Author: amilaj
Date: Mon Feb 13 11:42:19 2012
New Revision: 1243480
URL: http://svn.apache.org/viewvc?rev=1243480&view=rev
Log:
Refactored SAMLTokenIssuerConfig usages. Reduce code duplication and moved code
to a central place. Added tests for SAMLTokenIssuerConfig
Added:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/CommonUtilTest.java
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
Mon Feb 13 11:42:19 2012
@@ -143,4 +143,6 @@ public class RahasConstants {
public static final String SAML20_SUBJECT_CONFIRMATION_BEARER =
"urn:oasis:names:tc:SAML:2.0:cm:bearer";
public static final String SAML_NS =
"urn:oasis:names:tc:SAML:1.0:assertion";
+
+ public static final String AUTHENTICATION_METHOD_PASSWORD =
"urn:oasis:names:tc:SAML:1.0:am:password";
}
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
Mon Feb 13 11:42:19 2012
@@ -60,28 +60,60 @@ public abstract class AbstractIssuerConf
public void setAddRequestedAttachedRef(boolean addRequestedAttachedRef) {
this.addRequestedAttachedRef = addRequestedAttachedRef;
}
+
public void setAddRequestedUnattachedRef(boolean
addRequestedUnattachedRef) {
this.addRequestedUnattachedRef = addRequestedUnattachedRef;
}
+
public void setKeyComputation(int keyComputation) {
this.keyComputation = keyComputation;
}
+
public int getKeyComputation() {
return keyComputation;
}
+
public void setProofKeyType(String proofKeyType) {
this.proofKeyType = proofKeyType;
}
+
public void setTtl(long ttl) {
this.ttl = ttl;
}
+
public void setKeySize(int keySize) {
this.keySize = keySize;
}
+
public int getKeySize() {
return keySize;
}
+
public String getProofKeyType() {
return proofKeyType;
}
+
+ public boolean isAddRequestedAttachedRef() {
+ return addRequestedAttachedRef;
+ }
+
+ public boolean isAddRequestedUnattachedRef() {
+ return addRequestedUnattachedRef;
+ }
+
+ public long getTtl() {
+ return ttl;
+ }
+
+ public String getCryptoPropertiesFile() {
+ return cryptoPropertiesFile;
+ }
+
+ public OMElement getCryptoPropertiesElement() {
+ return cryptoPropertiesElement;
+ }
+
+ public OMElement getCryptoElement() {
+ return cryptoElement;
+ }
}
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
Mon Feb 13 11:42:19 2012
@@ -22,7 +22,6 @@ import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.dom.DOMMetaFactory;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.*;
@@ -33,7 +32,6 @@ import org.apache.rahas.impl.util.SignKe
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.Loader;
@@ -101,50 +99,34 @@ public class SAML2TokenIssuer implements
MessageContext inMsgCtx = data.getInMessageContext();
try {
- SAMLTokenIssuerConfig config = null;
- if (this.configElement != null) {
- config = new SAMLTokenIssuerConfig(configElement
-
.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
- }
-
- // Look for the file
- if (config == null && this.configFile != null) {
- config = new SAMLTokenIssuerConfig(this.configFile);
- //config = new
SAMLTokenIssuerConfig("/home/thilina/Desktop/saml-issuer-config.xml");
- }
-
- // Look for the param
- if (config == null && this.configParamName != null) {
- Parameter param = inMsgCtx.getParameter(this.configParamName);
- if (param != null && param.getParameterElement() != null) {
- config = new SAMLTokenIssuerConfig(param
- .getParameterElement().getFirstChildWithName(
- SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
- } else {
- throw new TrustException("expectedParameterMissing",
- new String[]{this.configParamName});
+ SAMLTokenIssuerConfig tokenIssuerConfiguration =
CommonUtil.getTokenIssuerConfiguration(this.configElement,
+ this.configFile,
inMsgCtx.getParameter(this.configParamName));
+
+ if (tokenIssuerConfiguration == null) {
+
+ if (log.isDebugEnabled()) {
+ String parameterName;
+ if (this.configElement != null) {
+ parameterName = "OMElement - " +
this.configElement.toString();
+ } else if (this.configFile != null) {
+ parameterName = "File - " + this.configFile;
+ } else if (this.configParamName != null) {
+ parameterName = "With message context parameter name -
" + this.configParamName;
+ } else {
+ parameterName = "No method to build configurations";
+ }
+
+ log.debug("Unable to build token configurations, " +
parameterName);
}
- }
- if (config == null) {
throw new TrustException("configurationIsNull");
}
SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
.getEnvelope().getNamespace().getNamespaceURI());
- Crypto crypto;
- if (config.cryptoElement != null) { // crypto props
- // defined as
- // elements
- crypto = CryptoFactory.getInstance(TrustUtil
- .toProperties(config.cryptoElement), inMsgCtx
+ Crypto crypto = tokenIssuerConfiguration.getIssuerCrypto(inMsgCtx
.getAxisService().getClassLoader());
- } else { // crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- inMsgCtx.getAxisService().getClassLoader());
- }
-
// Get the document
Document doc = ((Element) env).getOwnerDocument();
@@ -153,7 +135,7 @@ public class SAML2TokenIssuer implements
int keySize = data.getKeysize();
String keyType = data.getKeyType();
- keySize = (keySize == -1) ? config.keySize : keySize;
+ keySize = (keySize == -1) ? tokenIssuerConfiguration.getKeySize()
: keySize;
//Build the assertion
AssertionBuilder assertionBuilder = new AssertionBuilder();
@@ -166,7 +148,7 @@ public class SAML2TokenIssuer implements
//Set the issuer
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
- issuer.setValue(config.issuerName);
+ issuer.setValue(tokenIssuerConfiguration.getIssuerName());
assertion.setIssuer(issuer);
// Set the issued time.
@@ -174,7 +156,7 @@ public class SAML2TokenIssuer implements
// Validity period
DateTime creationDate = new DateTime();
- DateTime expirationDate = new DateTime(creationDate.getMillis() +
config.ttl);
+ DateTime expirationDate = new DateTime(creationDate.getMillis() +
tokenIssuerConfiguration.getTtl());
// These variables are used to build the trust assertion
Date creationTime = creationDate.toDate();
@@ -189,7 +171,7 @@ public class SAML2TokenIssuer implements
Subject subject;
if (!data.getKeyType().endsWith(RahasConstants.KEY_TYPE_BEARER)) {
- subject = createSubjectWithHolderOfKeySC(config, doc, crypto,
creationDate, expirationDate, data);
+ subject =
createSubjectWithHolderOfKeySC(tokenIssuerConfiguration, doc, crypto,
creationDate, expirationDate, data);
}
else{
subject = createSubjectWithBearerSC(data);
@@ -200,18 +182,18 @@ public class SAML2TokenIssuer implements
// If a SymmetricKey is used build an attr stmt, if a public key
is build an authn stmt.
if (isSymmetricKeyBasedHoK) {
- AttributeStatement attrStmt = createAttributeStatement(data,
config);
+ AttributeStatement attrStmt = createAttributeStatement(data,
tokenIssuerConfiguration);
assertion.getAttributeStatements().add(attrStmt);
} else {
AuthnStatement authStmt = createAuthnStatement(data);
assertion.getAuthnStatements().add(authStmt);
if (data.getClaimDialect() != null && data.getClaimElem() !=
null) {
-
assertion.getAttributeStatements().add(createAttributeStatement(data, config));
+
assertion.getAttributeStatements().add(createAttributeStatement(data,
tokenIssuerConfiguration));
}
}
// Create a SignKeyHolder to hold the crypto objects that are used
to sign the assertion
- SignKeyHolder signKeyHolder = createSignKeyHolder(config, crypto);
+ SignKeyHolder signKeyHolder =
createSignKeyHolder(tokenIssuerConfiguration, crypto);
// Sign the assertion
assertion = setSignature(assertion, signKeyHolder);
@@ -237,12 +219,12 @@ public class SAML2TokenIssuer implements
TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
}
- if (config.addRequestedAttachedRef) {
+ if (tokenIssuerConfiguration.isAddRequestedAttachedRef()) {
TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+ assertion.getID(), RahasConstants.TOK_TYPE_SAML_20);
}
- if (config.addRequestedUnattachedRef) {
+ if (tokenIssuerConfiguration.isAddRequestedUnattachedRef()) {
TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
assertion.getID(), RahasConstants.TOK_TYPE_SAML_20);
}
@@ -303,11 +285,12 @@ public class SAML2TokenIssuer implements
TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
- && config.keyComputation !=
SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
+ && tokenIssuerConfiguration.getKeyComputation()
+ !=
SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
// Add the RequestedProofToken
TokenIssuerUtil.handleRequestedProofToken(data, wstVersion,
- config, rstrElem,
assertionToken, doc);
+
tokenIssuerConfiguration, rstrElem, assertionToken, doc);
}
return env;
@@ -368,13 +351,12 @@ public class SAML2TokenIssuer implements
// set keysize
int keysize = data.getKeysize();
- keysize = (keysize != -1) ? keysize : config.keySize;
+ keysize = (keysize != -1) ? keysize : config.getKeySize();
// TODO setting keysize is removed with wss4j 1.6 migration -
do we actually need this ?
encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret(
- data, config.keyComputation, keysize));
-
+ data, config.getKeyComputation(), keysize));
// Set key encryption algo
encrKeyBuilder
@@ -620,7 +602,7 @@ public class SAML2TokenIssuer implements
SignKeyHolder signKeyHolder = new SignKeyHolder();
try {
- X509Certificate[] issuerCerts =
CommonUtil.getCertificatesByAlias(crypto,config.issuerKeyAlias);
+ X509Certificate[] issuerCerts =
CommonUtil.getCertificatesByAlias(crypto,config.getIssuerKeyAlias());
String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
@@ -628,7 +610,7 @@ public class SAML2TokenIssuer implements
sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
}
java.security.Key issuerPK = crypto.getPrivateKey(
- config.issuerKeyAlias, config.issuerKeyPassword);
+ config.getIssuerKeyAlias(), config.getIssuerKeyPassword());
signKeyHolder.setIssuerCerts(issuerCerts);
signKeyHolder.setIssuerPK((PrivateKey) issuerPK);
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
Mon Feb 13 11:42:19 2012
@@ -20,7 +20,6 @@ import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
@@ -33,7 +32,6 @@ import org.apache.rahas.impl.util.*;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -64,60 +62,43 @@ public class SAMLTokenIssuer implements
private String configFile;
-
- //TODO move this to TrustUtil
- private static final String AUTHENTICATION_METHOD_PASSWORD =
"urn:oasis:names:tc:SAML:1.0:am:password";
-
private static final Log log = LogFactory.getLog(SAMLTokenIssuer.class);
public SOAPEnvelope issue(RahasData data) throws TrustException {
MessageContext inMsgCtx = data.getInMessageContext();
- SAMLTokenIssuerConfig config = null;
- if (this.configElement != null) {
- config = new SAMLTokenIssuerConfig(configElement
-
.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
- }
-
- // Look for the file
- if (config == null && this.configFile != null) {
- config = new SAMLTokenIssuerConfig(this.configFile);
- }
-
- // Look for the param
- if (config == null && this.configParamName != null) {
- Parameter param = inMsgCtx.getParameter(this.configParamName);
- if (param != null && param.getParameterElement() != null) {
- config = new SAMLTokenIssuerConfig(param
- .getParameterElement().getFirstChildWithName(
- SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
- } else {
- throw new TrustException("expectedParameterMissing",
- new String[] { this.configParamName });
+ SAMLTokenIssuerConfig tokenIssuerConfiguration =
CommonUtil.getTokenIssuerConfiguration(this.configElement,
+ this.configFile,
inMsgCtx.getParameter(this.configParamName));
+
+ if (tokenIssuerConfiguration == null) {
+
+ if (log.isDebugEnabled()) {
+ String parameterName;
+ if (this.configElement != null) {
+ parameterName = "OMElement - " +
this.configElement.toString();
+ } else if (this.configFile != null) {
+ parameterName = "File - " + this.configFile;
+ } else if (this.configParamName != null) {
+ parameterName = "With message context parameter name - " +
this.configParamName;
+ } else {
+ parameterName = "No method to build configurations";
+ }
+
+ log.debug("Unable to build token configurations, " +
parameterName);
}
- }
- if (config == null) {
throw new TrustException("configurationIsNull");
}
SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
.getEnvelope().getNamespace().getNamespaceURI());
- Crypto crypto;
- if (config.cryptoElement != null) { // crypto props defined as elements
- crypto = CommonUtil.getCrypto(TrustUtil
- .toProperties(config.cryptoElement), inMsgCtx
+ Crypto crypto = tokenIssuerConfiguration.getIssuerCrypto(inMsgCtx
.getAxisService().getClassLoader());
- } else { // crypto props defined in a properties file
- crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile, inMsgCtx
- .getAxisService().getClassLoader());
- }
-
// Creation and expiration times
DateTime creationTime = new DateTime();
- DateTime expirationTime = new DateTime(creationTime.getMillis() +
config.ttl);
+ DateTime expirationTime = new DateTime(creationTime.getMillis() +
tokenIssuerConfiguration.getTtl());
// Get the document
Document doc = ((Element) env).getOwnerDocument();
@@ -125,7 +106,7 @@ public class SAMLTokenIssuer implements
// Get the key size and create a new byte array of that size
int keySize = data.getKeysize();
- keySize = (keySize == -1) ? config.keySize : keySize;
+ keySize = (keySize == -1) ? tokenIssuerConfiguration.getKeySize() :
keySize;
/*
* Find the KeyType If the KeyType is SymmetricKey or PublicKey,
@@ -147,10 +128,10 @@ public class SAMLTokenIssuer implements
if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
|| keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) {
- assertion = createHoKAssertion(config, doc, crypto,
+ assertion = createHoKAssertion(tokenIssuerConfiguration, doc,
crypto,
creationTime, expirationTime, data);
} else if (keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
- assertion = createBearerAssertion(config, doc, crypto,
+ assertion = createBearerAssertion(tokenIssuerConfiguration, doc,
crypto,
creationTime, expirationTime, data);
} else {
throw new TrustException("unsupportedKeyType");
@@ -176,11 +157,11 @@ public class SAMLTokenIssuer implements
TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
}
- if (config.addRequestedAttachedRef) {
+ if (tokenIssuerConfiguration.isAddRequestedAttachedRef()) {
TrustUtil.createRequestedAttachedRef(rstrElem,
assertion.getID(),wstVersion);
}
- if (config.addRequestedUnattachedRef) {
+ if (tokenIssuerConfiguration.isAddRequestedUnattachedRef()) {
TrustUtil.createRequestedUnattachedRef(rstrElem,
assertion.getID(),wstVersion);
}
@@ -221,11 +202,11 @@ public class SAMLTokenIssuer implements
}*/
if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
- && config.keyComputation !=
SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
+ && tokenIssuerConfiguration.getKeyComputation() !=
SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
// Add the RequestedProofToken
TokenIssuerUtil.handleRequestedProofToken(data, wstVersion,
- config, rstrElem, assertionToken, doc);
+ tokenIssuerConfiguration, rstrElem, assertionToken, doc);
}
return env;
@@ -298,12 +279,12 @@ public class SAMLTokenIssuer implements
// set keySize
int keySize = data.getKeysize();
- keySize = (keySize != -1) ? keySize : config.keySize;
+ keySize = (keySize != -1) ? keySize : config.getKeySize();
// Create the encrypted key
KeyInfo encryptedKeyInfoElement
= SAMLUtils.getSymmetricKeyBasedKeyInfo(doc, data,
serviceCert, keySize,
- crypto, config.keyComputation);
+ crypto, config.getKeyComputation());
return this.createAttributeAssertion(data,
encryptedKeyInfoElement, nameIdentifier, config,
crypto, creationTime, expirationTime);
@@ -376,15 +357,15 @@ public class SAMLTokenIssuer implements
// TODO a duplicate method !!
if (serviceAddress != null && !"".equals(serviceAddress)) {
- String alias = (String) config.trustedServices.get(serviceAddress);
+ String alias = (String)
config.getTrustedServices().get(serviceAddress);
if (alias != null) {
return CommonUtil.getCertificateByAlias(crypto,alias);
} else {
- alias = (String) config.trustedServices.get("*");
+ alias = (String) config.getTrustedServices().get("*");
return CommonUtil.getCertificateByAlias(crypto,alias);
}
} else {
- String alias = (String) config.trustedServices.get("*");
+ String alias = (String) config.getTrustedServices().get("*");
return CommonUtil.getCertificateByAlias(crypto,alias);
}
@@ -452,7 +433,7 @@ public class SAMLTokenIssuer implements
List<Statement> attributeStatements = new ArrayList<Statement>();
attributeStatements.add(attributeStatement);
- Assertion assertion = SAMLUtils.createAssertion(config.issuerName,
notBefore,
+ Assertion assertion =
SAMLUtils.createAssertion(config.getIssuerName(), notBefore,
notAfter, attributeStatements);
SAMLUtils.signAssertion(assertion, crypto,
config.getIssuerKeyAlias(), config.getIssuerKeyPassword());
@@ -485,7 +466,7 @@ public class SAMLTokenIssuer implements
Subject subject =
SAMLUtils.createSubject(subjectNameId,confirmationMethod, keyInfo);
AuthenticationStatement authenticationStatement
- = SAMLUtils.createAuthenticationStatement(subject,
AUTHENTICATION_METHOD_PASSWORD,
+ = SAMLUtils.createAuthenticationStatement(subject,
RahasConstants.AUTHENTICATION_METHOD_PASSWORD,
notBefore);
List<Statement> statements = new ArrayList<Statement>();
@@ -498,7 +479,7 @@ public class SAMLTokenIssuer implements
statements.add(authenticationStatement);
- Assertion assertion = SAMLUtils.createAssertion(config.issuerName,
+ Assertion assertion =
SAMLUtils.createAssertion(config.getIssuerName(),
notBefore, notAfter, statements);
// Signing the assertion
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
Mon Feb 13 11:42:19 2012
@@ -25,10 +25,12 @@ import org.apache.axis2.description.Para
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLCallbackHandler;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
import javax.xml.namespace.QName;
import java.io.FileInputStream;
@@ -92,10 +94,12 @@ public class SAMLTokenIssuerConfig exten
public final static QName ISSUER_NAME = new QName("issuerName");
public final static QName SAML_CALLBACK_CLASS = new
QName("dataCallbackHandlerClass");
-
+
protected String issuerKeyAlias;
protected String issuerKeyPassword;
protected String issuerName;
+
+ // TODO in next major release convert this to a typed map
protected Map trustedServices = new HashMap();
protected String trustStorePropFile;
protected SAMLCallbackHandler callbackHandler;
@@ -422,6 +426,14 @@ public class SAMLTokenIssuerConfig exten
return callbackHandler;
}
+ public String getIssuerName() {
+ return issuerName;
+ }
+
+ public String getTrustStorePropFile() {
+ return trustStorePropFile;
+ }
+
public void setCallbackHandler(SAMLCallbackHandler callbackHandler) {
this.callbackHandler = callbackHandler;
}
@@ -461,4 +473,30 @@ public class SAMLTokenIssuerConfig exten
}
+ /**
+ * This method will create a Crypto object based on property values
defined in cryptoElement or
+ * cryptoPropertiesFile.
+ * @param classLoader A class loader to pass into CryptoFactory.
+ * @return A Crypto object
+ * @throws TrustException If an error occurred while creating the Crypto
object.
+ */
+ public Crypto getIssuerCrypto(ClassLoader classLoader) throws
TrustException {
+
+ try {
+ if (this.cryptoElement != null) {
+ // crypto props defined as elements
+ return CryptoFactory.getInstance(TrustUtil
+ .toProperties(this.cryptoElement), classLoader);
+ } else {
+ // crypto props defined in a properties file
+ return CryptoFactory.getInstance(this.cryptoPropertiesFile,
+ classLoader);
+ }
+
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorLoadingCryptoProperties", e);
+ }
+
+ }
+
}
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
Mon Feb 13 11:42:19 2012
@@ -15,7 +15,6 @@ import org.apache.rahas.TokenRenewer;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
-import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLUtils;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -88,16 +87,8 @@ public class SAMLTokenRenewer implements
wstVersion, rstrcElem);
}
- Crypto crypto;
ClassLoader classLoader = inMsgCtx.getAxisService().getClassLoader();
- if (config.cryptoElement != null) {
- // crypto props defined as elements
- crypto = CommonUtil.getCrypto(TrustUtil
- .toProperties(config.cryptoElement), classLoader);
- } else {
- // crypto props defined in a properties file
- crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile,
classLoader);
- }
+ Crypto crypto = config.getIssuerCrypto(classLoader);
// Create TokenType element
TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
@@ -106,7 +97,7 @@ public class SAMLTokenRenewer implements
// Creation and expiration times
Date creationTime = new Date();
Date expirationTime = new Date();
- expirationTime.setTime(creationTime.getTime() + config.ttl);
+ expirationTime.setTime(creationTime.getTime() + config.getTtl());
// Use GMT time in milliseconds
DateFormat zulu = new XmlSchemaDateFormat();
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
Mon Feb 13 11:42:19 2012
@@ -184,7 +184,7 @@ public class SAMLTokenValidator implemen
inMsgCtx.getAxisService().getClassLoader());
}
- X509Certificate issuerCert =
CommonUtil.getCertificateByAlias(crypto,config.issuerKeyAlias);
+ X509Certificate issuerCert =
CommonUtil.getCertificateByAlias(crypto,config.getIssuerKeyAlias());
issuerPBKey = issuerCert.getPublicKey();
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
Mon Feb 13 11:42:19 2012
@@ -136,14 +136,14 @@ public class SCTIssuer implements TokenI
OMElement reqAttachedRef = null;
OMElement reqUnattachedRef = null;
- if (config.addRequestedAttachedRef) {
+ if (config.isAddRequestedAttachedRef()) {
reqAttachedRef =
TrustUtil.createRequestedAttachedRef(wstVersion,
rstrElem,
"#" + sct.getID(),
tokenType);
}
- if (config.addRequestedUnattachedRef) {
+ if (config.isAddRequestedUnattachedRef()) {
reqUnattachedRef =
TrustUtil.createRequestedUnattachedRef(wstVersion,
rstrElem,
sct.getIdentifier(),
@@ -154,7 +154,7 @@ public class SCTIssuer implements TokenI
Date creationTime = new Date();
Date expirationTime = new Date();
- expirationTime.setTime(creationTime.getTime() + config.ttl);
+ expirationTime.setTime(creationTime.getTime() + config.getTtl());
// Use GMT time in milliseconds
DateFormat zulu = new XmlSchemaDateFormat();
@@ -171,15 +171,15 @@ public class SCTIssuer implements TokenI
creationTime,
expirationTime);
- if(config.addRequestedAttachedRef) {
+ if(config.isAddRequestedAttachedRef()) {
sctToken.setAttachedReference(reqAttachedRef.getFirstElement());
}
- if(config.addRequestedUnattachedRef) {
+ if(config.isAddRequestedUnattachedRef()) {
sctToken.setUnattachedReference(reqUnattachedRef.getFirstElement());
}
- byte[] secret = TokenIssuerUtil.getSharedSecret(data,
config.keyComputation, config.keySize);
+ byte[] secret = TokenIssuerUtil.getSharedSecret(data,
config.getKeyComputation(), config.getKeySize());
sctToken.setSecret(secret);
//Add the RequestedProofToken
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
Mon Feb 13 11:42:19 2012
@@ -17,11 +17,15 @@
package org.apache.rahas.impl.util;
import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.dom.DOMMetaFactory;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.SAMLTokenIssuerConfig;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
@@ -185,4 +189,110 @@ public class CommonUtil {
}
}
+
+ /**
+ * Creates the token issuer configuration. The configuration is created in
following order,
+ * 1. Try create token configuration using configuration OMElement
+ * 2. Try create token configuration using a configuration file name
+ * 3. Try create token configuration using a parameter name in message
context.
+ * The issuer configuration would look like as follows,
+ *
+ * <saml-issuer-config>
+ * <issuerName>Test_STS</issuerName>
+ * <issuerKeyAlias>ip</issuerKeyAlias>
+ * <issuerKeyPassword>password</issuerKeyPassword>
+ * <cryptoProperties>
+ * <crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ * <property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ * <property
name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</property>
+ * <property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ * </crypto>
+ * </cryptoProperties>
+ * <timeToLive>300000</timeToLive>
+ * <keySize>256</keySize>
+ * <addRequestedAttachedRef />
+ * <addRequestedUnattachedRef />
+ * <keyComputation>2</keyComputation>
+ * <proofKeyType>BinarySecret</proofKeyType>
+ * <trusted-services>
+ * <service
alias="bob">http://localhost:8080/axis2/services/STS</service>
+ * </trusted-services>
+ * </saml-issuer-config>
+ *
+ * @param configElement Configuration as an OMElement.
+ * @param configFile Configuration as a file.
+ * @param messageContextParameter Configuration as a message context
parameter.
+ * @return Token issuer configuration as a SAMLTokenIssuerConfig object.
+ * @throws TrustException If an error occurred while creating
SAMLTokenIssuerConfig object.
+ */
+ public static SAMLTokenIssuerConfig getTokenIssuerConfiguration(OMElement
configElement, String configFile,
+ Parameter
messageContextParameter) throws TrustException {
+
+ // First try using configuration element
+ SAMLTokenIssuerConfig tokenIssuerConfiguration =
createTokenIssuerConfiguration(configElement);
+
+ if (tokenIssuerConfiguration == null) {
+
+ // Now try file
+ tokenIssuerConfiguration =
createTokenIssuerConfiguration(configFile);
+
+ if (tokenIssuerConfiguration == null) {
+
+ // Finally try using the parameter
+ if (messageContextParameter != null) {
+ tokenIssuerConfiguration =
createTokenIssuerConfiguration(messageContextParameter);
+ }
+
+ return tokenIssuerConfiguration;
+ } else {
+ return tokenIssuerConfiguration;
+ }
+
+ } else {
+ return tokenIssuerConfiguration;
+ }
+ }
+
+ protected static SAMLTokenIssuerConfig
createTokenIssuerConfiguration(OMElement configElement)
+ throws TrustException {
+
+ if (configElement != null) {
+
+ log.debug("Creating token issuer configuration using OMElement");
+
+ return new SAMLTokenIssuerConfig(configElement
+
.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ return null;
+ }
+
+ protected static SAMLTokenIssuerConfig
createTokenIssuerConfiguration(String configFile) throws TrustException {
+
+ if (configFile != null) {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Creating token issuer configuration using file " +
configFile);
+ }
+
+ return new SAMLTokenIssuerConfig(configFile);
+ }
+
+ return null;
+ }
+
+ protected static SAMLTokenIssuerConfig
createTokenIssuerConfiguration(Parameter messageContextParameter)
+ throws TrustException {
+
+ if (messageContextParameter != null &&
messageContextParameter.getParameterElement() != null) {
+
+ log.debug("Creating token issuer configuration using the config
parameter");
+
+ return new SAMLTokenIssuerConfig(messageContextParameter
+ .getParameterElement().getFirstChildWithName(
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ return null;
+ }
}
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java?rev=1243480&r1=1243479&r2=1243480&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
Mon Feb 13 11:42:19 2012
@@ -1,5 +1,5 @@
/*
- * Copyright 2004,2005 The Apache Software Foundation.
+ * Copyright The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -25,8 +25,6 @@ import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.Base64;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
@@ -55,7 +53,6 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
-import java.util.Iterator;
import java.util.List;
public class SAML2Utils {
@@ -174,7 +171,7 @@ public class SAML2Utils {
}
// extract the subject confirmation element from the subject
- SubjectConfirmation subjectConf = (SubjectConfirmation)
samlSubject.getSubjectConfirmations().get(0);
+ SubjectConfirmation subjectConf =
samlSubject.getSubjectConfirmations().get(0);
if (subjectConf == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidSAML2Token", new Object[]{"for Signature
(no Subject Confirmation)"});
@@ -191,9 +188,7 @@ public class SAML2Utils {
// Get the SAML specific XML representation of the keyInfo
object
XMLObject KIElem = null;
List<XMLObject> scDataElements = scData.getOrderedChildren();
- Iterator<XMLObject> iterator = scDataElements.iterator();
- while (iterator.hasNext()) {
- XMLObject xmlObj = iterator.next();
+ for (XMLObject xmlObj : scDataElements) {
if (xmlObj instanceof org.opensaml.xml.signature.KeyInfo) {
KIElem = xmlObj;
break;
@@ -205,31 +200,19 @@ public class SAML2Utils {
// Generate a DOM element from the XMLObject.
if (KIElem != null) {
- // Set the "javax.xml.parsers.DocumentBuilderFactory"
system property to make sure the endorsed JAXP
- // implementation is picked over the default jaxp impl
shipped with the JDK.
- String jaxpProperty =
System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
-
//System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
"org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
-
MarshallerFactory marshallerFactory =
org.opensaml.xml.Configuration.getMarshallerFactory();
Marshaller marshaller =
marshallerFactory.getMarshaller(KIElem);
keyInfoElement = marshaller.marshall(KIElem);
- // Reset the sys. property to its previous value.
- if (jaxpProperty == null) {
-
System.getProperties().remove("javax.xml.parsers.DocumentBuilderFactory");
- } else {
-
System.setProperty("javax.xml.parsers.DocumentBuilderFactory", jaxpProperty);
- }
-
} else {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidSAML2Token", new Object[]{"for Signature
(no key info element)"});
}
AttributeStatement attrStmt =
assertion.getAttributeStatements().size() != 0 ?
- (AttributeStatement)
assertion.getAttributeStatements().get(0) : null;
+ assertion.getAttributeStatements().get(0) : null;
AuthnStatement authnStmt =
assertion.getAuthnStatements().size() != 0 ?
- (AuthnStatement) assertion.getAuthnStatements().get(0)
: null;
+ assertion.getAuthnStatements().get(0) : null;
// if an attr stmt is present, then it has a symmetric key.
if (attrStmt != null) {
@@ -258,7 +241,7 @@ public class SAML2Utils {
// If an authn stmt is present then it has a public key.
if (authnStmt != null) {
- X509Certificate[] certs = null;
+ X509Certificate[] certs;
try {
KeyInfo ki = new KeyInfo(keyInfoElement, null);
Added:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/CommonUtilTest.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/CommonUtilTest.java?rev=1243480&view=auto
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/CommonUtilTest.java
(added)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/CommonUtilTest.java
Mon Feb 13 11:42:19 2012
@@ -0,0 +1,152 @@
+/*
+* Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights
Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.rahas.impl.util;
+
+import junit.framework.Assert;
+import junit.framework.TestCase;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.AXIOMUtil;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.SAMLTokenIssuerConfig;
+import org.apache.ws.security.components.crypto.Crypto;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * A test class for common util.
+ */
+public class CommonUtilTest extends TestCase {
+
+ private boolean isConfigFromFile = false;
+
+ private String configurationElement =
"<configuration><saml-issuer-config>" +
+ "<issuerName>Test_STS</issuerName>" +
+ "<issuerKeyAlias>ip</issuerKeyAlias>" +
+ "<issuerKeyPassword>password</issuerKeyPassword>" +
+ "<cryptoProperties><crypto
provider=\"org.apache.ws.security.components.crypto.Merlin\">" +
+ "<property
name=\"org.apache.ws.security.crypto.merlin.keystore.type\">JKS</property>" +
+ "<property
name=\"org.apache.ws.security.crypto.merlin.file\">src/test/resources/keystore.jks</property>"
+
+ "<property
name=\"org.apache.ws.security.crypto.merlin.keystore.password\">password</property></crypto>"
+
+ "</cryptoProperties>" +
+ "<timeToLive>300000</timeToLive>" +
+ "<keySize>256</keySize>" +
+ "<addRequestedAttachedRef /><addRequestedUnattachedRef />" +
+ "<keyComputation>2</keyComputation>" +
+ "<proofKeyType>BinarySecret</proofKeyType>" +
+ "<trusted-services>" +
+ "<service
alias=\"bob\">http://localhost:8080/axis2/services/STS</service>" +
+ "</trusted-services></saml-issuer-config></configuration>";
+
+ private String configurationFileName =
"sts-aar-resources/saml-issuer-config.xml";
+
+ private void checkConfigurations(SAMLTokenIssuerConfig tokenIssuerConfig)
throws TrustException {
+
+ Assert.assertEquals("Test_STS", tokenIssuerConfig.getIssuerName());
+ Assert.assertEquals("ip", tokenIssuerConfig.getIssuerKeyAlias());
+ Assert.assertEquals("password",
tokenIssuerConfig.getIssuerKeyPassword());
+ Assert.assertEquals(300000, tokenIssuerConfig.getTtl());
+ Assert.assertEquals(256, tokenIssuerConfig.getKeySize());
+ Assert.assertEquals(true,
tokenIssuerConfig.isAddRequestedAttachedRef());
+ Assert.assertEquals(true,
tokenIssuerConfig.isAddRequestedUnattachedRef());
+ Assert.assertEquals(2, tokenIssuerConfig.getKeyComputation());
+ Assert.assertEquals("BinarySecret",
tokenIssuerConfig.getProofKeyType());
+
+ Map trustedServices = tokenIssuerConfig.getTrustedServices();
+ Set trustedServiceSet = trustedServices.entrySet();
+ for (Object aTrustedServiceSet : trustedServiceSet) {
+ Map.Entry pairs = (Map.Entry) aTrustedServiceSet;
+ Assert.assertEquals("http://localhost:8080/axis2/services/STS";,
(String)pairs.getKey());
+ Assert.assertEquals("bob", (String) pairs.getValue());
+ }
+
+ OMElement cryptoPropertiesElement =
tokenIssuerConfig.getCryptoPropertiesElement();
+ Assert.assertNotNull(cryptoPropertiesElement);
+
+ OMElement crypto =
cryptoPropertiesElement.getFirstChildWithName(SAMLTokenIssuerConfig.CRYPTO);
+ Assert.assertNotNull(crypto);
+
+ Iterator children = crypto.getChildElements();
+ while (children.hasNext()) {
+ OMElement child = (OMElement)children.next();
+ OMAttribute attribute = child.getAttribute(new QName("name"));
+
+ if
(attribute.getAttributeValue().equals("org.apache.ws.security.crypto.merlin.keystore.type"))
{
+ Assert.assertEquals(child.getText(), "JKS");
+ continue;
+ }
+
+ if
(attribute.getAttributeValue().equals("org.apache.ws.security.crypto.merlin.file"))
{
+
+ if (!this.isConfigFromFile) {
+ Assert.assertEquals(child.getText(),
"src/test/resources/keystore.jks");
+ } else {
+ Assert.assertEquals(child.getText(),
"META-INF/rahas-sts.jks");
+ }
+ continue;
+ }
+
+ if
(attribute.getAttributeValue().equals("org.apache.ws.security.crypto.merlin.keystore.password"))
{
+ Assert.assertEquals(child.getText(), "password");
+ continue;
+ }
+
+ Assert.fail("Unexpected values returned - " +
attribute.getAttributeValue());
+ }
+
+ }
+
+ public void testTokenIssuerConfigurationsUsingOMElement() throws
XMLStreamException, TrustException {
+
+ this.isConfigFromFile = false;
+ OMElement element = AXIOMUtil.stringToOM(this.configurationElement);
+ SAMLTokenIssuerConfig tokenIssuerConfig =
CommonUtil.createTokenIssuerConfiguration(element);
+ Assert.assertNotNull(tokenIssuerConfig);
+ checkConfigurations(tokenIssuerConfig);
+
+ Crypto signatureCrypto =
tokenIssuerConfig.getIssuerCrypto(this.getClass().getClassLoader());
+ Assert.assertEquals(signatureCrypto.getClass().getName(),
"org.apache.ws.security.components.crypto.Merlin");
+
+ }
+
+ public void testTokenIssuerConfigurationsUsingFile() throws
XMLStreamException, TrustException {
+
+ this.isConfigFromFile = true;
+ SAMLTokenIssuerConfig tokenIssuerConfig =
CommonUtil.createTokenIssuerConfiguration(configurationFileName);
+ Assert.assertNotNull(tokenIssuerConfig);
+ checkConfigurations(tokenIssuerConfig);
+ }
+
+ public void testTokenIssuerConfigurationsUsingParameter() throws
XMLStreamException, TrustException {
+
+ this.isConfigFromFile = false;
+ OMElement element = AXIOMUtil.stringToOM(this.configurationElement);
+ Parameter parameter = new Parameter();
+ parameter.setParameterElement(element);
+ SAMLTokenIssuerConfig tokenIssuerConfig =
CommonUtil.createTokenIssuerConfiguration(parameter);
+ Assert.assertNotNull(tokenIssuerConfig);
+ checkConfigurations(tokenIssuerConfig);
+ }
+
+}
