callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.contains("http://recipient.apache.org"));
+        
+        List<WSSecurityEngineResult> results = verify(unsignedDoc);
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null);
+        assertTrue(!receivedAssertion.isSigned());
+    }
+    
+    /**
      * Verifies the soap envelope
      * <p/>
      * 



Mime
View raw message