ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1524103 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/ ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/
Date Tue, 17 Sep 2013 15:52:42 GMT
Author: coheigea
Date: Tue Sep 17 15:52:41 2013
New Revision: 1524103

URL: http://svn.apache.org/r1524103
Log:
[WSS-477] - Support the ability to create SAML2 Assertions with OneTimeUse + ProxyRestriction
Conditions

Added:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ProxyRestrictionBean.java
Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java?rev=1524103&r1=1524102&r2=1524103&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
Tue Sep 17 15:52:41 2013
@@ -31,6 +31,8 @@ public class ConditionsBean {
     private DateTime notAfter;
     private int tokenPeriodMinutes;
     private String audienceURI;
+    private boolean oneTimeUse;
+    private ProxyRestrictionBean proxyRestriction;
 
     /**
      * Constructor ConditionsBean creates a new ConditionsBean instance.
@@ -136,6 +138,30 @@ public class ConditionsBean {
     }
 
     /**
+     * Get whether to include a OneTimeUse Element or not. Only applies to SAML2.
+     * @return whether to include a OneTimeUse Element or not.
+     */
+    public boolean isOneTimeUse() {
+        return oneTimeUse;
+    }
+
+    /**
+     * Set whether to include a OneTimeUse Element or not. Only applies to SAML2.
+     * @param oneTimeUse whether to include a OneTimeUse Element or not.
+     */
+    public void setOneTimeUse(boolean oneTimeUse) {
+        this.oneTimeUse = oneTimeUse;
+    }
+    
+    public ProxyRestrictionBean getProxyRestriction() {
+        return proxyRestriction;
+    }
+
+    public void setProxyRestriction(ProxyRestrictionBean proxyRestriction) {
+        this.proxyRestriction = proxyRestriction;
+    }
+    
+    /**
      * Method equals ...
      *
      * @param o of type Object
@@ -167,6 +193,15 @@ public class ConditionsBean {
         } else if (audienceURI != null && !audienceURI.equals(that.audienceURI))
{
             return false; 
         }
+        
+        if (oneTimeUse != that.oneTimeUse) return false;
+        
+        if (proxyRestriction == null && that.proxyRestriction != null) {
+            return false;
+        } else if (proxyRestriction != null 
+            && !proxyRestriction.equals(that.proxyRestriction)) {
+            return false; 
+        }
 
         return true;
     }
@@ -186,6 +221,11 @@ public class ConditionsBean {
         if (audienceURI != null) {
             result = 31 * result + audienceURI.hashCode();
         }
+        result = 31 * result + (oneTimeUse ? 1 : 0);
+        if (proxyRestriction != null) {
+            result = 31 * result + proxyRestriction.hashCode();
+        }
         return result;
     }
+
 }

Added: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ProxyRestrictionBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ProxyRestrictionBean.java?rev=1524103&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ProxyRestrictionBean.java
(added)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ProxyRestrictionBean.java
Tue Sep 17 15:52:41 2013
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.bean;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Class ProxyRestrictionBean represents a SAML 2.0 ProxyRestrictionBean object
+ */
+public class ProxyRestrictionBean {
+    private int count;
+    private final List<String> audienceURIs = new ArrayList<String>();
+
+    /**
+     * Constructor ProxyRestrictionBean creates a new ProxyRestrictionBean instance.
+     */
+    public ProxyRestrictionBean() {
+    }
+
+    /**
+     * Constructor ProxyRestrictionBean creates a new ProxyRestrictionBean instance.
+     *
+     * @param count The count instance
+     * @param audienceURIs The audienceURI instances
+     */
+    public ProxyRestrictionBean(
+        int count,
+        List<String> audienceURIs
+    ) {
+        this.setCount(count);
+        if (audienceURIs != null) {
+            this.audienceURIs.addAll(audienceURIs);
+        }
+    }
+    
+    /**
+     * Get the audienceURI instances
+     *
+     * @return the audienceURI instances
+     */
+    public List<String> getAudienceURIs() {
+        return audienceURIs;
+    }
+
+    public int getCount() {
+        return count;
+    }
+
+    public void setCount(int count) {
+        this.count = count;
+    }
+
+    /**
+     * Method equals ...
+     *
+     * @param o of type Object
+     * @return boolean
+     */
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof ProxyRestrictionBean)) return false;
+
+        ProxyRestrictionBean that = (ProxyRestrictionBean) o;
+
+        if (count != that.count) return false;
+        
+        if (!audienceURIs.equals(that.audienceURIs)) {
+            return false; 
+        }
+        
+        return true;
+    }
+
+    /**
+     * @return the hashcode of this object
+     */
+    @Override
+    public int hashCode() {
+        int result = count;
+        result = 31 * result + audienceURIs.hashCode();
+        return result;
+    }
+
+}

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java?rev=1524103&r1=1524102&r2=1524103&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
Tue Sep 17 15:52:41 2013
@@ -27,16 +27,15 @@ import org.apache.wss4j.common.saml.bean
 import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
 import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.ProxyRestrictionBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
 import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
-
 import org.joda.time.DateTime;
 import org.opensaml.Configuration;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.SAMLVersion;
-
 import org.opensaml.saml2.core.Action;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.Attribute;
@@ -54,11 +53,12 @@ import org.opensaml.saml2.core.Evidence;
 import org.opensaml.saml2.core.Issuer;
 import org.opensaml.saml2.core.KeyInfoConfirmationDataType;
 import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.OneTimeUse;
+import org.opensaml.saml2.core.ProxyRestriction;
 import org.opensaml.saml2.core.Subject;
 import org.opensaml.saml2.core.SubjectConfirmation;
 import org.opensaml.saml2.core.SubjectConfirmationData;
 import org.opensaml.saml2.core.SubjectLocality;
-
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.XMLObjectBuilderFactory;
 import org.opensaml.xml.schema.XSString;
@@ -68,7 +68,6 @@ import org.opensaml.xml.signature.KeyInf
 import java.util.ArrayList;
 import java.util.List;
 
-
 /**
  * Class SAML2ComponentBuilder provides builder methods that can be used
  * to construct SAML v2.0 statements using the OpenSaml library.
@@ -84,6 +83,10 @@ public final class SAML2ComponentBuilder
     
     private static volatile SAMLObjectBuilder<SubjectConfirmation> subjectConfirmationBuilder;
     
+    private static volatile SAMLObjectBuilder<OneTimeUse> oneTimeUseBuilder;
+    
+    private static volatile SAMLObjectBuilder<ProxyRestriction> proxyRestrictionBuilder;
+    
     private static volatile SAMLObjectBuilder<Conditions> conditionsBuilder;
     
     private static volatile SAMLObjectBuilder<SubjectConfirmationData> subjectConfirmationDataBuilder;
@@ -213,6 +216,13 @@ public final class SAML2ComponentBuilder
             conditions.getAudienceRestrictions().add(audienceRestriction);
         }
         
+        if (conditionsBean.isOneTimeUse()) {
+            conditions.getConditions().add(createOneTimeUse());
+        }
+        
+        if (conditionsBean.getProxyRestriction() != null) {
+            conditions.getConditions().add(createProxyRestriction(conditionsBean.getProxyRestriction()));
+        }
         return conditions;
     }
 
@@ -239,6 +249,53 @@ public final class SAML2ComponentBuilder
         audienceRestriction.getAudiences().add(audience);
         return audienceRestriction;
     }
+    
+    /**
+     * Create a OneTimeUse object
+     *
+     * @return a OneTimeUse object
+     */
+    @SuppressWarnings("unchecked")
+    public static OneTimeUse createOneTimeUse() {
+        if (oneTimeUseBuilder == null) {
+            oneTimeUseBuilder = (SAMLObjectBuilder<OneTimeUse>) 
+                builderFactory.getBuilder(OneTimeUse.DEFAULT_ELEMENT_NAME);
+        }
+       
+        return oneTimeUseBuilder.buildObject();
+    }
+    
+    /**
+     * Create a ProxyRestriction object
+     *
+     * @return a ProxyRestriction object
+     */
+    @SuppressWarnings("unchecked")
+    public static ProxyRestriction createProxyRestriction(ProxyRestrictionBean proxyRestrictionBean)
{
+        if (proxyRestrictionBuilder == null) {
+            proxyRestrictionBuilder = (SAMLObjectBuilder<ProxyRestriction>) 
+                builderFactory.getBuilder(ProxyRestriction.DEFAULT_ELEMENT_NAME);
+        }
+        
+        ProxyRestriction proxyRestriction = proxyRestrictionBuilder.buildObject();
+        if (proxyRestrictionBean.getCount() > 0) {
+            proxyRestriction.setProxyCount(proxyRestrictionBean.getCount());
+        }
+        
+        if (!proxyRestrictionBean.getAudienceURIs().isEmpty()) {
+            if (audienceBuilder == null) {
+                audienceBuilder = (SAMLObjectBuilder<Audience>) 
+                    builderFactory.getBuilder(Audience.DEFAULT_ELEMENT_NAME);
+            }
+            for (String audienceURI : proxyRestrictionBean.getAudienceURIs()) {
+                Audience audience = audienceBuilder.buildObject();
+                audience.setAudienceURI(audienceURI);
+                proxyRestriction.getAudiences().add(audience);
+            }
+        }
+        
+        return proxyRestriction;
+    }
 
     /**
      * Create SAML 2 Authentication Statement(s).

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java?rev=1524103&r1=1524102&r2=1524103&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
Tue Sep 17 15:52:41 2013
@@ -19,9 +19,16 @@
 
 package org.apache.wss4j.dom.saml;
 
+import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.ProxyRestrictionBean;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.WSSecurityEngine;
@@ -31,11 +38,6 @@ import org.apache.wss4j.dom.common.SAML1
 import org.apache.wss4j.dom.common.SAML2CallbackHandler;
 import org.apache.wss4j.dom.common.SOAPUtil;
 import org.apache.wss4j.dom.common.SecurityTestUtil;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLUtil;
-import org.apache.wss4j.common.saml.bean.ConditionsBean;
-import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.message.WSSecSAMLToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
@@ -233,6 +235,88 @@ public class SamlConditionsTest extends 
     }
     
     /**
+     * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+     * with a OneTimeUse Element
+     */
+    @org.junit.Test
+    public void testSAML2OneTimeUse() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        ConditionsBean conditions = new ConditionsBean();
+        conditions.setTokenPeriodMinutes(5);
+        conditions.setOneTimeUse(true);
+            
+        callbackHandler.setConditions(conditions);
+        
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, samlAssertion, secHeader);
+
+        String outputString = 
+            XMLUtils.PrettyDocumentToString(unsignedDoc);
+        assertTrue(outputString.contains("OneTimeUse"));
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(outputString);
+        }
+        
+        verify(unsignedDoc);
+    }
+    
+    /**
+     * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+     * with a ProxyRestriction Element
+     */
+    @org.junit.Test
+    public void testSAML2ProxyRestriction() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        ConditionsBean conditions = new ConditionsBean();
+        conditions.setTokenPeriodMinutes(5);
+        ProxyRestrictionBean proxyRestriction = new ProxyRestrictionBean();
+        List<String> audiences = new ArrayList<String>();
+        audiences.add("http://apache.org/one");
+        audiences.add("http://apache.org/two");
+        proxyRestriction.getAudienceURIs().addAll(audiences);
+        proxyRestriction.setCount(5);
+        conditions.setProxyRestriction(proxyRestriction);
+        
+        callbackHandler.setConditions(conditions);
+        
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, samlAssertion, secHeader);
+
+        String outputString = 
+            XMLUtils.PrettyDocumentToString(unsignedDoc);
+        assertTrue(outputString.contains("ProxyRestriction"));
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(outputString);
+        }
+        
+        verify(unsignedDoc);
+    }
+    
+    /**
      * Verifies the soap envelope
      * <p/>
      * 



Mime
View raw message