Author: dimuthul
Date: Thu Jan 10 18:35:39 2008
New Revision: 12122
Log:
Key store for many users. - Issue 168
Added:
trunk/solutions/identity/modules/identity-provider/conf/userRP.jks
(contents, props changed)
Modified:
trunk/solutions/identity/modules/distribution/src/assemble/assembly-bin.xml
trunk/solutions/identity/modules/identity-provider/conf/wsas-server.xml
trunk/solutions/identity/modules/identity-provider/conf/wso2identity.hbm.xml
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/IdentityProviderConstants.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/Initializer.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/admin/KeystoreUtilAdmin.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/admin/RelyingPartyAdmin.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/IPPersistenceManager.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/dao/UserPersonalRelyingPartyDAO.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/dataobject/PPIDValueDO.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
trunk/solutions/identity/modules/identity-provider/src/test/resources/wso2identity.hbm.xml
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowMainAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UploadRelyingPartyCertificateAction.java
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/main.jsp
Modified:
trunk/solutions/identity/modules/distribution/src/assemble/assembly-bin.xml
==============================================================================
--- trunk/solutions/identity/modules/distribution/src/assemble/assembly-bin.xml
(original)
+++ trunk/solutions/identity/modules/distribution/src/assemble/assembly-bin.xml
Thu Jan 10 18:35:39 2008
@@ -99,7 +99,7 @@
<exclude>**/conf/server.xml</exclude>
<exclude>**/conf/**.jks</exclude>
<exclude>**/conf/**.jks</exclude>
- <exclude>**/conf/log4j.properties</exclude>
+ <exclude>**/conf/log4j.properties</exclude>
<exclude>**/rampart/**</exclude>
<exclude>**/samples/**</exclude>
<exclude>**/lib/rampart-**</exclude>
@@ -289,8 +289,8 @@
<outputDirectory>${identity.solution.home.dir}/conf</outputDirectory>
</file>
- <file>
- <source>../identity-provider/conf/wso2isidps.jks</source>
+ <file>
+ <source>../identity-provider/conf/userRP.jks</source>
<outputDirectory>${identity.solution.home.dir}/conf</outputDirectory>
</file>
Added: trunk/solutions/identity/modules/identity-provider/conf/userRP.jks
==============================================================================
Binary file. No diff available.
Modified:
trunk/solutions/identity/modules/identity-provider/conf/wsas-server.xml
==============================================================================
--- trunk/solutions/identity/modules/identity-provider/conf/wsas-server.xml
(original)
+++ trunk/solutions/identity/modules/identity-provider/conf/wsas-server.xml
Thu Jan 10 18:35:39 2008
@@ -158,13 +158,13 @@
<KeyPassword>wso2is</KeyPassword>
</KeyStore>
- <IDPKeyStore>
- <Location>${wso2wsas.home}/conf/wso2isidps.jks</Location>
+ <UserTrustedRPStore>
+ <Location>${wso2wsas.home}/conf/userRP.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
- <Password>wso2isidps</Password>
- </IDPKeyStore>
+ <Password>userRP</Password>
+ </UserTrustedRPStore>
<!--
The directory under which all other KeyStore files will be stored
Modified:
trunk/solutions/identity/modules/identity-provider/conf/wso2identity.hbm.xml
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/conf/wso2identity.hbm.xml
(original)
+++
trunk/solutions/identity/modules/identity-provider/conf/wso2identity.hbm.xml
Thu Jan 10 18:35:39 2008
@@ -5,6 +5,20 @@
<hibernate-mapping>
+
+ <!-- #################################################### -->
+ <!-- # UserTrustedRP(user_trusted_rp)
# -->
+ <!-- #################################################### -->
+ <class
name="org.wso2.solutions.identity.persistence.dataobject.UserTrustedRPDO"
+ table="user_trusted_rp">
+ <id name="id" column="id">
+ <generator class="native"/>
+ </id>
+ <property name="lastUpdatedTime" type="timestamp"
column="c_last_updated" not-null="true"/>
+ <property name="userId" column="user_id" not-null="true"/>
+ <property name="hostName" column="host_name" not-null="true"/>
+ </class>
+
<!-- #################################################### -->
<!-- # IssuedTokensDO(issued_tokens)
# -->
<!-- #################################################### -->
@@ -194,34 +208,8 @@
<property name="ppid" column="value" unique="true"/>
</class>
-
- <!-- #################################################### -->
- <!-- ###UserPersonalRelyingPartyDO(user_relying_party)### -->
- <!-- #################################################### -->
- <class
name="org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyDO"
- table="user_relying_party">
- <id name="id" column="id">
- <generator class="native"/>
- </id>
- <property name="lastUpdatedTime" type="timestamp"
column="c_last_updated" not-null="true"/>
-
- <component name="identifier"
-
class="org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyIdentifier"
- unique="true">
- <property name="hostName" column="host_name" not-null="true"/>
- <property name="userId" column="user_id" not-null="true"/>
- </component>
- <property name="storeName" column="store_name" not-null="false"/>
- <property name="alias" column="store_alias" not-null="false"/>
-
- <set name="ppidValues" inverse="true" cascade="all">
- <key column="personal_rp_id"/>
- <one-to-many
class="org.wso2.solutions.identity.persistence.dataobject.PPIDValueDO"/>
- </set>
- </class>
-
<!-- #################################################### -->
- <!-- ##### RelyingPartyDO(relying_party) ##### -->
+ <!-- ##### RelyingPartyDO(relying_party) ##### -->
<!-- #################################################### -->
<class
name="org.wso2.solutions.identity.persistence.dataobject.RelyingPartyDO"
table="relying_party">
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/IdentityProviderConstants.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/IdentityProviderConstants.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/IdentityProviderConstants.java
Thu Jan 10 18:35:39 2008
@@ -169,7 +169,25 @@
public final static String PARAM_NAME_EMAIL_PASSWORD = "email_password";
public final static String PARAM_NAME_EMAIL_VERIFICATION_EPR = "email_epr";
+
+ public final static String DEFAULT_IDENTITY_KEYSTORE_NAME = "wso2is.jks";
+ public final static String USER_TRUSTED_RP_KEYSTORE_NAME = "userRP.jks";
+
+ /**
+ * Server Config data retrieval Strings.
+ */
+ public static class ServerConfig{
+
+ public final static String USER_TRUSTED_RP_STORE_LOCATION =
"Security.UserTrustedRPStore.Location";
+
+ public final static String USER_TRUSTED_RP_STORE_PASSWORD =
"Security.UserTrustedRPStore.Password";
+
+ public final static String USER_TRUSTED_RP_STORE_TYPE =
"Security.UserTrustedRPStore.Type";
+
+
+
+ }
/**
* Sample related constants of the identity provider
*/
@@ -205,6 +223,7 @@
public final static String DRIVER =
"org.apache.derby.jdbc.EmbeddedDriver";
public final static String SQL_STATEMENTS_FILE_PATH =
"user.default.sql.properties";
+
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/Initializer.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/Initializer.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/Initializer.java
Thu Jan 10 18:35:39 2008
@@ -35,7 +35,6 @@
import
org.wso2.solutions.identity.persistence.dataobject.RealmConfigurationPropertyDO;
import org.wso2.solutions.identity.persistence.dataobject.RealmDO;
import org.wso2.solutions.identity.persistence.dataobject.RelyingPartyDO;
-import org.wso2.solutions.identity.persistence.dataobject.VerifierServiceIdpDO;
import org.wso2.solutions.identity.users.wsas.WSASRealm;
import org.wso2.usermanager.Realm;
import org.wso2.usermanager.custom.jdbc.JDBCRealm;
@@ -107,13 +106,8 @@
rp.setAlias(serverConfig
.getFirstProperty("Security.KeyStore.KeyAlias"));
db.create(rp);
-
- // // remove the below 4 lines after dumindoo's fix
- VerifierServiceIdpDO idp = new VerifierServiceIdpDO();
- idp.setHostName("localhost");
- idp.setGlobal(true);
- db.create(idp);
-
+
+
}
initializeEmailVerifier();
@@ -418,5 +412,7 @@
db.create(act);
}
}
+
+
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/admin/KeystoreUtilAdmin.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/admin/KeystoreUtilAdmin.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/admin/KeystoreUtilAdmin.java
Thu Jan 10 18:35:39 2008
@@ -16,17 +16,19 @@
package org.wso2.solutions.identity.admin;
-import org.wso2.solutions.identity.IdentityProviderException;
-import org.wso2.utils.ServerConfiguration;
-
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
+import org.wso2.solutions.identity.IdentityProviderConstants;
+import org.wso2.solutions.identity.IdentityProviderException;
+import org.wso2.utils.ServerConfiguration;
+
public class KeystoreUtilAdmin {
- public boolean isCertExists(X509Certificate cert) throws
IdentityProviderException {
+ public boolean isCertExists(X509Certificate cert)
+ throws IdentityProviderException {
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
String storeFilePath = serverConfig
@@ -47,7 +49,7 @@
new String[] { storeFilePath }, e);
}
}
-
+
public String importCert(X509Certificate cert)
throws IdentityProviderException {
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
@@ -56,46 +58,126 @@
String type = serverConfig.getFirstProperty("Security.KeyStore.Type");
String passwd = serverConfig
.getFirstProperty("Security.KeyStore.Password");
- return importCert(cert, storeFilePath, passwd, type);
-
- }
-
- public String importCert(X509Certificate cert, String storeFilePath,
- String passwd, String storeType) throws IdentityProviderException {
+ String alias = null;
try {
-
FileInputStream is = new FileInputStream(storeFilePath);
-
- KeyStore store = KeyStore.getInstance(storeType);
-
+ KeyStore store = KeyStore.getInstance(type);
store.load(is, passwd.toCharArray());
-
- String alias = getAlias(cert);
-
- if(store.getCertificate(alias) != null) {
+ alias = getAlias(cert);
+ if (store.getCertificate(alias) != null) {
throw new IdentityProviderException("relyingPartyExists",
new String[] { alias });
}
-
store.setCertificateEntry(alias, cert);
-
FileOutputStream os = new FileOutputStream(storeFilePath);
store.store(os, passwd.toCharArray());
os.flush();
+ } catch (Exception e) {
+ throw new IdentityProviderException("errorInKeystoreAccess",
+ new String[] { storeFilePath }, e);
+ }
+
+ return alias;
- return alias;
+ }
+
+ public String importCertToUserTrustStore(X509Certificate cert)
+ throws IdentityProviderException {
+ ServerConfiguration serverConfig = ServerConfiguration.getInstance();
+ String storeFilePath = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_LOCATION);
+ String type = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_TYPE);
+ String passwd = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_PASSWORD);
+ String alias = null;
+ try {
+ FileInputStream is = new FileInputStream(storeFilePath);
+ KeyStore store = KeyStore.getInstance(type);
+ store.load(is, passwd.toCharArray());
+ alias = getAlias(cert);
+ if (store.getCertificate(alias) == null) {
+ // then import
+ store.setCertificateEntry(alias, cert);
+ FileOutputStream os = new FileOutputStream(storeFilePath);
+ store.store(os, passwd.toCharArray());
+ os.flush();
+ }
} catch (Exception e) {
- throw new IdentityProviderException("errorInCertImport", e);
+ throw new IdentityProviderException("errorInKeystoreAccess",
+ new String[] { storeFilePath }, e);
}
+
+ return alias;
}
- public void removeCertEntry(String alias) throws IdentityProviderException
{
+ public X509Certificate getCertificateFromUserTrustedRP(String alias)
+ throws IdentityProviderException {
+ ServerConfiguration serverConfig = ServerConfiguration.getInstance();
+ String storeFilePath = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_LOCATION);
+ String type = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_TYPE);
+ String passwd = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_PASSWORD);
+ X509Certificate cert = null;
+ try {
+ FileInputStream is = new FileInputStream(storeFilePath);
+ KeyStore store = KeyStore.getInstance(type);
+ store.load(is, passwd.toCharArray());
+ cert = (X509Certificate)store.getCertificate(alias);
+ } catch (Exception e) {
+ throw new IdentityProviderException("errorInKeystoreAccess",
+ new String[] { storeFilePath }, e);
+ }
+
+ return cert;
+ }
+
+ /**
+ * Removes the Certificat
+ *
+ * @param alias
+ * @throws IdentityProviderException
+ */
+ public void deleteRelyingParty(String alias) throws
IdentityProviderException {
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
String storeFilePath = serverConfig
.getFirstProperty("Security.KeyStore.Location");
String type = serverConfig.getFirstProperty("Security.KeyStore.Type");
String passwd = serverConfig
.getFirstProperty("Security.KeyStore.Password");
+ try {
+ FileInputStream is = new FileInputStream(storeFilePath);
+
+ KeyStore store = KeyStore.getInstance(type);
+
+ store.load(is, passwd.toCharArray());
+
+ if (store.containsAlias(alias) && !store.isKeyEntry(alias)) {
+ // If this is not the private key entry remove it
+ store.deleteEntry(alias);
+ }
+ } catch (Exception e) {
+ throw new IdentityProviderException("errorInKeystoreAccess",
+ new String[] { storeFilePath }, e);
+ }
+ }
+
+ /**
+ * Removes the Certificat from User trusted RP
+ *
+ * @param alias
+ * @throws IdentityProviderException
+ */
+ public void removeCertEntryFromUserTrustedRP(String alias) throws
IdentityProviderException {
+ ServerConfiguration serverConfig = ServerConfiguration.getInstance();
+ String storeFilePath = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_LOCATION);
+ String type = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_TYPE);
+ String passwd = serverConfig
+
.getFirstProperty(IdentityProviderConstants.ServerConfig.USER_TRUSTED_RP_STORE_PASSWORD);
try {
FileInputStream is = new FileInputStream(storeFilePath);
@@ -103,9 +185,9 @@
KeyStore store = KeyStore.getInstance(type);
store.load(is, passwd.toCharArray());
-
- if(store.containsAlias(alias) && !store.isKeyEntry(alias)) {
- //If this is not the private key entry remove it
+
+ if (store.containsAlias(alias) && !store.isKeyEntry(alias)) {
+ // If this is not the private key entry remove it
store.deleteEntry(alias);
}
} catch (Exception e) {
@@ -113,7 +195,7 @@
new String[] { storeFilePath }, e);
}
}
-
+
private String getAlias(X509Certificate cert) throws Exception {
// Alias should be the host name
String name = cert.getSubjectDN().getName();
@@ -132,5 +214,5 @@
}
return alias;
}
-
+
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/admin/RelyingPartyAdmin.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/admin/RelyingPartyAdmin.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/admin/RelyingPartyAdmin.java
Thu Jan 10 18:35:39 2008
@@ -23,7 +23,8 @@
import org.wso2.solutions.identity.i18n.Messages;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.RelyingPartyDO;
-import
org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyDO;
+import org.wso2.solutions.identity.persistence.dataobject.UserTrustedRPDO;
+
public class RelyingPartyAdmin {
@@ -56,7 +57,7 @@
}
- public void create(UserPersonalRelyingPartyDO rp) throws AxisFault {
+ public void create(UserTrustedRPDO rp) throws AxisFault {
try {
dbMan.create(rp);
} catch (IdentityProviderException e) {
@@ -80,14 +81,14 @@
//remove from keystore
KeystoreUtilAdmin ksAdmin = new KeystoreUtilAdmin();
- ksAdmin.removeCertEntry(rp.getHostName());
+ ksAdmin.deleteRelyingParty(rp.getHostName());
}
public RelyingPartyDO findRelyingParty(Long id) {
return (RelyingPartyDO) dbMan.getDataObject("RelyingPartyDO", id);
}
- public UserPersonalRelyingPartyDO[] getAllPersonalRelyingParties(
+ public UserTrustedRPDO[] getAllPersonalRelyingParties(
String userId) {
return dbMan.getAllPersonalRelyingParties(userId);
}
@@ -99,11 +100,12 @@
*/
public void removePersonalRelyingParty(String user, String hostName)
throws IdentityProviderException {
- UserPersonalRelyingPartyDO rpDO = dbMan.getPersonalRelyingParty(user,
hostName);
+ UserTrustedRPDO rpDO = dbMan.getPersonalRelyingParty(user, hostName);
dbMan.delete(rpDO);
-
+
KeystoreUtilAdmin ksAdmin = new KeystoreUtilAdmin();
- ksAdmin.removeCertEntry(hostName);
+ ksAdmin.removeCertEntryFromUserTrustedRP(hostName);
+
}
}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/IPPersistenceManager.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/IPPersistenceManager.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/IPPersistenceManager.java
Thu Jan 10 18:35:39 2008
@@ -51,7 +51,7 @@
import
org.wso2.solutions.identity.persistence.dataobject.RegisteredInfoCardInfoDO;
import org.wso2.solutions.identity.persistence.dataobject.RelyingPartyDO;
import org.wso2.solutions.identity.persistence.dataobject.RevokedInfoCardDO;
-import
org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyDO;
+import org.wso2.solutions.identity.persistence.dataobject.UserTrustedRPDO;
import org.wso2.solutions.identity.persistence.dataobject.VerifierServiceIdpDO;
import org.wso2.solutions.identity.persistence.dataobject.VerifierServiceRPDO;
@@ -245,7 +245,7 @@
return (new RelyingPartyDAO(hbConfig)).getRelyingPartyDO(url);
}
- public UserPersonalRelyingPartyDO getPersonalRelyingParty(String userId,
+ public UserTrustedRPDO getPersonalRelyingParty(String userId,
String hostName) {
return (new UserPersonalRelyingPartyDAO(hbConfig))
.getPersonalRelyingParty(userId, hostName);
@@ -334,7 +334,7 @@
return dao.getAllRevokedInfoCards();
}
- public UserPersonalRelyingPartyDO[] getAllPersonalRelyingParties(
+ public UserTrustedRPDO[] getAllPersonalRelyingParties(
String userId) {
UserPersonalRelyingPartyDAO dao = new UserPersonalRelyingPartyDAO(
hbConfig);
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/dao/UserPersonalRelyingPartyDAO.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/dao/UserPersonalRelyingPartyDAO.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/dao/UserPersonalRelyingPartyDAO.java
Thu Jan 10 18:35:39 2008
@@ -16,13 +16,12 @@
package org.wso2.solutions.identity.persistence.dao;
-import org.hibernate.Query;
+import java.util.List;
+
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.wso2.solutions.identity.persistence.HibernateConfig;
-import
org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyDO;
-
-import java.util.List;
+import org.wso2.solutions.identity.persistence.dataobject.UserTrustedRPDO;
public class UserPersonalRelyingPartyDAO extends BaseDAO {
@@ -30,50 +29,53 @@
super(config);
}
- public UserPersonalRelyingPartyDO[] getAllPersonalRelyingParties(
+ public UserTrustedRPDO[] getAllPersonalRelyingParties(
String userId) {
Session session = hbConfig.getCurrentSession();
Transaction tx = session.beginTransaction();
- String stmt = "from UserPersonalRelyingPartyDO as rp where
rp.identifier.userId = '"
- + userId + "'";
+ String stmt = "from UserTrustedRPDO as utrp where utrp.userId = '"
+ + userId + "'";
+ UserTrustedRPDO[] rps = new UserTrustedRPDO[0];
try {
- Query query = session.createQuery(stmt);
- List lst = query.list();
- return (UserPersonalRelyingPartyDO[]) lst
- .toArray(new UserPersonalRelyingPartyDO[lst.size()]);
-
+ List lst = (List) session.createQuery(stmt).list();
+ if(lst.size()>0){
+ rps = (UserTrustedRPDO[])
+ lst.toArray(new UserTrustedRPDO[lst.size()]);
+ }
+ tx.commit();
} catch (Throwable e) {
tx.rollback();
- String msg = messages
- .getMessage("errorQuerryingUserPersonalRelyingParty");
+ String msg = messages.getMessage("errorQuerryingClaimData");
log.error(msg, e);
throw new RuntimeException(msg, e);
} finally {
hbConfig.closeSession();
}
+ return rps;
}
- public UserPersonalRelyingPartyDO getPersonalRelyingParty(String userId,
+ public UserTrustedRPDO getPersonalRelyingParty(String userId,
String hostName) {
Session session = hbConfig.getCurrentSession();
Transaction tx = session.beginTransaction();
- String stmt = "from UserPersonalRelyingPartyDO as rp where
rp.identifier.userId = '"
- + userId + "' and rp.identifier.hostName = '" + hostName + "'";
+ String stmt = "from UserTrustedRPDO as utrp where utrp.userId = '"
+ + userId + "' and utrp.hostName = '"+ hostName+"'";
+ UserTrustedRPDO rp = null;
try {
- Query query = session.createQuery(stmt);
- return (UserPersonalRelyingPartyDO)query.uniqueResult();
-
+ rp = (UserTrustedRPDO)session.createQuery(stmt).uniqueResult();
+ tx.commit();
} catch (Throwable e) {
tx.rollback();
- String msg = messages
- .getMessage("errorQuerryingUserPersonalRelyingParty");
+ String msg = messages.getMessage("errorQuerryingClaimData");
log.error(msg, e);
throw new RuntimeException(msg, e);
} finally {
hbConfig.closeSession();
}
+
+ return rp;
}
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/dataobject/PPIDValueDO.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/dataobject/PPIDValueDO.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/persistence/dataobject/PPIDValueDO.java
Thu Jan 10 18:35:39 2008
@@ -22,7 +22,7 @@
*/
RelyingPartyDO relyingParty = null;
- UserPersonalRelyingPartyDO personalRelyingParty = null;
+ UserTrustedRPDO personalRelyingParty = null;
String userId = null;
@@ -52,12 +52,12 @@
this.userId = userId;
}
- public UserPersonalRelyingPartyDO getPersonalRelyingParty() {
+ public UserTrustedRPDO getPersonalRelyingParty() {
return personalRelyingParty;
}
public void setPersonalRelyingParty(
- UserPersonalRelyingPartyDO personalRelyingParty) {
+ UserTrustedRPDO personalRelyingParty) {
this.personalRelyingParty = personalRelyingParty;
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityProviderData.java
Thu Jan 10 18:35:39 2008
@@ -48,13 +48,14 @@
import org.wso2.solutions.identity.IdentityProviderConstants;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.UserStore;
+import org.wso2.solutions.identity.admin.KeystoreUtilAdmin;
import org.wso2.solutions.identity.admin.RegisteredInfoCardInfoAdmin;
import org.wso2.solutions.identity.admin.RelyingPartyAdmin;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.ClaimDO;
import
org.wso2.solutions.identity.persistence.dataobject.RegisteredInfoCardInfoDO;
import org.wso2.solutions.identity.persistence.dataobject.RelyingPartyDO;
-import
org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyDO;
+import org.wso2.solutions.identity.persistence.dataobject.UserTrustedRPDO;
import org.wso2.wsas.persistence.PersistenceManager;
import org.wso2.wsas.persistence.dataobject.KeyStoreDO;
@@ -86,11 +87,11 @@
private X509Certificate rpCert;
private static KeyStore cacerts;
-
+
private String userIdentifier = null;
-
+
private String primaryId = null;
-
+
/**
* Populate CardSpace specific meta-data.
*
@@ -116,9 +117,12 @@
/**
* Extract the relying party certiicate and validate it.
- * @param data Information in the RST extracted by Rahas.
+ *
+ * @param data
+ * Information in the RST extracted by Rahas.
*/
- private void extracAndValidatetRPCert(RahasData data) throws
IdentityProviderException {
+ private void extracAndValidatetRPCert(RahasData data)
+ throws IdentityProviderException {
OMElement eprElem = data.getAppliesToEpr();
OMElement idElem = eprElem.getFirstChildWithName(new QName(
IdentityConstants.IDENTITY_ADDRESSING_NS,
@@ -144,83 +148,65 @@
bais);
// Validate the rpCert
- if(cacerts == null) {
- String cacertsPath =
System.getProperty("java.home") + "/lib/security/cacerts";
- InputStream cacertsIs = new
FileInputStream(cacertsPath);
- cacerts =
KeyStore.getInstance(KeyStore.getDefaultType());
- cacerts.load(cacertsIs,
"changeit".toCharArray());
- }
-
- //Check whether the issuer of the RP cert is
- //a known CA
+ if (cacerts == null) {
+ String cacertsPath = System
+ .getProperty("java.home")
+ + "/lib/security/cacerts";
+ InputStream cacertsIs = new FileInputStream(
+ cacertsPath);
+ cacerts = KeyStore.getInstance(KeyStore
+ .getDefaultType());
+ cacerts.load(cacertsIs, "changeit"
+ .toCharArray());
+ }
+
+ // Check whether the issuer of the RP cert is
+ // a known CA
Principal issuer = receivedCert.getIssuerDN();
Vector issuerRDN = splitAndTrim(issuer.getName());
Enumeration aliasEnum = cacerts.aliases();
boolean trusted = false;
while (aliasEnum.hasMoreElements()) {
- String alilas = (String)
aliasEnum.nextElement();
- if(cacerts.isCertificateEntry(alilas)) {
- X509Certificate cert =
(X509Certificate)cacerts.getCertificate(alilas);
- Vector certRDN =
splitAndTrim(cert.getSubjectDN().getName());
- if(certRDN.equals(issuerRDN)) {
- //We have the issuer cert in our
trusted certs
+ String alilas = (String) aliasEnum
+ .nextElement();
+ if (cacerts.isCertificateEntry(alilas)) {
+ X509Certificate cert = (X509Certificate)
cacerts
+ .getCertificate(alilas);
+ Vector certRDN = splitAndTrim(cert
+ .getSubjectDN().getName());
+ if (certRDN.equals(issuerRDN)) {
+ // We have the issuer cert in our
+ // trusted certs
trusted = true;
this.rpCert = receivedCert;
-
- //If this relying party is not
registered
- //register it in the DB
- RelyingPartyAdmin rpAdmin = new
RelyingPartyAdmin();
- String hostName =
IdentityProviderUtil.getAppliesToHostName(data);
- if(rpAdmin.getRelyingParty(hostName)
== null) {
+
+ // If this relying party is not
+ // registered
+ // register it in the DB
+ RelyingPartyAdmin rpAdmin = new
RelyingPartyAdmin();
+ String hostName = IdentityProviderUtil
+ .getAppliesToHostName(data);
+ if (rpAdmin.getRelyingParty(hostName)
== null) {
rpAdmin.create(hostName);
}
break;
}
}
}
-
- if(!trusted) {
- //RP Cert is not a issued by a trusted CA
- //Check the globally trusted RPs and
- //Personal trusted RPs
-
- String host =
IdentityProviderUtil.getAppliesToHostName(data);
-
- IPPersistenceManager dbman =
IPPersistenceManager
- .getPersistanceManager();
- RelyingPartyDO rp =
dbman.getRelyingParty(host);
-
- String alias = null;
- if(rp != null) {
- //This is a globally trusted RP
- alias = rp.getAlias();
- } else {
- //If the RP is not trusted globally then
check personal RPs
- UserPersonalRelyingPartyDO userRp =
dbman.getPersonalRelyingParty(userIdentifier, host);
- if(userRp != null) {
- //Personal RP found
- alias = userRp.getAlias();
- }
- }
-
- if(alias == null) {
+
+ if (!trusted) {
+ // RP Cert is not a issued by a trusted CA
+ X509Certificate cert = this
+ .readRpCertFromStores(data);
+ if (cert == null) {
// We do not trust the RP
- throw new
IdentityProviderException("rpNotTrusted",
- new String[] { host });
- }
-
- // Get keystore name
- PersistenceManager pm = new
PersistenceManager();
- KeyStoreDO[] keystores = pm.getKeyStores();
- if (keystores.length == 0 || keystores.length
> 1) {
throw new IdentityProviderException(
- "invalidNumberOfKeystores");
+ "rpNotTrusted");
}
-
- X509Certificate cert =
(X509Certificate)KeyUtil.getCertificate(keystores[0].getKeyStoreName(), alias);
- //Match the cert to the incoming cert to
validate
- if(cert.equals(receivedCert)) {
+ // Match the cert to the incoming cert to
+ // validate
+ if (cert.equals(receivedCert)) {
this.rpCert = cert;
} else {
throw new IdentityProviderException(
@@ -230,13 +216,13 @@
Base64.encode(cert
.getEncoded()) });
}
-
+
}
-
+
} catch (IdentityProviderException e) {
throw e;
} catch (Exception e) {
- //all other exception
+ // all other exception
throw new IdentityProviderException(
"malformedBase64Certificate",
new String[] { base64Cert }, e);
@@ -263,7 +249,6 @@
}
}
-
private Vector splitAndTrim(String inString) {
X509NameTokenizer nmTokens = new X509NameTokenizer(inString);
Vector vr = new Vector();
@@ -275,12 +260,11 @@
return vr;
}
-
/**
* Process and extract information card reference.
*
* @param rst
- * RequestSecurityToken element
+ * RequestSecurityToken element
* @param data
*/
private void processInfoCardReference(OMElement rst)
@@ -382,7 +366,9 @@
}
/**
- * Obtain the user identifier depending on the authentication mechanism
used.
+ * Obtain the user identifier depending on the authentication mechanism
+ * used.
+ *
* @param rahasData
* @return Identifier of the user.
*/
@@ -420,7 +406,7 @@
// IdentityProviderException("signatureInfoMismatch",
// new String[] { ppidValue });
// }
-
+
} else {
throw new IdentityProviderException("alianPPID",
new String[] { ppidValue });
@@ -436,7 +422,7 @@
throw new IdentityProviderException("invalidAuthMechanism");
}
}
-
+
protected String getDisplayName(String URI) {
ClaimDO temp = (ClaimDO) claimObjs.get(URI);
return temp.getDisplayTag();
@@ -488,7 +474,7 @@
public String value;
public String uri;
-
+
public boolean bOptional;
}
@@ -505,7 +491,45 @@
this.userIdentifier = userIdentifier;
}
-
-
-
+ /**
+ * Retrives the Trusted RP certificate from Keystore.
+ * This cert is not signed by an accepted CA
+ *
+ * @param data
+ * @return
+ * @throws IdentityProviderException
+ */
+ private X509Certificate readRpCertFromStores(RahasData data)
+ throws IdentityProviderException {
+ X509Certificate cert = null;
+ String host = IdentityProviderUtil.getAppliesToHostName(data);
+
+ IPPersistenceManager dbman = IPPersistenceManager
+ .getPersistanceManager();
+ RelyingPartyDO rp = dbman.getRelyingParty(host);
+
+ String alias = null;
+ if (rp != null) {
+ // This is a globally trusted RP
+ alias = rp.getAlias();
+ // Get key store name
+ PersistenceManager pm = new PersistenceManager();
+ KeyStoreDO keystore = pm
+
.getKeyStore(IdentityProviderConstants.DEFAULT_IDENTITY_KEYSTORE_NAME);
+ cert = (X509Certificate) KeyUtil.getCertificate(keystore
+ .getKeyStoreName(), alias);
+
+ } else {
+ // If the RP is not trusted globally then
+ // check personal RPs
+ UserTrustedRPDO userRp = dbman.getPersonalRelyingParty(
+ userIdentifier, host);
+ if (userRp != null) {
+ alias = userRp.getHostName();
+ KeystoreUtilAdmin admin = new KeystoreUtilAdmin();
+ cert = admin.getCertificateFromUserTrustedRP(alias);
+ }
+ }
+ return cert;
+ }
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/IdentityTokenIssuer.java
Thu Jan 10 18:35:39 2008
@@ -586,7 +586,7 @@
hostName = ppidValueDOs[i].getRelyingParty().getHostName();
} else if (ppidValueDOs[i].getPersonalRelyingParty() != null) {
hostName = ppidValueDOs[i].getPersonalRelyingParty()
- .getIdentifier().getHostName();
+ .getHostName();
}
if (hostName == null) {
Modified:
trunk/solutions/identity/modules/identity-provider/src/test/resources/wso2identity.hbm.xml
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/test/resources/wso2identity.hbm.xml
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/test/resources/wso2identity.hbm.xml
Thu Jan 10 18:35:39 2008
@@ -5,6 +5,20 @@
<hibernate-mapping>
+
+ <!-- #################################################### -->
+ <!-- # UserTrustedRP(user_trusted_rp)
# -->
+ <!-- #################################################### -->
+ <class
name="org.wso2.solutions.identity.persistence.dataobject.UserTrustedRPDO"
+ table="user_trusted_rp">
+ <id name="id" column="id">
+ <generator class="native"/>
+ </id>
+ <property name="lastUpdatedTime" type="timestamp"
column="c_last_updated" not-null="true"/>
+ <property name="userId" column="user_id" not-null="true"/>
+ <property name="hostName" column="host_name" not-null="true"/>
+ </class>
+
<!-- #################################################### -->
<!-- # IssuedTokensDO(issued_tokens)
# -->
<!-- #################################################### -->
@@ -18,7 +32,7 @@
<property name="tokenType" column="token_type" not-null="true"/>
<property name="dateIssued" column="date_issued" not-null="true"/>
<property name="dateExpires" column="date_expires" not-null="true"/>
- <many-to-one name="card" column="card_id" not-null="true"/>
+ <many-to-one name="card" column="card" not-null="false"/>
</class>
<!-- #################################################### -->
@@ -189,39 +203,13 @@
<property name="lastUpdatedTime" type="timestamp"
column="c_last_updated" not-null="true"/>
<many-to-one name="relyingParty" column="rp_id"/>
- <many-to-one name="personalRelyingParty" column="personal_rp_id"/>
+ <many-to-one name="personalRelyingParty" column="personal_rp_id"/>
<property name="userId" column="user_id" not-null="true"/>
<property name="ppid" column="value" unique="true"/>
</class>
-
- <!-- #################################################### -->
- <!-- ###UserPersonalRelyingPartyDO(user_relying_party)### -->
- <!-- #################################################### -->
- <class
name="org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyDO"
- table="user_relying_party">
- <id name="id" column="id">
- <generator class="native"/>
- </id>
- <property name="lastUpdatedTime" type="timestamp"
column="c_last_updated" not-null="true"/>
-
- <component name="identifier"
-
class="org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyIdentifier"
- unique="true">
- <property name="hostName" column="host_name" not-null="true"/>
- <property name="userId" column="user_id" not-null="true"/>
- </component>
- <property name="storeName" column="store_name" not-null="false"/>
- <property name="alias" column="store_alias" not-null="false"/>
-
- <set name="ppidValues" inverse="true" cascade="all">
- <key column="personal_rp_id"/>
- <one-to-many
class="org.wso2.solutions.identity.persistence.dataobject.PPIDValueDO"/>
- </set>
- </class>
-
<!-- #################################################### -->
- <!-- ##### RelyingPartyDO(relying_party) ##### -->
+ <!-- ##### RelyingPartyDO(relying_party) ##### -->
<!-- #################################################### -->
<class
name="org.wso2.solutions.identity.persistence.dataobject.RelyingPartyDO"
table="relying_party">
@@ -251,8 +239,8 @@
<property name="cardId" column="card_Id" not-null="true"/>
<property name="dateIssued" column="date_Issued" not-null="true"/>
<property name="dateExpires" column="date_Expires" not-null="true"/>
- <set name="tokens" lazy="true">
- <key column="card_id"/>
+ <set name="tokens" lazy="true" cascade="all">
+ <key column="card"/>
<one-to-many
class="org.wso2.solutions.identity.persistence.dataobject.IssuedTokensDO"/>
</set>
</class>
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowMainAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowMainAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowMainAction.java
Thu Jan 10 18:35:39 2008
@@ -22,7 +22,7 @@
import org.wso2.solutions.identity.admin.RegisteredInfoCardInfoAdmin;
import org.wso2.solutions.identity.admin.RelyingPartyAdmin;
import org.wso2.solutions.identity.persistence.dataobject.ClaimDO;
-import
org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyDO;
+import org.wso2.solutions.identity.persistence.dataobject.UserTrustedRPDO;
import org.wso2.solutions.identity.user.ui.UIConstants;
import java.util.ArrayList;
@@ -49,7 +49,7 @@
Map session = ActionContext.getContext().getSession();
String user = (String) session.get(UIConstants.USER);
- this.personalRPs = Arrays.asList((UserPersonalRelyingPartyDO[]) admin
+ this.personalRPs = Arrays.asList((UserTrustedRPDO[]) admin
.getAllPersonalRelyingParties(user));
ClaimsAdmin ClaimsAdmin = new ClaimsAdmin();
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UploadRelyingPartyCertificateAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UploadRelyingPartyCertificateAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UploadRelyingPartyCertificateAction.java
Thu Jan 10 18:35:39 2008
@@ -16,14 +16,6 @@
package org.wso2.solutions.identity.user.ui.action;
-import org.wso2.solutions.identity.admin.KeystoreUtilAdmin;
-import org.wso2.solutions.identity.admin.RelyingPartyAdmin;
-import org.wso2.solutions.identity.admin.ReportAdmin;
-import org.wso2.solutions.identity.persistence.dataobject.ActionDO;
-import
org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyDO;
-import
org.wso2.solutions.identity.persistence.dataobject.UserPersonalRelyingPartyIdentifier;
-import org.wso2.solutions.identity.user.ui.UIConstants;
-
import java.io.File;
import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
@@ -31,9 +23,17 @@
import java.security.cert.X509Certificate;
import java.util.Map;
+import org.wso2.solutions.identity.admin.KeystoreUtilAdmin;
+import org.wso2.solutions.identity.admin.RelyingPartyAdmin;
+import org.wso2.solutions.identity.admin.ReportAdmin;
+import org.wso2.solutions.identity.persistence.dataobject.ActionDO;
+import org.wso2.solutions.identity.persistence.dataobject.UserTrustedRPDO;
+import org.wso2.solutions.identity.user.ui.UIConstants;
+
import com.opensymphony.xwork2.ActionContext;
-public class UploadRelyingPartyCertificateAction extends ManagedAction {
+public class UploadRelyingPartyCertificateAction
+ extends ManagedAction {
private static final long serialVersionUID = -2143108113462435214L;
@@ -50,29 +50,25 @@
KeystoreUtilAdmin ksAdmin = new KeystoreUtilAdmin();
X509Certificate cert = null;
-
+
try {
CertificateFactory factory = CertificateFactory
.getInstance("X.509");
cert = (X509Certificate) factory
- .generateCertificate(new FileInputStream(
- certificateFile));
+ .generateCertificate(new FileInputStream(certificateFile));
} catch (CertificateParsingException e) {
this.addErrorMessage(getText("cert-invalid"));
return ERROR;
}
- String alias = ksAdmin.importCert(cert);
- UserPersonalRelyingPartyDO rp = new UserPersonalRelyingPartyDO();
- rp.setAlias(alias);
- UserPersonalRelyingPartyIdentifier id = new
UserPersonalRelyingPartyIdentifier();
- id.setHostName(alias);
- id.setUserId(user);
- rp.setIdentifier(id);
+ String alias = ksAdmin.importCertToUserTrustStore(cert);
+ UserTrustedRPDO rp = new UserTrustedRPDO();
+ rp.setHostName(alias);
+ rp.setUserId(user);
RelyingPartyAdmin admin = new RelyingPartyAdmin();
admin.create(rp);
- ReportAdmin.record(user, ActionDO.ACTION_USER_ADD_RP, "RP="+alias);
+ ReportAdmin.record(user, ActionDO.ACTION_USER_ADD_RP, "RP=" + alias);
return SUCCESS;
}
Modified: trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/main.jsp
==============================================================================
--- trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/main.jsp
(original)
+++ trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/main.jsp
Thu Jan 10 18:35:39 2008
@@ -169,21 +169,17 @@
</tr>
</table>
- <div class="relying-parties-title">Personal Trusted Relying
- Parties</div>
- <table cellpadding="0" cellspacing="0" border="0"
class="data-table">
- <s:iterator value="personalRPs">
- <s:url id="removeRP" namespace="/"
action="RemoveRelyingParty">
- <s:param name="hostName"
value="identifier.hostName" />
- </s:url>
- <tr>
- <td><s:property
value="identifier.hostName" /></td>
- <td><s:a
href="%{removeRP}">Remove</s:a></td>
- </tr>
- </s:iterator>
- </table>
-
- </div>
+ <div class="relying-parties-title">Personal Trusted
Relying Parties</div>
+ <table cellpadding="0" cellspacing="0" border="0"
class="data-table">
+ <s:iterator value="personalRPs">
+ <s:url id="removeRP" namespace="/"
action="RemoveRelyingParty">
+ <s:param name="hostName" value="hostName" />
+ </s:url>
+ <tr><td><s:property
value="hostName"/></td><td><s:a href="%{removeRP}">Remove</s:a></td></tr>
+ </s:iterator>
+ </table>
+
+ </div>
<!-- New Ends Here --></td>
</tr>
</table>
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
