cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1519228 - in /cxf/fediz/trunk/services/idp/src: main/java/org/apache/cxf/fediz/service/idp/ main/java/org/apache/cxf/fediz/service/idp/util/ main/resources/ test/ test/java/ test/java/org/ test/java/org/apache/ test/java/org/apache/cxf/ te...
Date Sat, 31 Aug 2013 21:22:32 GMT
Author: owulff
Date: Sat Aug 31 21:22:31 2013
New Revision: 1519228

URL: http://svn.apache.org/r1519228
Log:
[FEDIZ-15] Support the publish of the WS-Federation Metadata document

Added:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
    cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreA.properties
    cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreB.properties
    cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks
    cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks
    cxf/fediz/trunk/services/idp/src/test/
    cxf/fediz/trunk/services/idp/src/test/java/
    cxf/fediz/trunk/services/idp/src/test/java/org/
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/util/
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
    cxf/fediz/trunk/services/idp/src/test/resources/
    cxf/fediz/trunk/services/idp/src/test/resources/idp-config.xml
    cxf/fediz/trunk/services/idp/src/test/resources/realm.properties
    cxf/fediz/trunk/services/idp/src/test/resources/realma.cert
    cxf/fediz/trunk/services/idp/src/test/resources/stsKeystoreA.properties
    cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
Sat Aug 31 21:22:31 2013
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.service.ConfigService;
+import org.apache.cxf.fediz.service.idp.util.MetadataWriter;
+import org.apache.ws.security.util.DOM2Writer;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
+
+
+public class MetadataServlet extends HttpServlet {
+
+    public static final String PARAM_REALM = "realm";
+    
+    private static final Logger LOG = LoggerFactory
+        .getLogger(MetadataServlet.class);
+    private static final long serialVersionUID = 1L;
+    
+    private ApplicationContext applicationContext;
+    private String realm;
+    
+    
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws
ServletException,
+        IOException {
+        response.setContentType("text/xml");
+        PrintWriter out = response.getWriter();
+        try {
+            ConfigService cs = (ConfigService)getApplicationContext().getBean("config");
+            IDPConfig idpConfig = cs.getIDPConfig(realm);
+            LOG.debug(idpConfig.toString());
+            MetadataWriter mw = new MetadataWriter();
+            Document metadata =  mw.getMetaData(idpConfig);
+            out.write(DOM2Writer.nodeToString(metadata));
+        } catch (Exception ex) {
+            LOG.error("Failed to get metadata document: ", ex);
+            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    @Override
+    public void init(ServletConfig config) throws ServletException {
+        super.init(config);
+        realm = config.getInitParameter(PARAM_REALM);
+        if (realm == null || realm.length() == 0) {
+            throw new ServletException("Servlet parameter '" + PARAM_REALM + "' not defined");
+        }
+    }
+
+    public ApplicationContext getApplicationContext() {
+        if (applicationContext == null) {
+            LOG.debug(this.getServletContext().toString());
+            applicationContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
+        }
+        return applicationContext;
+    }
+    
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java
Sat Aug 31 21:22:31 2013
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.util;
+
+import java.io.BufferedInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.CredentialException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.components.crypto.Merlin;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class CertsUtils {
+    
+    private static final Logger LOG = LoggerFactory.getLogger(CertsUtils.class);
+    
+    private CertsUtils() {
+        super();
+    }
+    
+    public static X509Certificate getX509Certificate(String filename) {
+        Certificate cert = null;
+        BufferedInputStream bis = null;
+        try {
+            
+            InputStream is = Merlin.loadInputStream(Thread.currentThread().getContextClassLoader(),
filename);
+            
+            //FileInputStream fis = new FileInputStream(filename);
+            bis = new BufferedInputStream(is);
+
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+            if (bis.available() > 0) {
+                cert = cf.generateCertificate(bis);
+                if (!(cert instanceof X509Certificate)) {
+                    LOG.error("Certificate " + filename + " is not of type X509Certificate");
+                    throw new RuntimeException("Certificate "
+                                                            + filename + " is not of type
X509Certificate");
+                }
+                if (bis.available() > 0) {
+                    LOG.warn("There are more certificates configured in " + filename + ".
Only first is parsed");
+                }
+                return (X509Certificate)cert;    
+            } else  {
+                LOG.error("No bytes can be read in certificate file " + filename);
+                throw new RuntimeException("No bytes can be read in certificate file " +
filename);
+            }
+        } catch (Exception ex) {
+            LOG.error("Failed to read certificate file " + filename, ex);
+            throw new RuntimeException("Failed to read certificate file " + filename, ex);
+        } finally {
+            try {
+                bis.close();
+            } catch (IOException ex) {
+                LOG.error("Failed to close certificate file " + filename, ex);
+            }
+        }
+    }
+    
+    public static Crypto createCrypto(String filename) {
+        Crypto crypto = null;
+        Properties prop = new Properties();
+        try {
+            //load a properties file
+            InputStream is = Merlin.loadInputStream(Thread.currentThread().getContextClassLoader(),
filename);
+            prop.load(is);
+            crypto = CryptoFactory.getInstance(prop);
+        } catch (WSSecurityException ex) {
+            LOG.error("Failed to load keystore " + prop.toString(), ex);
+            throw new RuntimeException("Failed to load keystore " + prop.toString());
+        } catch (IOException ex) {
+            LOG.error("Failed to read signing metadata key", ex);
+            throw new RuntimeException("Failed to read signing metadata key");
+        } catch (CredentialException ex) {
+            LOG.error("Failed to read signing metadata key", ex);
+            throw new RuntimeException("Failed to read signing metadata key");
+        }
+        return crypto;
+    }
+    
+    public static X509Certificate getX509Certificate(Crypto crypto, String keyAlias) throws
WSSecurityException {
+        if (keyAlias == null || "".equals(keyAlias)) {
+            keyAlias = crypto.getDefaultX509Identifier();
+        }
+        
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias(keyAlias);
+        X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
+        if (issuerCerts == null || issuerCerts.length == 0) {
+            throw new RuntimeException(
+                    "No issuer certs were found to sign the metadata using issuer name: "
+                            + keyAlias);
+        }
+        return issuerCerts[0];
+    }
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
Sat Aug 31 21:22:31 2013
@@ -0,0 +1,274 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.UUIDGenerator;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static org.apache.cxf.fediz.core.FederationConstants.SAML2_METADATA_NS;
+import static org.apache.cxf.fediz.core.FederationConstants.SCHEMA_INSTANCE_NS;
+import static org.apache.cxf.fediz.core.FederationConstants.WS_ADDRESSING_NS;
+import static org.apache.cxf.fediz.core.FederationConstants.WS_FEDERATION_NS;
+
+public class MetadataWriter {
+    
+    private static final Logger LOG = LoggerFactory.getLogger(MetadataWriter.class);
+    
+    private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newInstance();
+    private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
+    private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
+    private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
+    
+    static {
+        DOC_BUILDER_FACTORY.setNamespaceAware(true);
+    }
+
+    //CHECKSTYLE:OFF
+    public Document getMetaData(IDPConfig config) throws RuntimeException {
+        //Return as text/xml
+        try {
+            
+            Crypto crypto = CertsUtils.createCrypto(config.getCertificate());
+            
+            ByteArrayOutputStream bout = new ByteArrayOutputStream(4096);
+            Writer streamWriter = new OutputStreamWriter(bout);
+            XMLStreamWriter writer = XML_OUTPUT_FACTORY.createXMLStreamWriter(streamWriter);
+
+                        writer.writeStartDocument();
+
+            String referenceID = "_" + UUIDGenerator.getUUID();
+            writer.writeStartElement("", "EntityDescriptor", SAML2_METADATA_NS);
+            writer.writeAttribute("ID", referenceID);
+                      
+            writer.writeAttribute("entityID", config.getIdpUrl());
+
+            writer.writeNamespace("fed", WS_FEDERATION_NS);
+            writer.writeNamespace("wsa", WS_ADDRESSING_NS);
+            writer.writeNamespace("auth", WS_FEDERATION_NS);
+            writer.writeNamespace("xsi", SCHEMA_INSTANCE_NS);
+
+            writer.writeStartElement("fed", "RoleDescriptor", WS_FEDERATION_NS);
+            writer.writeAttribute(SCHEMA_INSTANCE_NS, "type", "fed:SecurityTokenServiceType");
+            writer.writeAttribute("protocolSupportEnumeration", WS_FEDERATION_NS);
+            if (config.getServiceDescription() != null && config.getServiceDescription().length()
> 0 ) {
+                writer.writeAttribute("ServiceDescription", config.getServiceDescription());
+            }
+            if (config.getServiceDisplayName() != null && config.getServiceDisplayName().length()
> 0 ) {
+                writer.writeAttribute("ServiceDisplayName", config.getServiceDisplayName());
+            }
+            
+            //http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
+            //missing organization, contactperson
+            
+            //KeyDescriptor
+            writer.writeStartElement("", "KeyDescriptor", SAML2_METADATA_NS);
+            writer.writeAttribute("use", "signing");
+            writer.writeStartElement("", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
+            writer.writeStartElement("", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
+            writer.writeStartElement("", "X509Certificate", "http://www.w3.org/2000/09/xmldsig#");
+            
+            try {
+                X509Certificate cert = CertsUtils.getX509Certificate(crypto, null);
+                writer.writeCharacters(Base64.encode(cert.getEncoded()));
+            } catch (Exception ex) {
+                LOG.error("Failed to add certificate information to metadata. Metadata incomplete",
ex);
+            }
+            
+            writer.writeEndElement(); // X509Certificate
+            writer.writeEndElement(); // X509Data
+            writer.writeEndElement(); // KeyInfo
+            writer.writeEndElement(); // KeyDescriptor
+            
+            
+            // SecurityTokenServiceEndpoint
+            writer.writeStartElement("fed", "SecurityTokenServiceEndpoint", WS_FEDERATION_NS);
+            writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
+
+            writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
+            writer.writeCharacters(config.getStsUrl());
+            
+            writer.writeEndElement(); // Address
+            writer.writeEndElement(); // EndpointReference
+            writer.writeEndElement(); // SecurityTokenServiceEndpoint
+            
+            
+            // PassiveRequestorEndpoint
+            writer.writeStartElement("fed", "PassiveRequestorEndpoint", WS_FEDERATION_NS);
+            writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
+
+            writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
+            writer.writeCharacters(config.getIdpUrl());
+            
+            writer.writeEndElement(); // Address
+            writer.writeEndElement(); // EndpointReference
+            writer.writeEndElement(); // PassiveRequestorEndpoint
+
+            
+            // create ClaimsType section
+            if (config.getClaimTypesOffered() != null && config.getClaimTypesOffered().size()
> 0) {
+                writer.writeStartElement("fed", "ClaimTypesOffered", WS_FEDERATION_NS);
+                for (String claim : config.getClaimTypesOffered()) {
+    
+                    writer.writeStartElement("auth", "ClaimType", WS_FEDERATION_NS);
+                    writer.writeAttribute("Uri", claim);
+                    writer.writeAttribute("Optional", "true");
+                    writer.writeEndElement(); // ClaimType
+    
+                }
+                writer.writeEndElement(); // ClaimTypesOffered
+            }
+            
+            writer.writeEndElement(); // RoleDescriptor
+            writer.writeEndElement(); // EntityDescriptor
+
+            writer.writeEndDocument();
+            streamWriter.flush();
+            bout.flush();
+            //
+
+            if (LOG.isDebugEnabled()) {
+                String out = new String(bout.toByteArray());
+                LOG.debug("***************** unsigned ****************");
+                LOG.debug(out);
+                LOG.debug("***************** unsigned ****************");
+            }
+            
+            InputStream is = new ByteArrayInputStream(bout.toByteArray());
+            
+            ByteArrayOutputStream result = signMetaInfo(crypto, config.getCertificatePassword(),
is, referenceID);
+            if (result != null) {
+                is = new ByteArrayInputStream(result.toByteArray());
+            } else {
+                throw new RuntimeException("Failed to sign the metadata document: result=null");
+            }
+        
+            return DOMUtils.readXml(is);
+        } catch (RuntimeException e) {
+            throw e;
+        } catch (Exception e) {
+            LOG.error("Error creating service metadata information ", e);
+            throw new RuntimeException("Error creating service metadata information: " +
e.getMessage());
+        }
+
+    }
+
+    
+    private ByteArrayOutputStream signMetaInfo(Crypto crypto, String keyPassword, InputStream
metaInfo, String referenceID) throws Exception {
+        String keyAlias = crypto.getDefaultX509Identifier(); //only one key supported in
JKS
+        X509Certificate cert = CertsUtils.getX509Certificate(crypto, keyAlias);
+                
+        // Create a Reference to the enveloped document (in this case,
+        // you are signing the whole document, so a URI of "" signifies
+        // that, and also specify the SHA1 digest algorithm and
+        // the ENVELOPED Transform.
+        Reference ref = XML_SIGNATURE_FACTORY.newReference("#" + referenceID, XML_SIGNATURE_FACTORY.newDigestMethod(DigestMethod.SHA1,
null), Collections
+            .singletonList(XML_SIGNATURE_FACTORY.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null)),
null, null);
+        
+        String signatureMethod = null;
+        if ("SHA1withDSA".equals(cert.getSigAlgName())) {
+            signatureMethod = SignatureMethod.DSA_SHA1;
+        } else if ("SHA1withRSA".equals(cert.getSigAlgName())) {
+            signatureMethod = SignatureMethod.RSA_SHA1;
+        } else {
+            LOG.error("Unsupported signature method: " + cert.getSigAlgName());
+            throw new RuntimeException("Unsupported signature method: " + cert.getSigAlgName());
+        }
+        // Create the SignedInfo.
+        SignedInfo si = XML_SIGNATURE_FACTORY.newSignedInfo(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
+                                                                        (C14NMethodParameterSpec)null),
XML_SIGNATURE_FACTORY
+            .newSignatureMethod(signatureMethod, null), Collections.singletonList(ref));
+        //      .newSignatureMethod(cert.getSigAlgOID(), null), Collections.singletonList(ref));
                                                                       
+        
+        PrivateKey keyEntry = crypto.getPrivateKey(keyAlias, keyPassword);
+        
+        // Create the KeyInfo containing the X509Data.
+        KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory();
+        List<Object> x509Content = new ArrayList<Object>();
+        x509Content.add(cert.getSubjectX500Principal().getName());
+        x509Content.add(cert);
+        X509Data xd = kif.newX509Data(x509Content);
+        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
+
+        // Instantiate the document to be signed.
+        Document doc = DOC_BUILDER_FACTORY.newDocumentBuilder().parse(metaInfo);
+
+        // Create a DOMSignContext and specify the RSA PrivateKey and
+        // location of the resulting XMLSignature's parent element.
+        DOMSignContext dsc = new DOMSignContext(keyEntry, doc.getDocumentElement());
+        dsc.setIdAttributeNS(doc.getDocumentElement(), null, "ID");
+        dsc.setNextSibling(doc.getDocumentElement().getFirstChild());
+
+        // Create the XMLSignature, but don't sign it yet.
+        XMLSignature signature = XML_SIGNATURE_FACTORY.newXMLSignature(si, ki);
+
+        // Marshal, generate, and sign the enveloped signature.
+        signature.sign(dsc);
+
+        // Output the resulting document.
+        ByteArrayOutputStream os = new ByteArrayOutputStream(8192);
+        Transformer trans = TRANSFORMER_FACTORY.newTransformer();
+        trans.transform(new DOMSource(doc), new StreamResult(os));
+        os.flush();
+        return os;
+    }    
+ 
+}

Added: cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreA.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreA.properties?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreA.properties (added)
+++ cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreA.properties Sat Aug 31 21:22:31
2013
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realma
+org.apache.ws.security.crypto.merlin.file=stsrealm_a.jks
+

Added: cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreB.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreB.properties?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreB.properties (added)
+++ cxf/fediz/trunk/services/idp/src/main/resources/stsKeystoreB.properties Sat Aug 31 21:22:31
2013
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realmb
+org.apache.ws.security.crypto.merlin.file=stsrealm_b.jks
+

Added: cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks?rev=1519228&view=auto
==============================================================================
Files cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks (added) and cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks
Sat Aug 31 21:22:31 2013 differ

Added: cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks?rev=1519228&view=auto
==============================================================================
Files cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks (added) and cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks
Sat Aug 31 21:22:31 2013 differ

Added: cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
(added)
+++ cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
Sat Aug 31 21:22:31 2013
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.util;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.service.ConfigService;
+import org.apache.ws.security.util.DOM2Writer;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.util.Assert;
+
+public class MetadataWriterTest {
+
+    private static ApplicationContext applicationContext;
+    
+    @BeforeClass
+    public static void init() {
+        applicationContext = new ClassPathXmlApplicationContext("/idp-config.xml");
+    }
+    
+    @Test
+    public void testWriteIDPMetadata() {
+        ConfigService config = (ConfigService)applicationContext.getBean("config");
+        Assert.notNull(config, "ConfigService must not be null");
+        IDPConfig idpConfig = config.getIDPConfig("urn:org:apache:cxf:fediz:idp:realm-A");
+        Assert.notNull(idpConfig, "IDPConfig must not be null");
+        
+        MetadataWriter writer = new MetadataWriter();
+        Document doc = writer.getMetaData(idpConfig);
+        Assert.notNull(doc, "doc must not be null");
+        
+        System.out.println(DOM2Writer.nodeToString(doc));
+        
+    }
+    
+}

Added: cxf/fediz/trunk/services/idp/src/test/resources/idp-config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/resources/idp-config.xml?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/resources/idp-config.xml (added)
+++ cxf/fediz/trunk/services/idp/src/test/resources/idp-config.xml Sat Aug 31 21:22:31 2013
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+	xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+	xmlns:sec="http://cxf.apache.org/configuration/security"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context-3.0.xsd
+        http://cxf.apache.org/jaxws                                     
+        http://cxf.apache.org/schemas/jaxws.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/transports/http/configuration
+        http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/configuration/security
+        http://cxf.apache.org/schemas/configuration/security.xsd">
+
+	<context:property-placeholder location="classpath:realm.properties"/>
+
+    <bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
+    	<property name="idpConfigs">
+    		<util:list>
+    			<ref bean="idp-realmA" />
+    		</util:list>
+    	</property>
+    	<property name="serviceConfigs">
+    		<util:list>
+    			<ref bean="srv-fedizhelloworld" />
+    		</util:list>
+    	</property>     	
+    </bean>        
+	
+    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+        <property name="uri" value="realma" />
+        <!--<property name="hrds" value="" />--> <!-- TBD, not defined, provide
list if enabled -->
+        <property name="provideIDPList" value="true" />
+        <property name="useCurrentIDP" value="true" />
+        <!-- <property name="certificate" value="realma.cert" />  -->   <!--
 STS will sign token, IDP signs Metadata -->
+        <property name="certificate" value="stsKeystoreA.properties" />
+        <property name="certificatePassword" value="realma" />
+        <property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMA" />
+        <property name="idpUrl" value="https://localhost:${realmA.port}/fediz-idp/federation"
/>
+        <property name="supportedProtocols">
+        	<util:list>
+        		<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+        		<value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+        	</util:list>
+        </property>
+        <property name="services">
+        	<util:map>
+				<entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld"
/>
+        	</util:map>
+        </property>
+        <property name="authenticationURIs">
+         	<util:map>
+				<entry key="default" value="/login/default" />
+        	</util:map>       
+        </property>
+        <property name="trustedIDPs">
+        	<util:map>
+				<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB" />
+        	</util:map>
+        </property>
+        <property name="serviceDisplayName" value="REALM A" />
+        <property name="serviceDescription" value="IDP of Realm A" />
+    </bean>
+
+
+    <bean id="trusted-idp-realmB" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:${realmB.port}/fediz-idp-remote/federation"
/>
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />  <!-- Required for Fediz
Core, Process SignInResponse -->
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
+        <property name="federationType" value="FederateIdentity" /> <!-- Required
for STS Relationship -->
+        <property name="name" value="REALM B" />
+        <property name="description" value="IDP of Realm B" />
+        <!--<property name="logo" value="true" />--> 
+    </bean>
+    
+    
+    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
+        <property name="serviceDisplayName" value="Fedizhelloworld" />
+        <property name="serviceDescription" value="Web Application to illustrate WS-Federation"
/>
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
+        <property name="lifeTime" value="3600" />
+        <!-- <property name="encryptionCertificate" value="" /> -->
+        <property name="requestedClaims">
+        	<util:list>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
/>
+        			<property name="optional" value="true" />
+        		</bean>        		        		        		
+        	</util:list>
+        </property>
+    </bean>
+        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+</beans>
+

Added: cxf/fediz/trunk/services/idp/src/test/resources/realm.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/resources/realm.properties?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/resources/realm.properties (added)
+++ cxf/fediz/trunk/services/idp/src/test/resources/realm.properties Sat Aug 31 21:22:31 2013
@@ -0,0 +1,3 @@
+realm.STS_URI=REALMA
+realmA.port=8443
+realmB.port=12443

Added: cxf/fediz/trunk/services/idp/src/test/resources/realma.cert
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/resources/realma.cert?rev=1519228&view=auto
==============================================================================
Files cxf/fediz/trunk/services/idp/src/test/resources/realma.cert (added) and cxf/fediz/trunk/services/idp/src/test/resources/realma.cert
Sat Aug 31 21:22:31 2013 differ

Added: cxf/fediz/trunk/services/idp/src/test/resources/stsKeystoreA.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/resources/stsKeystoreA.properties?rev=1519228&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/resources/stsKeystoreA.properties (added)
+++ cxf/fediz/trunk/services/idp/src/test/resources/stsKeystoreA.properties Sat Aug 31 21:22:31
2013
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realma
+org.apache.ws.security.crypto.merlin.file=stsrealm_a.jks
+

Added: cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks?rev=1519228&view=auto
==============================================================================
Files cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks (added) and cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks
Sat Aug 31 21:22:31 2013 differ



Mime
View raw message