Author: prabath
Date: Tue Apr 1 03:02:12 2008
New Revision: 15440
Log:
Fixes for Promiscuous token validation
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml/SAMLTokenVerifier.java
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml/SAMLTokenVerifier.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml/SAMLTokenVerifier.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml/SAMLTokenVerifier.java
Tue Apr 1 03:02:12 2008
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 WSO2, Inc. (http://wso2.com)
+ * Copyright 2005-2008 WSO2, Inc. (http://wso2.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -83,11 +83,8 @@
/**
* Decrypt the given token (as a <code>java.lang.String</code> with the
* given private key.
- *
- * @param token
- * Serialized SAML token
- * @param serviceKey
- * Private key to be used for decryption.
+ * @param token Serialized SAML token
+ * @param serviceKey Private key to be used for decryption.
* @return Decrypted SAML token element.
* @throws RelyingPartyException
*/
@@ -119,9 +116,7 @@
/**
* This method performs two actions 1) Decrypt the token 2) Verify the
token
- *
- * @param decryptedElem
- * SAML token element
+ * @param decryptedElem SAML token element
* @return true if verification is successful and false if unsuccessful.
* @throws SAMLException
*/
@@ -156,10 +151,10 @@
} else if (version.equals(IdentityConstants.SAML20_URL)) {
holder = new SAML2TokenHolder();
} else {
- throw new RelyingPartyException("invalidTokenType", new
String [] { version });
+ throw new RelyingPartyException("invalidTokenType",
+ new String[] { version });
}
-
holder.createToken(decryptedElem);
issuerName = holder.getIssuerName();
if (issuerName == null) {
@@ -175,6 +170,8 @@
this.keyInfoElement = sig.getKeyInfo().getDOM();
} else {
+ String validationPolicy = rpData.getValidatePolicy();
+
String alias = null;
URI uri = new URI(issuerName);
alias = uri.getHost();
@@ -182,10 +179,10 @@
KeyStore trustStore = rpData.getTrustStore();
KeyStore systemStore = rpData.getSystemStore();
- credential = (X509CredentialImpl) X509CredentialUtil
- .loadCredentialFromTrustStore(alias, trustStore);
-
- String validationPolicy = rpData.getValidatePolicy();
+ if (trustStore != null && alias != null) {
+ credential = (X509CredentialImpl) X509CredentialUtil
+ .loadCredentialFromTrustStore(alias, trustStore);
+ }
boolean isLoadedFromMessage = false;
if (credential == null) {
@@ -198,11 +195,11 @@
isLoadedFromMessage = true;
}
- this.signingCert = credential.getSigningCert();
-
if (!validationPolicy
.equals(TokenVerifierConstants.PROMISCUOUS)) {
+ this.signingCert = credential.getSigningCert();
+
if (signingCert == null)
throw new RelyingPartyException("signingCertNull");
@@ -236,13 +233,13 @@
}
}
}
- }
- if (isValid) {
- SignatureValidator validator = new SignatureValidator(
- credential);
- validator.validate(sig);
- holder.populateAttributeTable(this.attributeTable);
+ if (isValid) {
+ SignatureValidator validator = new SignatureValidator(
+ credential);
+ validator.validate(sig);
+ holder.populateAttributeTable(this.attributeTable);
+ }
}
} catch (Exception e) {
@@ -298,7 +295,6 @@
/**
* Returns the list of attributes extracted from the
SAMLAttributeStatements
* in the verified SAML assertion.
- *
* @return List of attributes as a <code>java.util.Hashtable</code>
*/
public Hashtable getAttributeTable() {
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
