Author: dimuthul
Date: Thu Feb 7 00:23:40 2008
New Revision: 13382
Log:
Adding SAML2.0 token generation.
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
Thu Feb 7 00:23:40 2008
@@ -1,38 +1,65 @@
package org.wso2.solutions.identity.sts.saml;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.signature.XMLSignature;
import org.joda.time.DateTime;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallerFactory;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Element;
+import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.sts.IdentityProviderData;
+import org.wso2.solutions.identity.sts.IdentityProviderData.RequestedClaimData;
public class SAML2TokenBuilder implements SAMLTokenBuilder {
-
- private static Log log = LogFactory.getLog(SAML2TokenBuilder.class);
-
- private AttributeStatement attributeStatement = null;
-
- public void createSAMLAssertion(DateTime notAfter, DateTime notBefore,
- String assertionId) throws IdentityProviderException{
-
- // String[] confirmationMethods = new String[] {
SAMLSubject.CONF_HOLDER_KEY };
- // SAMLSubject subject = new SAMLSubject(null, Arrays//
- // .asList(confirmationMethods), null, null);
-
- }
+ private static Log log = LogFactory.getLog(SAML2TokenBuilder.class);
- public void createStatement(IdentityProviderData ipData, RahasData
rahasData) throws IdentityProviderException{
- // The SAMLSubject
-/* if (log.isDebugEnabled()) {
+ private Assertion assertion = null;
+ private AttributeStatement attributeStmt = null;
+ private List signatureList = new ArrayList();
+ private Element signedAssertion = null;
+
+ public static final String CONF_KEY =
"urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
+
+ public void createStatement(IdentityProviderData ipData, RahasData
rahasData)
+ throws IdentityProviderException {
+ if (log.isDebugEnabled()) {
log.debug("Begin SAML statement creation.");
}
-
- attributeStatement = (AttributeStatement)
SAMLTokenDirector.buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ attributeStmt = (AttributeStatement)
buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+
Map mapClaims = ipData.getRequestedClaims();
Iterator ite = mapClaims.values().iterator();
@@ -43,40 +70,106 @@
if (uri.equals(IdentityConstants.CLAIM_PPID)) {
// Get this user's PPID
String name = ipData.getUserIdentifier();
- claim.value = SAMLTokenDirector.createPPID(rahasData, name,
rahasData
- .getAppliesToEpr());
+ claim.value = SAMLTokenDirector.createPPID(rahasData, name,
+ rahasData.getAppliesToEpr());
}
-
+
int index = uri.lastIndexOf("/");
- String attributeName = uri.substring(index + 1, uri.length());
+ String attrName = uri.substring(index + 1, uri.length());
String attrNamespace = uri.substring(0, index);
-
- Attribute attribute = (Attribute)
SAMLTokenDirector.buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
- XSStringBuilder stringBuilder = (XSStringBuilder) Configuration
- .getBuilderFactory().getBuilder(XSString.TYPE_NAME);
- XSString stringValue = stringBuilder.buildObject(
+
+ Attribute attribute = (Attribute)
buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
+ attribute.setName(attrName);
+ attribute.setNameFormat(attrNamespace);
+
+ XMLObjectBuilderFactory builderFactory = Configuration
+ .getBuilderFactory();
+ XSStringBuilder attributeValueBuilder = (XSStringBuilder)
builderFactory
+ .getBuilder(XSString.TYPE_NAME);
+
+ XSString stringValue = attributeValueBuilder.buildObject(
AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-
stringValue.setValue(claim.value);
attribute.getAttributeValues().add(stringValue);
-
- attributeStatement.getAttributes().add(attribute);
-
- }*/
+ attributeStmt.getAttributes().add(attribute);
+ }
}
- public Element getSAMLasDOM() {
- // TODO Auto-generated method stub
- return null;
+ public void createSAMLAssertion(DateTime notAfter, DateTime notBefore,
+ String assertionId) throws IdentityProviderException {
+ assertion = (Assertion) buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
+ Conditions conditions = (Conditions)
buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
+ conditions.setNotBefore(notBefore);
+ conditions.setNotOnOrAfter(notAfter);
+
+ ServerConfiguration config = ServerConfiguration.getInstance();
+ String host = "http://"; + config.getFirstProperty("HostName");
+
+ Issuer issuer = (Issuer) buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
+ assertion.setIssuer(issuer);
+ /*
+ * TODO : is this needed ??? AudienceRestriction audience =
+ * (AudienceRestriction)
+ *
SAMLTokenDirector.buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
+ * audience. conditions.getAudienceRestrictionConditions()
+ */
+ assertion.setConditions(conditions);
+
+ assertion.getAttributeStatements().add(this.attributeStmt);
+ assertion.setID(assertionId);
+
+ Subject subject = (Subject)
buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
+ SubjectConfirmation subjectConf = (SubjectConfirmation)
buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
+ SubjectConfirmationData confData = (SubjectConfirmationData)
buildXMLObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
+ confData.setAddress(CONF_KEY);
+ subjectConf.setSubjectConfirmationData(confData);
+ subject.getSubjectConfirmations().add(subjectConf);
+ assertion.setSubject(subject);
+
}
- public void marshellAndSign() {
- // TODO Auto-generated method stub
+ public void setSignature(String signatureAlgorithm, X509Credential cred)
+ throws IdentityProviderException {
+ Signature signature = (Signature)
buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
+ signature.setSigningCredential(cred);
+ signature.setSignatureAlgorithm(XMLSignature.ALGO_ID_SIGNATURE_RSA);
+ signature
+
.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ assertion.setSignature(signature);
+ signatureList.add(signature);
}
- public void setSignature(String signatureAlgorithm, X509Credential cred) {
- // TODO Auto-generated method stub
+ public void marshellAndSign() throws IdentityProviderException {
+ try {
+ MarshallerFactory marshallerFactory = Configuration
+ .getMarshallerFactory();
+ Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
+ signedAssertion = marshaller.marshall(assertion);
+
+ Signer.signObjects(signatureList);
+
+ } catch (MarshallingException e) {
+ log.debug(e);
+ throw new IdentityProviderException("errorMarshellingOrSigning",
e);
+ }
+ }
+
+ public Element getSAMLasDOM() throws IdentityProviderException {
+ return signedAssertion;
+ }
+
+ protected static XMLObject buildXMLObject(QName objectQName)
+ throws IdentityProviderException {
+ XMLObjectBuilder builder = Configuration.getBuilderFactory()
+ .getBuilder(objectQName);
+ if (builder == null) {
+ throw new IdentityProviderException(
+ "Unable to retrieve builder for object QName "
+ + objectQName);
+ }
+ return builder.buildObject(objectQName.getNamespaceURI(), objectQName
+ .getLocalPart(), objectQName.getPrefix());
}
}
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/saml/relyingparty/tokens/SAML1TokenHolder.java
Thu Feb 7 00:23:40 2008
@@ -25,24 +25,6 @@
private boolean isMultipleValues = false;
private static Log log = LogFactory.getLog(SAML1TokenHolder.class);
-
- /*
- static {
- try {
- Class clazz = Configuration.class;
- XMLConfigurator configurator = new XMLConfigurator();
- String[] providerConfigs = {"conf/saml1-assertion-config.xml"};
- for (String config : providerConfigs) {
- configurator.load(new FileInputStream(config));
- }
- }catch (FileNotFoundException e){
- log.debug(e);
- throw new RuntimeException(e);
- }catch (ConfigurationException e) {
- log.debug(e);
- throw new RuntimeException(e);
- }
- }*/
/**
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
