TrustUtil.java

thilinamb Wed, 23 Feb 2011 21:05:50 -0800

Author: thilinamb
Date: Thu Feb 24 05:05:24 2011
New Revision: 1074043

URL: http://svn.apache.org/viewvc?rev=1074043&view=rev
Log:
Fixing RAMPART-317 : Fixing an error when handling bearer subject confirmation.


Modified:
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
    
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
    
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1074043&r1=1074042&r2=1074043&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
 Thu Feb 24 05:05:24 2011
@@ -30,8 +30,10 @@ import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.MessageContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
 import org.apache.rahas.Token;
 import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustUtil;
 import org.apache.rahas.impl.util.SAML2KeyInfo;
 import org.apache.rahas.impl.util.SAML2Utils;
 import org.apache.rampart.policy.RampartPolicyData;
@@ -188,8 +190,15 @@ public class RampartEngine {
 
                 // If this is a SAML2.0 assertion
                 if (wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) 
instanceof Assertion) {
+                    final Assertion assertion = (Assertion) wser.get(
+                            WSSecurityEngineResult.TAG_SAML_ASSERTION);
+
+                    // if the subject confirmation method is Bearer, do not 
try to get the KeyInfo
+                    
if(TrustUtil.getSAML2SubjectConfirmationMethod(assertion).equals(
+                            
RahasConstants.SAML20_SUBJECT_CONFIRMATION_BEARER)){
+                        break;
+                    }
 
-                    final Assertion assertion = (Assertion) 
wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                     String id = assertion.getID();
                     Subject subject = assertion.getSubject();
 
@@ -236,10 +245,15 @@ public class RampartEngine {
                 }
                 //if this is a SAML1.1 assertion
                 else {
-                    final SAMLAssertion assertion =
+                    final SAMLAssertion assertion = ((SAMLAssertion) wser.get(
+                            WSSecurityEngineResult.TAG_SAML_ASSERTION));
+
+                    // if the subject confirmation method is Bearer, do not 
try to get the KeyInfo
+                    
if(RahasConstants.SAML11_SUBJECT_CONFIRMATION_BEARER.equals(
+                            
TrustUtil.getSAML11SubjectConfirmationMethod(assertion))){
+                        break;
+                    }
 
-                            ((SAMLAssertion) wser
-                                    
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
                     String id = assertion.getId();
                     Date created = assertion.getNotBefore();
                     Date expires = assertion.getNotOnOrAfter();

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java?rev=1074043&r1=1074042&r2=1074043&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
 Thu Feb 24 05:05:24 2011
@@ -132,4 +132,13 @@ public class RahasConstants {
     //Constants required for SAML2 assertion generation
     public final static String X509_CERT ="X509Certificate";
     public final static String USERNAME = "username";
+
+    //Constants required for SubjectConfirmation methods
+    public static final String SAML11_SUBJECT_CONFIRMATION_HOK = 
"urn:oasis:names:tc:SAML:1.0:cm:" +
+                                                          "holder-of-key";
+    public static final String SAML11_SUBJECT_CONFIRMATION_BEARER = 
"urn:oasis:names:tc:SAML:1.0:cm:bearer";
+
+    public static final String SAML20_SUBJECT_CONFIRMATION_HOK = 
"urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
+
+    public static final String SAML20_SUBJECT_CONFIRMATION_BEARER = 
"urn:oasis:names:tc:SAML:2.0:cm:bearer";
 }

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java?rev=1074043&r1=1074042&r2=1074043&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
 Thu Feb 24 05:05:24 2011
@@ -31,6 +31,10 @@ import org.apache.ws.security.WSConstant
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLSubjectStatement;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.SubjectConfirmation;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
@@ -39,6 +43,7 @@ import javax.xml.namespace.QName;
 import java.security.SecureRandom;
 import java.text.DateFormat;
 import java.util.Date;
+import java.util.List;
 import java.util.Properties;
 import java.util.Iterator;
 
@@ -612,6 +617,38 @@ public class TrustUtil {
                         .getAttributeValue().trim());
         return properties;
     }
-    
+
+    /**
+     * Get subject confirmation method of the given SAML 1.1 Assertion
+     * @param assertion SAML 1.1 Assertion
+     * @return  subject confirmation method
+     */
+    public static String getSAML11SubjectConfirmationMethod(SAMLAssertion 
assertion){
+        String subjectConfirmationMethod =  
RahasConstants.SAML11_SUBJECT_CONFIRMATION_HOK;
+        // iterate the statements and get the subject confirmation method.
+        Iterator statements = assertion.getStatements();
+        if(statements.hasNext()){
+            SAMLSubjectStatement stmt = 
(SAMLSubjectStatement)statements.next();
+            Iterator subjectConfirmations = 
stmt.getSubject().getConfirmationMethods();
+            if(subjectConfirmations.hasNext()){
+                subjectConfirmationMethod = 
(String)subjectConfirmations.next();
+            }
+        }
+        return subjectConfirmationMethod;
+    }
+
+    /**
+     * Get the subject confirmation method of a SAML 2.0 assertion
+     * @param assertion SAML 2.0 assertion
+     * @return  Subject Confirmation method
+     */
+    public static String getSAML2SubjectConfirmationMethod(Assertion 
assertion){
+        String subjectConfirmationMethod = 
RahasConstants.SAML20_SUBJECT_CONFIRMATION_HOK;
+        List<SubjectConfirmation> subjectConfirmations = 
assertion.getSubject().getSubjectConfirmations();
+        if(subjectConfirmations.size() > 0){
+            subjectConfirmationMethod = 
subjectConfirmations.get(0).getMethod();
+        }
+        return  subjectConfirmationMethod;
+    }
     
 }

svn commit: r1074043 - in /axis/axis2/java/rampart/trunk/modules: rampart-core/src/main/java/org/apache/rampart/RampartEngine.java rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java

Reply via email to