From: <go...@us...> - 2011-03-03 11:52:13
|
Revision: 9165 http://unicore.svn.sourceforge.net/unicore/?rev=9165&view=rev Author: golbi Date: 2011-03-03 11:52:07 +0000 (Thu, 03 Mar 2011) Log Message: ----------- Fixed bugs in RPM's invocation script. Also changed behavior: when invoking via shell, the original arguments are used directly (previously were concatenated and reparsed). Modified Paths: -------------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/CLCExecutor.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/CLClient.java uvos/uvos-client/trunk/src/main/rpm/src/usr/bin/uvos-clc uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/CLClientTest.java Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/CLCExecutor.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/CLCExecutor.java 2011-03-03 10:15:41 UTC (rev 9164) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/CLCExecutor.java 2011-03-03 11:52:07 UTC (rev 9165) @@ -23,6 +23,21 @@ public class CLCExecutor { + private HashMap<String, AbstractAction> actions; + + private String commandLine = null; + private String parsedLine[] = null; + + private ConfigHelper conf; + + private String configFile = null; + + + private ConnectionManager connManager; + + private boolean interactive = false; + + private static class ExitAction extends AbstractAction { ExitAction(ConnectionManager cm) { super(cm, "exit", "Exits application", 0, "quit"); @@ -52,10 +67,9 @@ System.out.println("Help for command: " + args[1] + "\n" + a.getHelp()); } else { - System.out - .println("This is command line client which operates on " - + "UNICORE VO system. Type 'help <CMD>' to get help on " - + "every command. Available commands are:\n"); + System.out.println("This is command line client which operates on " + + "UNICORE VO system. Type 'help <CMD>' to get help on " + + "every command. Available commands are:\n"); Iterator<AbstractAction> it = actions.values().iterator(); List<AbstractAction> list = new ArrayList<AbstractAction>(); while (it.hasNext()) { @@ -75,6 +89,7 @@ return true; } } + private class HelpFullAction extends AbstractAction { HelpFullAction(ConnectionManager cm) { super(cm, "helpAll", "Provides full help for all commands.", 0); @@ -100,18 +115,8 @@ } } - private HashMap<String, AbstractAction> actions; - - private String commandLine = null; - - private ConfigHelper conf; - - private String configFile = null; - - private ConnectionManager connManager; - private boolean interactive = false; public CLCExecutor(){ } @@ -138,7 +143,7 @@ String cmdLine; try { cmdLine = in.readLine(); - end = !parseLine(cmdLine); + end = !invokeInteractiveCommand(cmdLine); } catch (IOException e) { end = true; e.printStackTrace(); @@ -155,6 +160,10 @@ return commandLine; } + public String[] getParsedLine() { + return parsedLine; + } + public void init() throws InternalException, IdentityNotKnownException, AuthenticationException, MalformedURLException { @@ -192,9 +201,12 @@ return interactive; } - public boolean parseLine(String cmdLine) throws UVOSException { + public boolean invokeInteractiveCommand(String cmdLine) throws UVOSException { String[] tokens = splitCmd(cmdLine); - + return parseLine(tokens); + } + + public boolean parseLine(String[] tokens) throws UVOSException { if (tokens.length == 0 || tokens[0].equals("")) return true; @@ -215,25 +227,24 @@ } private void printCLHelp() { - System.out - .println("This is a command line client which operates on a " - + "UNICORE VO system.\nIt can be used in both interactive and " - + "batch mode.\nThe basic syntax is:\n" - + " uvoscmd.??? [-c <configFile>] <-i|-b COMMAND ...>\n" - + "Options are:\n" - + " -i Enter an intearactive mode.\n" - + " -b Use batch mode. COMMAND is one of the commands used in " - + "interactive mode.\n" - + " Use 'help' command to see the list or 'help <CMD>' " - + "to get help on every command.\n\n" - + " -c Configuration file location.\n" - + "Without options this help message is printed. " - + "Options order must be preserved.\n\n" - + "By default the configuration file is read from the " - + ConfigLoader.DEF_CONFIG + " file.\n" - + "This can be changed by setting the " - + ConfigLoader.CONFIG_LOC_ENV - + " environment variable or by -c option."); + System.out.println("This is a command line client which operates on a " + + "UNICORE VO system.\nIt can be used in both interactive and " + + "batch mode.\nThe basic syntax is:\n" + + " uvoscmd.??? [-c <configFile>] <-i|-b COMMAND ...>\n" + + "Options are:\n" + + " -i Enter an intearactive mode.\n" + + " -b Use batch mode. COMMAND is one of the commands used in " + + "interactive mode.\n" + + " Use 'help' command to see the list or 'help <CMD>' " + + "to get help on every command.\n\n" + + " -c Configuration file location.\n" + + "Without options this help message is printed. " + + "Options order must be preserved.\n\n" + + "By default the configuration file is read from the " + + ConfigLoader.DEF_CONFIG + " file.\n" + + "This can be changed by setting the " + + ConfigLoader.CONFIG_LOC_ENV + + " environment variable or by -c option."); } public boolean processCommandLineAgrs(String[] args) { @@ -253,11 +264,10 @@ if (args[nextOpt].equals("-i")) { interactive = true; return true; - } else if (args[nextOpt].equals("-b") && args.length > 1) { - StringBuffer sb = new StringBuffer(); - for (int i = nextOpt + 1; i < args.length; i++) - sb.append(args[i] + " "); - commandLine = sb.toString(); + } else if (args[nextOpt].equals("-b") && args.length > nextOpt) { + parsedLine = new String[args.length - nextOpt - 1]; + for (int i = nextOpt + 1,j=0; i < args.length; i++,j++) + parsedLine[j] = args[i]; return true; } printCLHelp(); Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/CLClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/CLClient.java 2011-03-03 10:15:41 UTC (rev 9164) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/CLClient.java 2011-03-03 11:52:07 UTC (rev 9165) @@ -8,40 +8,19 @@ package pl.edu.icm.unicore.uvos.clc; -import java.io.IOException; -import java.lang.reflect.Constructor; -import java.net.MalformedURLException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; - -import jline.ConsoleReader; -import jline.SimpleCompletor; - -import pl.edu.icm.unicore.uvos.api.exceptions.AuthenticationException; -import pl.edu.icm.unicore.uvos.api.exceptions.IdentityNotKnownException; -import pl.edu.icm.unicore.uvos.api.exceptions.InternalException; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; -import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; -import pl.edu.icm.unicore.uvos.client.util.ConfigLoader; -import pl.edu.icm.unicore.uvos.util.Configuration; -import pl.edu.icm.unicore.uvos.wsclient.api.UVOSClientFactory; - /** - * Basic command line client for UVOS. - * + * Basic command line client for UVOS. + * * @author K. Benedyczak */ public class CLClient -{private static final int CONFIG_ERROR_CODE = 10; -private static final int COMMUNICATION_ERROR_CODE = 11; -private static final int SYNTAX_ERROR_CODE = 12; - - - +{ + private static final int CONFIG_ERROR_CODE = 10; + private static final int COMMUNICATION_ERROR_CODE = 11; + private static final int SYNTAX_ERROR_CODE = 12; + public static void main(String[] args) { try @@ -57,19 +36,15 @@ if (clc.isInteractive()) clc.commandLoop(); else - clc.parseLine(clc.getCommandLine()); + clc.parseLine(clc.getParsedLine()); } catch (UVOSException e) { e.printStackTrace(); - System.exit(COMMUNICATION_ERROR_CODE); + System.exit(COMMUNICATION_ERROR_CODE); } catch (Exception e) { e.printStackTrace(); System.exit(CONFIG_ERROR_CODE); } } - - } - - Modified: uvos/uvos-client/trunk/src/main/rpm/src/usr/bin/uvos-clc =================================================================== --- uvos/uvos-client/trunk/src/main/rpm/src/usr/bin/uvos-clc 2011-03-03 10:15:41 UTC (rev 9164) +++ uvos/uvos-client/trunk/src/main/rpm/src/usr/bin/uvos-clc 2011-03-03 11:52:07 UTC (rev 9165) @@ -91,14 +91,11 @@ -PARAM=$* - - # #go # -$JAVA "${Options[@]}" ${UVOSCLC_OPTS} -cp ${CP} pl.edu.icm.unicore.uvos.clc.CLClient ${PARAM} +$JAVA "${Options[@]}" ${UVOSCLC_OPTS} -cp ${CP} pl.edu.icm.unicore.uvos.clc.CLClient ${1+"$@"} Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java 2011-03-03 10:15:41 UTC (rev 9164) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java 2011-03-03 11:52:07 UTC (rev 9165) @@ -49,7 +49,6 @@ voAuthz, voQuery, voQueryHistory, voApps, null); CLClientExec = new CLCExecutor(connectionManager); CLClientExec.registerAllActions(); - } public void testGroupActions() { @@ -91,13 +90,13 @@ try { - CLClientExec.parseLine("addGroup / A"); - CLClientExec.parseLine("copyGroup /A / false COPYA"); - CLClientExec.parseLine("removeGroup /A true"); - CLClientExec.parseLine("removeGroup /COPYA true"); - CLClientExec.parseLine("getAllGroups email an...@ex..."); - CLClientExec.parseLine("removeFromGroup email an...@ex... /A"); - CLClientExec.parseLine("addToGroup email an...@ex... /A"); + CLClientExec.invokeInteractiveCommand("addGroup / A"); + CLClientExec.invokeInteractiveCommand("copyGroup /A / false COPYA"); + CLClientExec.invokeInteractiveCommand("removeGroup /A true"); + CLClientExec.invokeInteractiveCommand("removeGroup /COPYA true"); + CLClientExec.invokeInteractiveCommand("getAllGroups email an...@ex..."); + CLClientExec.invokeInteractiveCommand("removeFromGroup email an...@ex... /A"); + CLClientExec.invokeInteractiveCommand("addToGroup email an...@ex... /A"); } catch (Exception e1) { fail("Group action fail"); @@ -134,15 +133,13 @@ try { - CLClientExec - .parseLine("addIdentity email te...@ex... Johnny"); - CLClientExec.parseLine("removeIdentity email te...@ex..."); + CLClientExec.invokeInteractiveCommand("addIdentity email te...@ex... Johnny"); + CLClientExec.invokeInteractiveCommand("removeIdentity email te...@ex..."); - CLClientExec.parseLine("getMyIds"); + CLClientExec.invokeInteractiveCommand("getMyIds"); - CLClientExec.parseLine("getAllIdentities"); - CLClientExec - .parseLine("addEquivalentIdentity email te...@ex... email te...@ex..."); + CLClientExec.invokeInteractiveCommand("getAllIdentities"); + CLClientExec.invokeInteractiveCommand("addEquivalentIdentity email te...@ex... email te...@ex..."); } catch (Exception e1) { fail("Identity action fail"); @@ -175,10 +172,9 @@ try { - CLClientExec - .parseLine("addNotification addGroup rec...@ex... /Math-VO"); - CLClientExec.parseLine("removeNotification 3"); - CLClientExec.parseLine("getNotifications addGroup /Math-VO"); + CLClientExec.invokeInteractiveCommand("addNotification addGroup rec...@ex... /Math-VO"); + CLClientExec.invokeInteractiveCommand("removeNotification 3"); + CLClientExec.invokeInteractiveCommand("getNotifications addGroup /Math-VO"); } catch (Exception e1) { fail("Notification action fail"); @@ -218,15 +214,15 @@ } try { - CLClientExec.parseLine("setAuthz /some/group m -f--"); - CLClientExec.parseLine("setAuthz /some/group o -f--"); - CLClientExec.parseLine("setAuthz /some/group a -f-- null"); - CLClientExec.parseLine("removeAuthz /some/group m"); - CLClientExec.parseLine("removeAuthz /some/group o"); - CLClientExec.parseLine("removeAuthz /some/group a null"); - CLClientExec.parseLine("getAuthz global"); - CLClientExec.parseLine("getAuthz group /some/group o"); - CLClientExec.parseLine("getAuthz group /some/group a"); + CLClientExec.invokeInteractiveCommand("setAuthz /some/group m -f--"); + CLClientExec.invokeInteractiveCommand("setAuthz /some/group o -f--"); + CLClientExec.invokeInteractiveCommand("setAuthz /some/group a -f-- null"); + CLClientExec.invokeInteractiveCommand("removeAuthz /some/group m"); + CLClientExec.invokeInteractiveCommand("removeAuthz /some/group o"); + CLClientExec.invokeInteractiveCommand("removeAuthz /some/group a null"); + CLClientExec.invokeInteractiveCommand("getAuthz global"); + CLClientExec.invokeInteractiveCommand("getAuthz group /some/group o"); + CLClientExec.invokeInteractiveCommand("getAuthz group /some/group a"); } catch (Exception e1) { fail("Auth action fail"); @@ -281,22 +277,14 @@ } try { - CLClientExec - .parseLine("enableAttribute ig email an...@ex... /group urn:unicore:attrType:user:proffession scientist"); - CLClientExec - .parseLine("disableAttribute ig email an...@ex... /group urn:unicore:attrType:user:proffession scientist"); - CLClientExec - .parseLine("getAttribute ig email an...@ex... /group urn:unicore:attrType:user:proffession"); - CLClientExec - .parseLine("getAttributes ig email an...@ex... /group"); - CLClientExec - .parseLine("getDisabledAttributes ig email an...@ex... /group"); - CLClientExec - .parseLine("removeAttribute ig email an...@ex... /group urn:unicore:attrType:user:proffession"); + CLClientExec.invokeInteractiveCommand("enableAttribute ig email an...@ex... /group urn:unicore:attrType:user:proffession scientist"); + CLClientExec.invokeInteractiveCommand("disableAttribute ig email an...@ex... /group urn:unicore:attrType:user:proffession scientist"); + CLClientExec.invokeInteractiveCommand("getAttribute ig email an...@ex... /group urn:unicore:attrType:user:proffession"); + CLClientExec.invokeInteractiveCommand("getAttributes ig email an...@ex... /group"); + CLClientExec.invokeInteractiveCommand("getDisabledAttributes ig email an...@ex... /group"); + CLClientExec.invokeInteractiveCommand("removeAttribute ig email an...@ex... /group urn:unicore:attrType:user:proffession"); + CLClientExec.invokeInteractiveCommand(" setAttribute ig email an...@ex... /group true urn:unicore:attrType:user:proffession scientist"); - CLClientExec - .parseLine(" setAttribute ig email an...@ex... /group true urn:unicore:attrType:user:proffession scientist"); - } catch (Exception e1) { fail("Attribute action fail"); e1.printStackTrace(); @@ -332,12 +320,12 @@ } try { - CLClientExec.parseLine("getApplication email te...@te..."); - CLClientExec.parseLine("getApplicationForms"); - CLClientExec.parseLine("getApplications 1 " + CLClientExec.invokeInteractiveCommand("getApplication email te...@te..."); + CLClientExec.invokeInteractiveCommand("getApplicationForms"); + CLClientExec.invokeInteractiveCommand("getApplications 1 " + ApplicationStatus.ACCEPTED); - CLClientExec.parseLine("processApplication 1 REJECT true notes"); - CLClientExec.parseLine("removeApplicationForm 1"); + CLClientExec.invokeInteractiveCommand("processApplication 1 REJECT true notes"); + CLClientExec.invokeInteractiveCommand("removeApplicationForm 1"); } catch (Exception e1) { fail("Application action fail"); e1.printStackTrace(); @@ -365,11 +353,11 @@ } try { - CLClientExec.parseLine("changePasswd email an...@ex... SecreT"); - CLClientExec.parseLine("purgeHistory 2007-03-28 21:49:00"); - CLClientExec.parseLine("getPerms group /some/group email an...@ex..."); - CLClientExec.parseLine("getEvents from 2007-03-28 21:49:00 to 2008-03-28 21:49:00"); - CLClientExec.parseLine("areEquivalent email an...@ex... email an...@ex..."); + CLClientExec.invokeInteractiveCommand("changePasswd email an...@ex... SecreT"); + CLClientExec.invokeInteractiveCommand("purgeHistory 2007-03-28 21:49:00"); + CLClientExec.invokeInteractiveCommand("getPerms group /some/group email an...@ex..."); + CLClientExec.invokeInteractiveCommand("getEvents from 2007-03-28 21:49:00 to 2008-03-28 21:49:00"); + CLClientExec.invokeInteractiveCommand("areEquivalent email an...@ex... email an...@ex..."); } catch (Exception e1) { fail("Action fail"); @@ -379,7 +367,7 @@ context.assertIsSatisfied(); try { - CLClientExec.parseLine("setTime 2007-01-01 23:56:00"); + CLClientExec.invokeInteractiveCommand("setTime 2007-01-01 23:56:00"); } catch (Exception e1) { fail("Action setTime fail"); e1.printStackTrace(); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/CLClientTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/CLClientTest.java 2011-03-03 10:15:41 UTC (rev 9164) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/CLClientTest.java 2011-03-03 11:52:07 UTC (rev 9165) @@ -13,11 +13,16 @@ e = new CLCExecutor(); String[] args2 = { "-c","test.conf", "-b", - "addToGroup email an...@ex... /A" }; + "addToGroup", "email", "a nn...@ex...", "/A"}; e.processCommandLineAgrs(args2); assertFalse(e.isInteractive()); System.out.println(e.getCommandLine()); - assertEquals("addToGroup email an...@ex... /A ", e.getCommandLine()); + String[] l = e.getParsedLine(); + assertEquals(l.length, 4); + assertEquals("addToGroup", l[0]); + assertEquals("email", l[1]); + assertEquals("a nn...@ex...", l[2]); + assertEquals("/A", l[3]); } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <go...@us...> - 2011-05-01 15:01:03
|
Revision: 10090 http://unicore.svn.sourceforge.net/unicore/?rev=10090&view=rev Author: golbi Date: 2011-05-01 15:00:56 +0000 (Sun, 01 May 2011) Log Message: ----------- removed old docs dir, updated rpm and assembly Modified Paths: -------------- uvos/uvos-client/trunk/src/assembly/assembly.xml uvos/uvos-client/trunk/src/main/package/conf.properties Added Paths: ----------- uvos/uvos-client/trunk/src/main/doc/Changes.txt Removed Paths: ------------- uvos/uvos-client/trunk/src/main/docs/ Modified: uvos/uvos-client/trunk/src/assembly/assembly.xml =================================================================== --- uvos/uvos-client/trunk/src/assembly/assembly.xml 2011-05-01 14:59:30 UTC (rev 10089) +++ uvos/uvos-client/trunk/src/assembly/assembly.xml 2011-05-01 15:00:56 UTC (rev 10090) @@ -2,7 +2,6 @@ <id>dist</id> <formats> <format>tar.gz</format> - <format>zip</format> </formats> <fileSets> @@ -14,11 +13,11 @@ </fileSet> <fileSet> <directory>target/site/apidocs</directory> - <outputDirectory>/docs/apidocs</outputDirectory> + <outputDirectory>/doc/apidocs</outputDirectory> </fileSet> <fileSet> - <directory>src/main/docs</directory> - <outputDirectory>/docs</outputDirectory> + <directory>src/main/doc</directory> + <outputDirectory>/doc</outputDirectory> </fileSet> <fileSet> Added: uvos/uvos-client/trunk/src/main/doc/Changes.txt =================================================================== --- uvos/uvos-client/trunk/src/main/doc/Changes.txt (rev 0) +++ uvos/uvos-client/trunk/src/main/doc/Changes.txt 2011-05-01 15:00:56 UTC (rev 10090) @@ -0,0 +1,73 @@ +---------------------------------- +Release 1.4.1 - +---------------------------------- + + - RPM packaging for SL5, CENTOS5, RHEL 5, recent Fedoras. + - Changed invocation script. When application is called in batch mode + directly from shell then parameters containing spaces need not to be + cited twice. + +---------------------------------- +Release 1.4.0 - 10-12-2010 +---------------------------------- + + - Fixed bug with attribute value encoding. Currently all UTF-8 characters are properly + passed to the server, regardless of the local system settings. (B #3163928) + - Added quit alias to exit + +---------------------------------- +Release 1.3.3 - 28-02-2010 +---------------------------------- + + - Added proper connection timeouts. + - Simple SAML test tool (SAMLSelfClient) is using the same configuration as the UVOS CLC application. + - SAML self query test tool script has a new name, and the script starting an internal and not + generally usable 'WebClient' was removed. + - Added a new action to UVOS CLC - 'getApplication' which allows for geting an application id + by providing a requested identity value. + +---------------------------------- +Release 1.3.2 - 5-02-2010 +---------------------------------- + + - Interactive mode has better interface: there is history and command editing support + also a partial command completion is provided. + - It is possible to change configuration file location by command line switch or by + environment variable. + - CLC code was cleaned up. Uniform command names are used (get*, not list*). + For backwards compatibility old names are also supported as aliases. + - Return value of the command line client is non zero on error. + + +---------------------------------- +Release 1.3.1 - 19-02-2009 +---------------------------------- + + - Fixed a bug that prevented correct fault to exception conversion. + + +---------------------------------- +Release 1.2 - 17-08-2008 +---------------------------------- + + - Added support for disabling/enabling users. + - Notifications management added + + +---------------------------------- +Release 1.1 - 10-07-2008 +---------------------------------- + + - Batch mode added. + - Modification of HTTP Authn settings for the library is possible, + no more shared factory instance is used. + - Unit tests use embeded server. + - Authentication unit tests added. + - Support for ETD was added. + + +---------------------------------- +Release 1.0 - 19-03-2008 +---------------------------------- + + - updated docs Modified: uvos/uvos-client/trunk/src/main/package/conf.properties =================================================================== --- uvos/uvos-client/trunk/src/main/package/conf.properties 2011-05-01 14:59:30 UTC (rev 10089) +++ uvos/uvos-client/trunk/src/main/package/conf.properties 2011-05-01 15:00:56 UTC (rev 10090) @@ -3,7 +3,7 @@ #Files from src copied to rpm and deb files.usr.share.doc.1=LICENSE.ICM -files.usr.share.doc.2=src/main/docs/* +files.usr.share.doc.2=src/main/doc/* files.etc.1=src/main/conf/log4j.properties This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <go...@us...> - 2011-09-04 08:06:11
|
Revision: 11088 http://unicore.svn.sourceforge.net/unicore/?rev=11088&view=rev Author: golbi Date: 2011-09-04 08:06:04 +0000 (Sun, 04 Sep 2011) Log Message: ----------- Added interface to the glue client to fix tests mockery Modified Paths: -------------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/ConnectionManager.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSGLUEClient.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java Added Paths: ----------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSGLUEExtInterface.java Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/ConnectionManager.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/ConnectionManager.java 2011-09-03 12:40:53 UTC (rev 11087) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/ConnectionManager.java 2011-09-04 08:06:04 UTC (rev 11088) @@ -11,11 +11,11 @@ import java.util.Date; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSAuthZExtInterface; +import pl.edu.icm.unicore.uvos.wsclient.api.UVOSGLUEExtInterface; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSManagementExtInterface; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSQueryExtInterface; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSQueryHistoryExtInterface; import pl.edu.icm.unicore.uvos.wsclient.api.VOApplicationExtInterface; -import pl.edu.icm.unicore.uvos.wsclient.api.WSGLUEClient; public class ConnectionManager { @@ -24,7 +24,7 @@ UVOSQueryExtInterface voQuery; UVOSQueryHistoryExtInterface voQueryHistory; VOApplicationExtInterface voApps; - WSGLUEClient glueIP; + UVOSGLUEExtInterface glueIP; Date qTime = null; public ConnectionManager(UVOSManagementExtInterface voMan, @@ -32,7 +32,7 @@ UVOSQueryExtInterface voQuery, UVOSQueryHistoryExtInterface voQueryHistory, VOApplicationExtInterface voApps, - WSGLUEClient glueIP, + UVOSGLUEExtInterface glueIP, Date qTime) { super(); Added: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSGLUEExtInterface.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSGLUEExtInterface.java (rev 0) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSGLUEExtInterface.java 2011-09-04 08:06:04 UTC (rev 11088) @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2011 ICM Uniwersytet Warszawski All rights reserved. + * See LICENCE file for licencing information. + * + * Created on 03-09-2011 + * Author: K. Benedyczak <go...@ma...> + */ +package pl.edu.icm.unicore.uvos.wsclient.api; + +import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; +import xmlbeans.pl.edu.icm.uvos.cisprovider.GetServiceInfoResponseDocument; +import xmlbeans.pl.edu.icm.uvos.glue2.ServiceT; + +/** + * Client interface for querying the UVOS GLUE endpoint. + * + * @author K. Benedyczak + */ +public interface UVOSGLUEExtInterface +{ + /** + * @return a string with a server's version. + * @throws UVOSException + */ + public String getServerVersion() throws UVOSException; + + /** + * @return a multiline string which contains information on server's distribution, + * or empty string if distribution information is unknown. + * @throws UVOSException + */ + public String getServerDistribution() throws UVOSException; + + /** + * @return a multiline string with basic information about the server including its + * name, version and distribution. + * @throws UVOSException + */ + public String getServerDescription() throws UVOSException; + + /** + * @return an array with GLUE 2 description of the services as retrieved from the server. + * @throws UVOSException + */ + public ServiceT[] getServicesInformation() throws UVOSException; + + /** + * @return a raw GLUE 2 document as retrieved from the server. + * @throws UVOSException + */ + public GetServiceInfoResponseDocument getServiceInfo() throws UVOSException; +} Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSGLUEClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSGLUEClient.java 2011-09-03 12:40:53 UTC (rev 11087) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSGLUEClient.java 2011-09-04 08:06:04 UTC (rev 11088) @@ -20,7 +20,7 @@ * * @author K. Benedyczak */ -public class WSGLUEClient +public class WSGLUEClient implements UVOSGLUEExtInterface { private CISInfoProvider proxy; Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java 2011-09-03 12:40:53 UTC (rev 11087) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java 2011-09-04 08:06:04 UTC (rev 11088) @@ -21,11 +21,11 @@ import pl.edu.icm.unicore.uvos.clc.CLCExecutor; import pl.edu.icm.unicore.uvos.clc.ConnectionManager; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSAuthZExtInterface; +import pl.edu.icm.unicore.uvos.wsclient.api.UVOSGLUEExtInterface; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSManagementExtInterface; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSQueryExtInterface; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSQueryHistoryExtInterface; import pl.edu.icm.unicore.uvos.wsclient.api.VOApplicationExtInterface; -import pl.edu.icm.unicore.uvos.wsclient.api.WSGLUEClient; import pl.edu.icm.unicore.uvos.api.ModificationEvent; public class ActionTest extends TestCase { @@ -35,7 +35,7 @@ UVOSQueryExtInterface voQuery; UVOSQueryHistoryExtInterface voQueryHistory; VOApplicationExtInterface voApps; - WSGLUEClient glueClient; + UVOSGLUEExtInterface glueClient; CLCExecutor CLClientExec; @@ -47,7 +47,7 @@ voQuery = context.mock(UVOSQueryExtInterface.class); voQueryHistory = context.mock(UVOSQueryHistoryExtInterface.class); voApps = context.mock(VOApplicationExtInterface.class); - glueClient = context.mock(WSGLUEClient.class); + glueClient = context.mock(UVOSGLUEExtInterface.class); ConnectionManager connectionManager = new ConnectionManager(voMan, voAuthz, voQuery, voQueryHistory, voApps, glueClient, null); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <go...@us...> - 2012-01-25 20:21:51
|
Revision: 12357 http://unicore.svn.sourceforge.net/unicore/?rev=12357&view=rev Author: golbi Date: 2012-01-25 20:21:45 +0000 (Wed, 25 Jan 2012) Log Message: ----------- Fixed URL for bugs reporter, added better diagnostic messages in case of misconfiguration of SAML client Modified Paths: -------------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java 2012-01-25 20:17:58 UTC (rev 12356) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java 2012-01-25 20:21:45 UTC (rev 12357) @@ -19,6 +19,7 @@ import eu.unicore.samly2.assertion.Assertion; import eu.unicore.samly2.proto.AbstractRequest; import eu.unicore.samly2.proto.AbstractStatusResponse; +import eu.unicore.security.SecurityException; import eu.unicore.security.dsig.DSigException; import eu.unicore.security.util.client.IAuthenticationConfiguration; @@ -48,6 +49,16 @@ private void initSecData(IAuthenticationConfiguration secProv) throws SecuritySetupException { + if (secProv.getKeystore() == null) + throw new SecurityException("SAML client configuration: keystore should not be null"); + if (secProv.getKeystoreType() == null) + throw new SecurityException("SAML client configuration: keystore type should not be null"); + if (secProv.getKeystorePassword() == null) + throw new SecurityException("SAML client configuration: keystore password should not be null"); + if (secProv.getKeystoreKeyPassword() == null) + throw new SecurityException("SAML client configuration: keystore key password should not be null"); + if (secProv.getKeystoreAlias() == null) + throw new SecurityException("SAML client configuration: keystore key alias should not be null"); try { KeyStore ks = KeyStore.getInstance(secProv.getKeystoreType()); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java 2012-01-25 20:17:58 UTC (rev 12356) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java 2012-01-25 20:21:45 UTC (rev 12357) @@ -214,7 +214,7 @@ } } - @RegressionTest(url="https://sourceforge.net/tracker/?group_id=102081&atid=1437373") + @RegressionTest(url="https://sourceforge.net/tracker/?func=detail&aid=3479285&group_id=102081&atid=1437373") public void testInteropAttributeFiltering() { SAMLVOQueryClient client; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <go...@us...> - 2012-04-25 09:53:48
|
Revision: 13300 http://unicore.svn.sourceforge.net/unicore/?rev=13300&view=rev Author: golbi Date: 2012-04-25 09:24:57 +0000 (Wed, 25 Apr 2012) Log Message: ----------- Refactored the dsig checking API of SAML assertions. Should be much safer now. Modified Paths: -------------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/SAMLSelfInfoClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientPOST.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientSOAP.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClientInterface.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAuthNTest.java Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/SAMLSelfInfoClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/SAMLSelfInfoClient.java 2012-04-25 06:45:10 UTC (rev 13299) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/SAMLSelfInfoClient.java 2012-04-25 09:24:57 UTC (rev 13300) @@ -69,7 +69,7 @@ Identity subject = new Identity(IdentityType.DN, dn); System.out.println("Quering for DN: " + dn); client = new SAMLVOQueryClient(addr, conf); - client.setDSigPolicy(false, true, null); + client.setDSigPolicy(false, true, conf.getCredential(), conf.getValidator()); List<Attribute> attrs; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java 2012-04-25 06:45:10 UTC (rev 13299) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java 2012-04-25 09:24:57 UTC (rev 13300) @@ -15,11 +15,11 @@ import eu.emi.security.authn.x509.ValidationResult; import eu.emi.security.authn.x509.X509CertChainValidator; +import eu.emi.security.authn.x509.X509Credential; import eu.unicore.samly2.assertion.Assertion; import eu.unicore.samly2.proto.AbstractRequest; import eu.unicore.samly2.proto.AbstractStatusResponse; import eu.unicore.security.dsig.DSigException; -import eu.unicore.security.util.IAuthnAndTrustConfiguration; /** * This class provides a base for Client implementations. @@ -39,44 +39,92 @@ /** * * @param secCfg credential from this object is used for creating signatures. - * Validator is used only during verification and also when verification key + * Validator is used only during verification when the verification key * was not set manually. * @throws SecuritySetupException * @throws MalformedURLException */ - protected AbstractSAMLBase(IAuthnAndTrustConfiguration secCfg) + protected AbstractSAMLBase() throws SecuritySetupException, MalformedURLException { - this.privKey = secCfg.getCredential().getKey(); - this.certificateC = secCfg.getCredential().getCertificateChain(); - this.validator = secCfg.getValidator(); requireSignedAssertion = false; requireSignedResp = false; doSignRequest = false; } - + /** - * Set signing policy, i.e. what is required and checked in received SAML assertions. - * @param requireSignedResp We require that the response must be signed. Usually this is not needed. + * Set signing policy, i.e. what is required and checked in received SAML assertions. + * This method variant sets a fixed verification key, which must be trusted. Signature of + * a SAML response or assertion will be accepted only if is matching to this key, but this key + * itself is not anyhow verified. + * @param requireSignedReqResp We require that the response must be signed. Usually this is not needed. * This argument also controls whether queries are signed. * @param requireSignedAssertion We require that the assertion in response should be signed. - * @param publicKey Public key which should be used for signature verification. May be null - - * then signature will be checked with the key of the issuer certificate if it is - * found in the response. Note that this key, if set, is not anyhow verified - - * it is just assumed to be trusted. + * @param credential Credential used for creating signatures. May be null (is ignored) if requireSignedReqResp + * is false + * @param publicKey Public key which should be used for signature verification. May be null only if both + * require arguments are false */ - public void setDSigPolicy(boolean requireSignedResp, boolean requireSignedAssertion, - PublicKey publicKey) + public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, + X509Credential credential, PublicKey publicKey) { - this.requireSignedAssertion = requireSignedAssertion; - this.requireSignedResp = requireSignedResp; - this.doSignRequest = requireSignedResp; + if (publicKey == null && (requireSignedAssertion || requireSignedReqResp)) + throw new IllegalArgumentException("Public key can not be null " + + "if signature checking is required."); + setDSigPolicyCommon(requireSignedReqResp, requireSignedAssertion, credential); this.publicKey = publicKey; + validator = null; } + /** + * Set signing policy, i.e. what is required and checked in received SAML assertions. + * This method variant sets a fixed verification key, which must be trusted. Signature of + * a SAML response or assertion will be accepted only if is matching to this key, but this key + * itself is not anyhow verified. + * @param requireSignedReqResp We require that the response must be signed. Usually this is not needed. + * This argument also controls whether queries are signed. + * @param requireSignedAssertion We require that the assertion in response should be signed. + * @param credential Credential used for creating signatures. May be null (is ignored) if requireSignedReqResp + * is false + * @param validator object used to validate the issuer certificate of a signature. Remember that usually this + * should be a different validator then the (much broader) one used for TLS connections. Typically it + * should contain only the trusted SAML authority certificates in its trust store. + */ + public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, + X509Credential credential, X509CertChainValidator validator) + { + if (validator == null && (requireSignedAssertion || requireSignedReqResp)) + throw new IllegalArgumentException("Validator can not be null " + + "if signature checking is required."); + setDSigPolicyCommon(requireSignedReqResp, requireSignedAssertion, credential); + this.publicKey = null; + this.validator = validator; + } + /*-******************************************************** * utility methods *-********************************************************/ + + protected void setDSigPolicyCommon(boolean requireSignedReqResp, boolean requireSignedAssertion, + X509Credential credential) + { + if (credential == null && requireSignedReqResp) + throw new IllegalArgumentException("Credential can not be null " + + "if request signing is required."); + + this.requireSignedAssertion = requireSignedAssertion; + this.requireSignedResp = requireSignedReqResp; + this.doSignRequest = requireSignedReqResp; + if (credential != null) + { + this.certificateC = credential.getCertificateChain(); + this.privKey = credential.getKey(); + } else + { + this.certificateC = null; + this.privKey = null; + } + } protected void signIfNeeded(AbstractRequest req) throws InvalidSignatureException { Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientPOST.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientPOST.java 2012-04-25 06:45:10 UTC (rev 13299) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientPOST.java 2012-04-25 09:24:57 UTC (rev 13300) @@ -15,6 +15,8 @@ import org.apache.xmlbeans.XmlException; import org.apache.xmlbeans.impl.util.Base64; +import eu.emi.security.authn.x509.X509CertChainValidator; +import eu.emi.security.authn.x509.X509Credential; import eu.unicore.samly2.SAMLConstants; import eu.unicore.samly2.assertion.Assertion; import eu.unicore.samly2.elements.NameID; @@ -41,44 +43,46 @@ protected NameID issuer; /** - * Use this constructor if you want to use HTTP POST SAML binding (usual case). + * Setups the object. * @param address server address to use. - * @param secProv security configuration (used to setup TLS and to sign messages) + * @param secProv security configuration used to setup TLS and local identity * @param issuer URI which will be used as SAML request issuer (of SAML type 'entity'). + * @param returnURL return URL + * @param validator used to check retrieved assertion signature issuer * @throws SecuritySetupException * @throws MalformedURLException */ public SAMLVOAuthnClientPOST(IClientConfiguration secProv, - URI issuer, URI returnURL) + URI issuer, URI returnURL, X509CertChainValidator validator) throws SecuritySetupException, MalformedURLException { - super(secProv); + super(); this.returnURL = returnURL.toString(); if (issuer == null) throw new IllegalArgumentException("No issuer was provided"); this.issuer = new NameID(issuer.toString(), SAMLConstants.NFORMAT_ENTITY); - doSignRequest = true; - requireSignedAssertion = true; + setDSigPolicy(true, true, secProv.getCredential(), validator); } - /** - * Sets IdP public key for assertion signature verification. - * @param publicKey - */ - public void setDSigPolicy(PublicKey publicKey) + @Override + public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, + X509Credential credential, PublicKey publicKey) { - this.publicKey = publicKey; + if (!requireSignedAssertion) + throw new IllegalArgumentException("For SAML authentication, the signatures of " + + "response assertions must be required"); + super.setDSigPolicy(requireSignedReqResp, requireSignedAssertion, credential, publicKey); } - /** - * Don't use this method - it is equivalent to one arg version. - */ @Override - public void setDSigPolicy(boolean requireSignedResp, - boolean requireSignedAssertion, PublicKey publicKey) + public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, + X509Credential credential, X509CertChainValidator validator) { - setDSigPolicy(publicKey); + if (!requireSignedAssertion) + throw new IllegalArgumentException("For SAML authentication, the signatures of " + + "response assertions must be required"); + super.setDSigPolicy(requireSignedReqResp, requireSignedAssertion, credential, validator); } /** Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientSOAP.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientSOAP.java 2012-04-25 06:45:10 UTC (rev 13299) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientSOAP.java 2012-04-25 09:24:57 UTC (rev 13300) @@ -12,6 +12,8 @@ import java.net.URI; import java.security.PublicKey; +import eu.emi.security.authn.x509.X509CertChainValidator; +import eu.emi.security.authn.x509.X509Credential; import eu.unicore.samly2.assertion.Assertion; import eu.unicore.samly2.exceptions.SAMLParseException; import eu.unicore.samly2.proto.AssertionResponse; @@ -32,7 +34,6 @@ * <ul> * <li>Always requires signed assertion in response. * <li>Always signing the request. - * <li>Response signature is not checked (not suggested by spec ;-). * </ul> * @author K. Benedyczak */ @@ -46,54 +47,50 @@ * @param address server address to use. * @param secProv security configuration (used to setup TLS and to sign messages) * @param issuer URI which will be used as SAML request issuer (of SAML type 'entity'). + * @param validator used to check assertion signature issuer * @throws SecuritySetupException * @throws MalformedURLException */ public SAMLVOAuthnClientSOAP(String address, IClientConfiguration secProv, - URI issuer) + URI issuer, X509CertChainValidator validator) throws SecuritySetupException, MalformedURLException { super(address, secProv, issuer); - requireSignedAssertion = true; - doSignRequest = true; - requireSignedResp = false; + setDSigPolicy(true, true, secProv.getCredential(), validator); try { if (proxy == null) proxy = fact.getSAMLAuthnClient(address); } catch (MalformedURLException e){} - util = new SAMLVOAuthnClientPOST(secProv, issuer, issuer); + util = new SAMLVOAuthnClientPOST(secProv, issuer, issuer, validator); } - /** - * Warning! This method have different semantics as typical setDSigPolicy - * used in other SAML clients from this library. - * <p> - * Requests are always signed, and returned assertions are required to be signed too. - * UVOS server will not sign responses. - * @param publicKey public key used to verify signature. If null then only signature corectness - * will be checked but not if it was created by a trusted party. - */ - public void setDSigPolicy(PublicKey publicKey) + @Override + public Object getProxy() { - this.publicKey = publicKey; + return proxy; } - /** - * Don't use this method - the first two arguments are ignored. Use the - * version with only one argument. - */ @Override - public void setDSigPolicy(boolean a, boolean b, PublicKey publicKey) + public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, + X509Credential credential, PublicKey publicKey) { - setDSigPolicy(publicKey); + if (!requireSignedAssertion) + throw new IllegalArgumentException("For SAML authentication, the signatures of " + + "response assertions must be required"); + super.setDSigPolicy(requireSignedReqResp, requireSignedAssertion, credential, publicKey); + requireSignedResp = false; } - @Override - public Object getProxy() + public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, + X509Credential credential, X509CertChainValidator validator) { - return proxy; + if (!requireSignedAssertion) + throw new IllegalArgumentException("For SAML authentication, the signatures of " + + "response assertions must be required"); + super.setDSigPolicy(requireSignedReqResp, requireSignedAssertion, credential, validator); + requireSignedResp = false; } /** Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClient.java 2012-04-25 06:45:10 UTC (rev 13299) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClient.java 2012-04-25 09:24:57 UTC (rev 13300) @@ -31,6 +31,7 @@ { protected String address; protected NameID issuer; + protected boolean autoIssuer; protected UVOSClientFactory fact; protected XmlObject lastResponse; @@ -54,15 +55,19 @@ NameID issuer) throws SecuritySetupException, MalformedURLException { - super(secCfg); + super(); new URL(address); this.address = address; fact = new UVOSClientFactory(secCfg); if (issuer != null) + { this.issuer = issuer; - else + this.autoIssuer = false; + } else { + if (secCfg.getCredential() != null) + certificateC = secCfg.getCredential().getCertificateChain(); if (certificateC == null || certificateC.length == 0) throw new SecuritySetupException("No issuer was provided" + " and keystore doesn't provide user's identity" + @@ -70,6 +75,7 @@ this.issuer = new NameID( certificateC[0].getSubjectX500Principal().getName(), SAMLConstants.NFORMAT_DN); + this.autoIssuer = true; } } @@ -78,5 +84,11 @@ return lastResponse; } + public void setIssuer(NameID issuer) + { + this.issuer = issuer; + autoIssuer = false; + } + public abstract Object getProxy(); } Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClientInterface.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClientInterface.java 2012-04-25 06:45:10 UTC (rev 13299) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClientInterface.java 2012-04-25 09:24:57 UTC (rev 13300) @@ -8,8 +8,6 @@ package pl.edu.icm.unicore.uvos.wsclient.samlapi; -import java.security.PublicKey; - import org.apache.xmlbeans.XmlObject; @@ -19,16 +17,6 @@ public interface SAMLVOClientInterface { /** - * Sets the client's policy on signatures of received messages. - * @param requireSignedResp Require that SAML protocol respones must be signed - * @param requireSignedAssertion Require that SAML assertions must be signed - * @param publicKey Optional public key which will be used for signature verfication. - * If it isn't provided then the corresponding key must be included in the response. - */ - public void setDSigPolicy(boolean requireSignedResp, boolean requireSignedAssertion, - PublicKey publicKey); - - /** * Returns the last response received as XML. * @return */ Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java 2012-04-25 06:45:10 UTC (rev 13299) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java 2012-04-25 09:24:57 UTC (rev 13300) @@ -218,7 +218,7 @@ try { client = new SAMLVOQueryClient(addr, conf); - client.setDSigPolicy(true, true, null); + client.setDSigPolicy(true, true, conf.getCredential(), conf.getValidator()); List<String> grpVals = new ArrayList<String>(); Collections.addAll(grpVals, "/g/sub", "/g"); @@ -330,7 +330,7 @@ { System.out.println(conf.doSSLAuthn()); SAMLVOQueryClient client = new SAMLVOQueryClient(addr, conf); - client.setDSigPolicy(true, true, null); + client.setDSigPolicy(true, true, conf.getCredential(), conf.getValidator()); List<Attribute> attrs = client.getAttributes(tested); if (attrs.size() != 16) @@ -348,7 +348,7 @@ { System.out.println(conf.doSSLAuthn()); SAMLVOQueryClient client = new SAMLVOQueryClient(addr, conf); - client.setDSigPolicy(true, true, null); + client.setDSigPolicy(true, true, conf.getCredential(), conf.getValidator()); List<Attribute> attrs = client.getAttributes(tested, new Attribute("global1", Collections.singletonList("v1"), null)); @@ -393,7 +393,7 @@ { System.out.println(conf.doSSLAuthn()); SAMLVOQueryClient client = new SAMLVOQueryClient(addr, conf); - client.setDSigPolicy(true, true, null); + client.setDSigPolicy(true, true, conf.getCredential(), conf.getValidator()); List<Attribute> attrs = client.getAttributes(tested, new Attribute("global1", null, null)); @@ -438,7 +438,7 @@ { System.out.println(conf.doSSLAuthn()); SAMLVOQueryClient client = new SAMLVOQueryClient(addr, conf); - client.setDSigPolicy(true, true, null); + client.setDSigPolicy(true, true, conf.getCredential(), conf.getValidator()); List<Attribute> attrs = client.getAttributes(tested, new Group("/g")); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAuthNTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAuthNTest.java 2012-04-25 06:45:10 UTC (rev 13299) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAuthNTest.java 2012-04-25 09:24:57 UTC (rev 13300) @@ -79,7 +79,7 @@ conf.setHttpUser("voadmin@localhost"); conf.setSslAuthn(false); SAMLVOAuthnClientSOAP client = new SAMLVOAuthnClientSOAP(addr, conf, - new URI("http://serviceprovider.test.org")); + new URI("http://serviceprovider.test.org"), conf.getValidator()); Assertion a1 = client.authenticate(null); Identity i1 = SAMLVOAuthnClientPOST.getIdentityFromAssertion(a1); if (!i1.getType().getName().equals(SAMLConstants.NFORMAT_PERSISTENT)) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <go...@us...> - 2012-09-16 15:56:11
|
Revision: 14265 http://unicore.svn.sourceforge.net/unicore/?rev=14265&view=rev Author: golbi Date: 2012-09-16 15:56:03 +0000 (Sun, 16 Sep 2012) Log Message: ----------- Identity split into two: normal (SAML) and Extended for proprietary API Modified Paths: -------------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AbstractAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddIdentityAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddIdentityWithEquivAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddToGroupAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AreEquivalentAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/ChangePasswdAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllEquivalentsAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllGroupsAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllIdentitiesAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetMyIdentitiesAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetPermissionsAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/IsMemeberAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/RemoveFromGroupAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/RemoveIdentityAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/SetIdentityStatusAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/SetLabelAction.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSAuthZExtInterface.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSManagementExtInterface.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSQueryExtInterface.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSQueryHistoryExtInterface.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSAuthZClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSManagementClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSQueryClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSQueryHistoryClient.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AbstractTestBase.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthN2Test.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthN3Test.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthNTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentitiesFunctional.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentityStatusTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttributeTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/TDTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ApiImplTest.java Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AbstractAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AbstractAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AbstractAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -14,8 +14,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.Element; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.IdentityFactory; import pl.edu.icm.unicore.uvos.api.IdentityType; import pl.edu.icm.unicore.uvos.api.exceptions.InvalidValueException; @@ -116,7 +116,7 @@ return arg; } - protected Identity getIdentity(String type, String v, String l) throws InvalidValueException + protected ExtendedIdentity getIdentity(String type, String v, String l) throws InvalidValueException { IdentityType it = getIdentityType(type); if (it == null) @@ -125,7 +125,7 @@ if (value == null) return null; - return IdentityFactory.createIdentity(it, value, l); + return IdentityFactory.createExtendedIdentity(it, value, l); } protected Attribute getAttribute(String type, String[] values, int valuesStart, int valuesEnd) @@ -147,7 +147,7 @@ System.out.println("Not complete subject specification"); return null; } - Identity id = getIdentity(args[argsStart], args[argsStart+1], null); + ExtendedIdentity id = getIdentity(args[argsStart], args[argsStart+1], null); if (id == null) return null; return new Element(null, id); @@ -167,7 +167,7 @@ System.out.println("Not complete subject specification"); return null; } - Identity id = getIdentity(args[argsStart], args[argsStart+1], null); + ExtendedIdentity id = getIdentity(args[argsStart], args[argsStart+1], null); if (id == null) return null; Group g = new Group(args[argsStart+2]); Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddIdentityAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddIdentityAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddIdentityAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,7 +8,7 @@ package pl.edu.icm.unicore.uvos.clc; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class AddIdentityAction extends AbstractAction @@ -34,7 +34,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity i; + ExtendedIdentity i; if (args.length > 4 && args[3].equals("passwd")) { i = getIdentity(args[1], args[2], Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddIdentityWithEquivAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddIdentityWithEquivAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddIdentityWithEquivAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,7 +8,7 @@ package pl.edu.icm.unicore.uvos.clc; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class AddIdentityWithEquivAction extends AbstractAction @@ -35,10 +35,10 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity newId = getIdentity(args[1], args[2], null); + ExtendedIdentity newId = getIdentity(args[1], args[2], null); if (newId == null) return true; - Identity equivId = getIdentity(args[3], args[4], null); + ExtendedIdentity equivId = getIdentity(args[3], args[4], null); if (equivId == null) return true; cm.voMan.addIdentity(newId, equivId); Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddToGroupAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddToGroupAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AddToGroupAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,8 +8,8 @@ package pl.edu.icm.unicore.uvos.clc; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class AddToGroupAction extends AbstractAction @@ -32,7 +32,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity id = getIdentity(args[1], args[2], + ExtendedIdentity id = getIdentity(args[1], args[2], args.length == 3 ? args[3] : null); if (id == null) return true; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AreEquivalentAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AreEquivalentAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/AreEquivalentAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,7 +8,7 @@ package pl.edu.icm.unicore.uvos.clc; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class AreEquivalentAction extends AbstractAction @@ -27,10 +27,10 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity i = getIdentity(args[1], args[2], null); + ExtendedIdentity i = getIdentity(args[1], args[2], null); if (i == null) return true; - Identity i2 = getIdentity(args[3], args[4], null); + ExtendedIdentity i2 = getIdentity(args[3], args[4], null); if (i2 == null) return true; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/ChangePasswdAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/ChangePasswdAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/ChangePasswdAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,7 +8,7 @@ package pl.edu.icm.unicore.uvos.clc; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class ChangePasswdAction extends AbstractAction @@ -29,7 +29,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity i = getIdentity(args[1], args[2], null); + ExtendedIdentity i = getIdentity(args[1], args[2], null); if (i == null) return true; String passwd = null; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllEquivalentsAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllEquivalentsAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllEquivalentsAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -10,7 +10,7 @@ import java.util.List; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class GetAllEquivalentsAction extends AbstractAction @@ -28,17 +28,17 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity i = getIdentity(args[1], args[2], null); + ExtendedIdentity i = getIdentity(args[1], args[2], null); if (i == null) return true; - List<Identity> equivs; + List<ExtendedIdentity> equivs; if (cm.qTime == null) equivs = cm.voQuery.getAllEquivalents(i); else equivs = cm.voQueryHistory.getAllEquivalents(i, cm.qTime); System.out.println("The following identities are equivalent:"); - for (Identity id: equivs) + for (ExtendedIdentity id: equivs) System.out.println(" " + id); return true; } Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllGroupsAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllGroupsAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllGroupsAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -10,8 +10,8 @@ import java.util.List; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class GetAllGroupsAction extends AbstractAction @@ -32,7 +32,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity i = getIdentity(args[1], args[2], null); + ExtendedIdentity i = getIdentity(args[1], args[2], null); if (i == null) return true; boolean implied = false; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllIdentitiesAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllIdentitiesAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetAllIdentitiesAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -10,6 +10,7 @@ import java.util.List; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; @@ -26,7 +27,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - List<Identity> list; + List<ExtendedIdentity> list; if (cm.qTime == null) list = cm.voQuery.getAllIdentities(); else Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetMyIdentitiesAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetMyIdentitiesAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetMyIdentitiesAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -10,7 +10,7 @@ import java.util.List; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class GetMyIdentitiesAction extends AbstractAction @@ -27,8 +27,8 @@ public boolean invoke(String[] args) throws UVOSException { System.out.println("All identites of the current user are:"); - List<Identity> res = cm.voAuthz.getMyIdentities(); - for (Identity id: res) + List<ExtendedIdentity> res = cm.voAuthz.getMyIdentities(); + for (ExtendedIdentity id: res) System.out.println(id); return true; } Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetPermissionsAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetPermissionsAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/GetPermissionsAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,8 +8,8 @@ package pl.edu.icm.unicore.uvos.clc; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.Permissions; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; @@ -31,7 +31,7 @@ { if (args[1].equals("global")) { - Identity ident = getIdentity(args[2], args[3], null); + ExtendedIdentity ident = getIdentity(args[2], args[3], null); if (ident == null) return true; Permissions res = @@ -45,7 +45,7 @@ return true; } Group g = new Group(args[2]); - Identity ident = getIdentity(args[3], args[4], null); + ExtendedIdentity ident = getIdentity(args[3], args[4], null); if (ident == null) return true; System.out.println("Permissions in group " + g + ": "); Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/IsMemeberAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/IsMemeberAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/IsMemeberAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,8 +8,8 @@ package pl.edu.icm.unicore.uvos.clc; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class IsMemeberAction extends AbstractAction @@ -27,7 +27,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity i = getIdentity(args[1], args[2], null); + ExtendedIdentity i = getIdentity(args[1], args[2], null); if (i == null) return true; Group g = new Group(args[3]); Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/RemoveFromGroupAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/RemoveFromGroupAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/RemoveFromGroupAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,8 +8,8 @@ package pl.edu.icm.unicore.uvos.clc; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class RemoveFromGroupAction extends AbstractAction @@ -32,7 +32,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity id = getIdentity(args[1], args[2], + ExtendedIdentity id = getIdentity(args[1], args[2], args.length == 3 ? args[3] : null); if (id == null) return true; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/RemoveIdentityAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/RemoveIdentityAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/RemoveIdentityAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,7 +8,7 @@ package pl.edu.icm.unicore.uvos.clc; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class RemoveIdentityAction extends AbstractAction @@ -28,7 +28,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity i = getIdentity(args[1], args[2], null); + ExtendedIdentity i = getIdentity(args[1], args[2], null); if (i == null) return true; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/SetIdentityStatusAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/SetIdentityStatusAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/SetIdentityStatusAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,7 +8,7 @@ package pl.edu.icm.unicore.uvos.clc; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class SetIdentityStatusAction extends AbstractAction @@ -28,7 +28,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity i = getIdentity(args[1], args[2], null); + ExtendedIdentity i = getIdentity(args[1], args[2], null); if (i == null) return true; boolean how = Boolean.parseBoolean(args[3]); Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/SetLabelAction.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/SetLabelAction.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/clc/SetLabelAction.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -8,7 +8,7 @@ package pl.edu.icm.unicore.uvos.clc; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; class SetLabelAction extends AbstractAction @@ -25,7 +25,7 @@ @Override public boolean invoke(String[] args) throws UVOSException { - Identity id = getIdentity(args[1], args[2], null); + ExtendedIdentity id = getIdentity(args[1], args[2], null); if (id == null) return true; cm.voMan.setIdentityLabel(id, args[3]); Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSAuthZExtInterface.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSAuthZExtInterface.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSAuthZExtInterface.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -11,8 +11,8 @@ import java.util.List; import pl.edu.icm.unicore.uvos.api.AttributePermission; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.PermissionDesignator; import pl.edu.icm.unicore.uvos.api.Permissions; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; @@ -61,7 +61,7 @@ * @throws UVOSException * @return */ - public Permissions checkPermissions(Group group, Identity whose) + public Permissions checkPermissions(Group group, ExtendedIdentity whose) throws UVOSException; /** @@ -71,7 +71,7 @@ * @return * @throws UVOSException */ - public List<Identity> getMyIdentities() throws UVOSException; + public List<ExtendedIdentity> getMyIdentities() throws UVOSException; /** * Retrieves specification of authZ settings of the given group. @@ -98,6 +98,6 @@ * @param ctx * @throws UVOSException */ - public void modifyAuthenticationData(Identity id, Object newToken) + public void modifyAuthenticationData(ExtendedIdentity id, Object newToken) throws UVOSException; } Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSManagementExtInterface.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSManagementExtInterface.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSManagementExtInterface.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -15,6 +15,7 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.AttributeType; import pl.edu.icm.unicore.uvos.api.Element; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.IdentityType; @@ -77,7 +78,7 @@ * @param toAdd timestamps are ignored. * @throws UVOSException */ - public void addIdentity(Identity toAdd) + public void addIdentity(ExtendedIdentity toAdd) throws UVOSException; /** @@ -90,7 +91,7 @@ * @param equivalentIdentity * @throws UVOSException */ - public void addIdentity(Identity toAdd, Identity equivalentIdentity) + public void addIdentity(ExtendedIdentity toAdd, ExtendedIdentity equivalentIdentity) throws UVOSException; /** @@ -102,7 +103,7 @@ * @param toRemove * @throws UVOSException */ - public void removeIdentity(Identity toRemove) + public void removeIdentity(ExtendedIdentity toRemove) throws UVOSException; /** @@ -138,7 +139,7 @@ * @param group * @throws UVOSException */ - public void addToGroup(Identity toAdd, Group group) + public void addToGroup(ExtendedIdentity toAdd, Group group) throws UVOSException; /** @@ -149,7 +150,7 @@ * @param group * @throws UVOSException */ - public void removeFromGroup(Identity toRemove, Group group) + public void removeFromGroup(ExtendedIdentity toRemove, Group group) throws UVOSException; /** @@ -162,7 +163,7 @@ * @param label * @throws UVOSException */ - public void setIdentityLabel(Identity toChange, String label) + public void setIdentityLabel(ExtendedIdentity toChange, String label) throws UVOSException; /** @@ -190,7 +191,7 @@ * @param how true if identity should be enabled, false otherwise. * @throws UVOSException */ - public void setIdentityStatus(Identity toChange, boolean how) + public void setIdentityStatus(ExtendedIdentity toChange, boolean how) throws UVOSException; /** Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSQueryExtInterface.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSQueryExtInterface.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSQueryExtInterface.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -12,8 +12,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.Element; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; /** @@ -38,7 +38,7 @@ * @throws UVOSException * @return */ - public boolean isMember(Identity who, Group group, boolean effective) + public boolean isMember(ExtendedIdentity who, Group group, boolean effective) throws UVOSException; /** @@ -78,7 +78,7 @@ * @return * @throws UVOSException */ - public List<Group> getAllGroups(Identity who, boolean implied) + public List<Group> getAllGroups(ExtendedIdentity who, boolean implied) throws UVOSException; /** @@ -90,7 +90,7 @@ * @return * @throws UVOSException */ - public boolean areEquivalent(Identity i1, Identity i2) + public boolean areEquivalent(ExtendedIdentity i1, ExtendedIdentity i2) throws UVOSException; /** @@ -101,7 +101,7 @@ * @return * @throws UVOSException */ - public List<Identity> getAllEquivalents(Identity who) + public List<ExtendedIdentity> getAllEquivalents(ExtendedIdentity who) throws UVOSException; /** @@ -123,6 +123,6 @@ * @return * @throws UVOSException */ - public List<Identity> getAllIdentities() + public List<ExtendedIdentity> getAllIdentities() throws UVOSException; } Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSQueryHistoryExtInterface.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSQueryHistoryExtInterface.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSQueryHistoryExtInterface.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -13,8 +13,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.Element; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.ModificationEvent; import pl.edu.icm.unicore.uvos.api.exceptions.ElementNotKnownException; import pl.edu.icm.unicore.uvos.api.exceptions.GroupNotKnownException; @@ -52,7 +52,7 @@ * @throws GroupNotKnownException * @thorws TimeOutOfRangeException */ - public boolean isMember(Identity who, Group group, boolean effective, + public boolean isMember(ExtendedIdentity who, Group group, boolean effective, Date when) throws UVOSException; @@ -105,7 +105,7 @@ * @throws IdentityNotKnownException * @throws TimeOutOfRangeException */ - public List<Group> getAllGroups(Identity who, boolean implied, Date when) + public List<Group> getAllGroups(ExtendedIdentity who, boolean implied, Date when) throws UVOSException; /** @@ -122,7 +122,7 @@ * @throws IdentityNotKnownException * @throws TimeOutOfRangeException */ - public boolean areEquivalent(Identity i1, Identity i2, Date when) + public boolean areEquivalent(ExtendedIdentity i1, ExtendedIdentity i2, Date when) throws UVOSException; /** @@ -138,7 +138,7 @@ * @throws IdentityNotKnownException * @throws TimeOutOfRangeException */ - public List<Identity> getAllEquivalents(Identity who, Date when) + public List<ExtendedIdentity> getAllEquivalents(ExtendedIdentity who, Date when) throws UVOSException; /** @@ -166,7 +166,7 @@ * @throws SecurityException * @throws InternalException */ - public List<Identity> getAllIdentities(Date when) + public List<ExtendedIdentity> getAllIdentities(Date when) throws UVOSException; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSAuthZClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSAuthZClient.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSAuthZClient.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -14,8 +14,8 @@ import org.apache.xmlbeans.XmlException; import pl.edu.icm.unicore.uvos.api.AttributePermission; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.PermissionDesignator; import pl.edu.icm.unicore.uvos.api.Permissions; import pl.edu.icm.unicore.uvos.api.exceptions.InvalidValueException; @@ -38,7 +38,7 @@ this.proxy = proxy; } - public Permissions checkPermissions(Group group, Identity whose) + public Permissions checkPermissions(Group group, ExtendedIdentity whose) throws UVOSException { try @@ -77,7 +77,7 @@ return ret; } - public void modifyAuthenticationData(Identity id, Object newToken) + public void modifyAuthenticationData(ExtendedIdentity id, Object newToken) throws UVOSException { try @@ -104,7 +104,7 @@ } } - public List<Identity> getMyIdentities() throws UVOSException + public List<ExtendedIdentity> getMyIdentities() throws UVOSException { IdentityXType raw[]; try @@ -114,7 +114,7 @@ { throw e.getAsAPIException(); } - ArrayList<Identity> ret = new ArrayList<Identity>(); + ArrayList<ExtendedIdentity> ret = new ArrayList<ExtendedIdentity>(); for (IdentityXType id: raw) ret.add(XMLBeansMapper.map2APIIdentity(id)); return ret; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSManagementClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSManagementClient.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSManagementClient.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -17,8 +17,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.AttributeType; import pl.edu.icm.unicore.uvos.api.Element; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.IdentityType; import pl.edu.icm.unicore.uvos.api.Notification; import pl.edu.icm.unicore.uvos.api.exceptions.InvalidValueException; @@ -52,7 +52,7 @@ } } - public void addIdentity(Identity toAdd) throws UVOSException + public void addIdentity(ExtendedIdentity toAdd) throws UVOSException { try { @@ -63,7 +63,7 @@ } } - public void addIdentity(Identity toAdd, Identity equivalentIdentity) + public void addIdentity(ExtendedIdentity toAdd, ExtendedIdentity equivalentIdentity) throws UVOSException { try @@ -76,7 +76,7 @@ } } - public void addToGroup(Identity toAdd, Group group) throws UVOSException + public void addToGroup(ExtendedIdentity toAdd, Group group) throws UVOSException { try { @@ -209,7 +209,7 @@ } } - public void removeFromGroup(Identity toRemove, Group group) throws UVOSException + public void removeFromGroup(ExtendedIdentity toRemove, Group group) throws UVOSException { try { @@ -232,7 +232,7 @@ } } - public void removeIdentity(Identity toRemove) throws UVOSException + public void removeIdentity(ExtendedIdentity toRemove) throws UVOSException { try { @@ -256,7 +256,7 @@ } } - public void setIdentityLabel(Identity toChange, String label) throws + public void setIdentityLabel(ExtendedIdentity toChange, String label) throws UVOSException { try @@ -280,7 +280,7 @@ } } - public void setIdentityStatus(Identity toChange, boolean how) throws UVOSException + public void setIdentityStatus(ExtendedIdentity toChange, boolean how) throws UVOSException { try { Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSQueryClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSQueryClient.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSQueryClient.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -15,8 +15,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.Element; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.InvalidValueException; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.UVOSFault; @@ -39,7 +39,7 @@ this.proxy = proxy; } - public boolean areEquivalent(Identity i1, Identity i2) throws UVOSException + public boolean areEquivalent(ExtendedIdentity i1, ExtendedIdentity i2) throws UVOSException { try { @@ -84,7 +84,7 @@ return ret; } - public List<Identity> getAllEquivalents(Identity who) throws UVOSException + public List<ExtendedIdentity> getAllEquivalents(ExtendedIdentity who) throws UVOSException { IdentityXType[] raw; try @@ -96,13 +96,13 @@ { throw e1.getAsAPIException(); } - ArrayList<Identity> ret = new ArrayList<Identity>(); + ArrayList<ExtendedIdentity> ret = new ArrayList<ExtendedIdentity>(); for (IdentityXType ixt: raw) ret.add(XMLBeansMapper.map2APIIdentity(ixt)); return ret; } - public List<Group> getAllGroups(Identity who, boolean implied) throws UVOSException + public List<Group> getAllGroups(ExtendedIdentity who, boolean implied) throws UVOSException { GroupXType[] raw; try @@ -120,7 +120,7 @@ return ret; } - public List<Identity> getAllIdentities() throws UVOSException + public List<ExtendedIdentity> getAllIdentities() throws UVOSException { IdentityXType[] raw; try @@ -131,7 +131,7 @@ { throw e1.getAsAPIException(); } - ArrayList<Identity> ret = new ArrayList<Identity>(); + ArrayList<ExtendedIdentity> ret = new ArrayList<ExtendedIdentity>(); for (IdentityXType ixt: raw) ret.add(XMLBeansMapper.map2APIIdentity(ixt)); return ret; @@ -156,7 +156,7 @@ return ret; } - public boolean isMember(Identity who, Group group, boolean effective) + public boolean isMember(ExtendedIdentity who, Group group, boolean effective) throws UVOSException { try Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSQueryHistoryClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSQueryHistoryClient.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/WSQueryHistoryClient.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -17,8 +17,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.Element; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.ModificationEvent; import pl.edu.icm.unicore.uvos.api.exceptions.InvalidValueException; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; @@ -43,7 +43,7 @@ this.proxy = proxy; } - public boolean areEquivalent(Identity i1, Identity i2, Date when) throws UVOSException + public boolean areEquivalent(ExtendedIdentity i1, ExtendedIdentity i2, Date when) throws UVOSException { try { @@ -88,7 +88,7 @@ return ret; } - public List<Identity> getAllEquivalents(Identity who, Date when) throws UVOSException + public List<ExtendedIdentity> getAllEquivalents(ExtendedIdentity who, Date when) throws UVOSException { IdentityXType[] raw; try @@ -100,13 +100,13 @@ { throw e1.getAsAPIException(); } - ArrayList<Identity> ret = new ArrayList<Identity>(); + ArrayList<ExtendedIdentity> ret = new ArrayList<ExtendedIdentity>(); for (IdentityXType ixt: raw) ret.add(XMLBeansMapper.map2APIIdentity(ixt)); return ret; } - public List<Group> getAllGroups(Identity who, boolean implied, Date when) throws UVOSException + public List<Group> getAllGroups(ExtendedIdentity who, boolean implied, Date when) throws UVOSException { GroupXType[] raw; try @@ -124,7 +124,7 @@ return ret; } - public List<Identity> getAllIdentities(Date when) throws UVOSException + public List<ExtendedIdentity> getAllIdentities(Date when) throws UVOSException { IdentityXType[] raw; try @@ -135,7 +135,7 @@ { throw e1.getAsAPIException(); } - ArrayList<Identity> ret = new ArrayList<Identity>(); + ArrayList<ExtendedIdentity> ret = new ArrayList<ExtendedIdentity>(); for (IdentityXType ixt: raw) ret.add(XMLBeansMapper.map2APIIdentity(ixt)); return ret; @@ -161,7 +161,7 @@ return ret; } - public boolean isMember(Identity who, Group group, boolean effective, Date when) + public boolean isMember(ExtendedIdentity who, Group group, boolean effective, Date when) throws UVOSException { try Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AbstractTestBase.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AbstractTestBase.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AbstractTestBase.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -18,8 +18,8 @@ import junit.framework.TestCase; import pl.edu.icm.unicore.uvos.api.EmailIdentity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.UVOSException; import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSAuthZExtInterface; @@ -92,5 +92,5 @@ } protected Group gRoot, gA, gB, gC, gZ; - protected Identity idA1, idA2, idB; + protected ExtendedIdentity idA1, idA2, idB; } Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthN2Test.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthN2Test.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthN2Test.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -15,7 +15,7 @@ import eu.unicore.util.httpclient.DefaultClientConfiguration; import junit.framework.TestCase; import pl.edu.icm.unicore.uvos.api.DNIdentity; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Permissions; import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; import pl.edu.icm.unicore.uvos.db.InitDB; @@ -77,7 +77,7 @@ serverInstance.startup(container.getContainer()); UVOSManagementInterface man = container.getComponent(UVOSManagementInterface.class); - Identity testing = new DNIdentity( + ExtendedIdentity testing = new DNIdentity( "cn=example client,ou=example ou,o=example o,l=example city,st=example province,c=pl"); Authenticator.injectFakeContext(new VirtualSecurityContextImpl(Permissions.ALL_P)); man.addIdentity(testing); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthN3Test.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthN3Test.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthN3Test.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -9,7 +9,7 @@ package pl.edu.icm.uvos.test; import pl.edu.icm.unicore.uvos.api.DNIdentity; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; import pl.edu.icm.unicore.uvos.db.InitDB; import pl.edu.icm.unicore.uvos.server.ComponentContainer; @@ -94,7 +94,7 @@ { try { - Identity testing = new DNIdentity( + ExtendedIdentity testing = new DNIdentity( "cn=example client,ou=example ou,o=example o,l=example city,st=example province,c=pl"); conf.setSslAuthn(true); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthNTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthNTest.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/AuthNTest.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -9,7 +9,7 @@ package pl.edu.icm.uvos.test; import pl.edu.icm.unicore.uvos.api.EmailIdentity; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Permissions; import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; import pl.edu.icm.unicore.uvos.db.InitDB; @@ -62,7 +62,7 @@ VOServer serverInstance = container.getComponent(VOServer.class); serverInstance.startup(container.getContainer()); UVOSManagementInterface man = container.getComponent(UVOSManagementInterface.class); - Identity testing = new EmailIdentity("te...@wi..."); + ExtendedIdentity testing = new EmailIdentity("te...@wi..."); testing.setAuthnData("secret"); Authenticator.injectFakeContext(new VirtualSecurityContextImpl(Permissions.ALL_P)); man.addIdentity(testing); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentitiesFunctional.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentitiesFunctional.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentitiesFunctional.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -15,7 +15,7 @@ import pl.edu.icm.unicore.uvos.api.CertificateIdentity; import pl.edu.icm.unicore.uvos.api.DNIdentity; import pl.edu.icm.unicore.uvos.api.EmailIdentity; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; /** * Performs functional tests. Assumptions: @@ -36,7 +36,7 @@ int len = fis.available(); byte []buffer = new byte[len]; fis.read(buffer); - Identity []idA = new Identity[7]; + ExtendedIdentity []idA = new ExtendedIdentity[7]; boolean []comIds = {false, false, false, false, false, false, false}; idA[0] = new DNIdentity("cn=ala,c=pl,ou=icm", null); idA[1] = new CertificateIdentity(new String(buffer), null); @@ -55,10 +55,10 @@ voMan.setIdentityLabel(idA[3], "changed"); - List<Identity> ids = voQuery.getAllIdentities(); + List<ExtendedIdentity> ids = voQuery.getAllIdentities(); if (ids.size() != 8) fail("Should get 8 identities, got " + ids.size()); - for (Identity id: ids) + for (ExtendedIdentity id: ids) { int i=0; for (; i< idA.length; i++) @@ -76,7 +76,7 @@ fail("Identity " + id + " not added"); } - for (Identity id: idA) + for (ExtendedIdentity id: idA) voMan.removeIdentity(id); ids = voQuery.getAllIdentities(); if (ids.size() != 1) Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentityStatusTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentityStatusTest.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentityStatusTest.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -15,7 +15,7 @@ import junit.framework.TestCase; import pl.edu.icm.unicore.uvos.api.EmailIdentity; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; import pl.edu.icm.unicore.uvos.db.InitDB; import pl.edu.icm.unicore.uvos.server.ComponentContainer; @@ -88,7 +88,7 @@ { try { - Identity tested = new EmailIdentity("a@b"); + ExtendedIdentity tested = new EmailIdentity("a@b"); voMan.addIdentity(tested); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -24,8 +24,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.DNIdentity; import pl.edu.icm.unicore.uvos.api.Element; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.exceptions.AttributeNotFoundException; import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; import pl.edu.icm.unicore.uvos.db.InitDB; @@ -50,7 +50,7 @@ protected String addr; protected UVOSManagementExtInterface voMan; - protected static Identity tested = new DNIdentity( + protected static ExtendedIdentity tested = new DNIdentity( "CN=Example Client, OU=Example OU, O=Example O, L=Example City, ST=Example Province, C=PL"); @Override Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttributeTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttributeTest.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttributeTest.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -23,8 +23,8 @@ import pl.edu.icm.unicore.uvos.api.DNIdentity; import pl.edu.icm.unicore.uvos.api.Element; import pl.edu.icm.unicore.uvos.api.EmailIdentity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; import pl.edu.icm.unicore.uvos.db.InitDB; import pl.edu.icm.unicore.uvos.server.ComponentContainer; @@ -97,7 +97,7 @@ { try { - Identity tested = new EmailIdentity("a@b"); + ExtendedIdentity tested = new EmailIdentity("a@b"); voMan.addIdentity(tested); Group scope = new Group("/g"); voMan.addGroup(null, scope.getName()); @@ -129,7 +129,7 @@ { try { - Identity tested = new EmailIdentity("a2@b"); + ExtendedIdentity tested = new EmailIdentity("a2@b"); voMan.addIdentity(tested); Group scope = new Group("/g2"); voMan.addGroup(null, scope.getName()); @@ -208,7 +208,7 @@ conf.setHttpUser("voadmin@localhost"); conf.setSslAuthn(false); String dn = idCert.getCertificate().getSubjectX500Principal().getName(); - Identity dnId = new DNIdentity(dn); + ExtendedIdentity dnId = new DNIdentity(dn); //ask normally for X509 identity attrs SAMLVOQueryClient client = new SAMLVOQueryClient(addr, conf); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/TDTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/TDTest.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/TDTest.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -25,7 +25,7 @@ import eu.unicore.security.xfireutil.client.ClientTrustDelegationUtil; import pl.edu.icm.unicore.uvos.api.DNIdentity; -import pl.edu.icm.unicore.uvos.api.Identity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Permissions; import pl.edu.icm.unicore.uvos.clc.CLClient; import pl.edu.icm.unicore.uvos.client.util.ConfigHelper; @@ -68,7 +68,7 @@ VOServer serverInstance = container.getComponent(VOServer.class); serverInstance.startup(container.getContainer()); UVOSManagementInterface man = container.getComponent(UVOSManagementInterface.class); - Identity client2 = new DNIdentity( + ExtendedIdentity client2 = new DNIdentity( "CN=Example Client 2, OU=Example OU, O=Example O, " + "L=Example City, ST=Example Province, C=PL"); Authenticator.injectFakeContext(new VirtualSecurityContextImpl(Permissions.ALL_P)); @@ -141,7 +141,7 @@ Object proxy = query.getProxy(); ClientTrustDelegationUtil.addTrustDelegation(proxy, tdChain); - List<Identity> my = query.getMyIdentities(); + List<ExtendedIdentity> my = query.getMyIdentities(); assertEquals(1, my.size()); assertEquals("CN=Example Client 2, OU=Example OU, O=Example O, " + "L=Example City, ST=Example Province, C=PL", my.get(0).getValue()); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ActionTest.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -13,8 +13,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.Element; import pl.edu.icm.unicore.uvos.api.EmailIdentity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.PermissionDesignator; import pl.edu.icm.unicore.uvos.api.Permissions; import pl.edu.icm.unicore.uvos.api.VOApplication; @@ -59,7 +59,7 @@ final Group ParentG = new Group("/"); final Group GroupA = new Group("A"); final Group CopyGroupA = new Group("COPYA"); - final Identity id = new EmailIdentity("an...@ex..."); + final ExtendedIdentity id = new EmailIdentity("an...@ex..."); try { context.checking(new Expectations() { @@ -111,8 +111,8 @@ public void testIdentytiActions() { - final Identity id = new EmailIdentity("te...@ex...", "Johnny"); - final Identity rid = new EmailIdentity("te...@ex...", null); + final ExtendedIdentity id = new EmailIdentity("te...@ex...", "Johnny"); + final ExtendedIdentity rid = new EmailIdentity("te...@ex...", null); try { context.checking(new Expectations() { @@ -340,11 +340,11 @@ try { context.checking(new Expectations() { { - oneOf(voAuthz).modifyAuthenticationData(with(aNonNull(Identity.class)), with(aNonNull(String.class))); + oneOf(voAuthz).modifyAuthenticationData(with(aNonNull(ExtendedIdentity.class)), with(aNonNull(String.class))); oneOf(voMan).purgeHistoricalData(with(aNonNull(Date.class))); - oneOf(voAuthz).checkPermissions(with(aNonNull(Group.class)), with(aNonNull(Identity.class))); + oneOf(voAuthz).checkPermissions(with(aNonNull(Group.class)), with(aNonNull(ExtendedIdentity.class))); oneOf(voQueryHistory).getHistoryEvents(with(aNonNull(Date.class)), with(aNonNull(Date.class)), with(aNonNull(Integer.class)), with(aNonNull(Integer.class)), with(aNonNull(Boolean.class)));will(returnValue(new ArrayList<ModificationEvent>())); - oneOf(voQuery).areEquivalent(with(aNonNull(Identity.class)),with(aNonNull(Identity.class))); + oneOf(voQuery).areEquivalent(with(aNonNull(ExtendedIdentity.class)),with(aNonNull(ExtendedIdentity.class))); } }); Modified: uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ApiImplTest.java =================================================================== --- uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ApiImplTest.java 2012-09-16 15:54:23 UTC (rev 14264) +++ uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/unit/ApiImplTest.java 2012-09-16 15:56:03 UTC (rev 14265) @@ -13,8 +13,8 @@ import pl.edu.icm.unicore.uvos.api.Attribute; import pl.edu.icm.unicore.uvos.api.Element; import pl.edu.icm.unicore.uvos.api.EmailIdentity; +import pl.edu.icm.unicore.uvos.api.ExtendedIdentity; import pl.edu.icm.unicore.uvos.api.Group; -import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.PermissionDesignator; import pl.edu.icm.unicore.uvos.api.Permissions; import pl.edu.icm.unicore.uvos.api.VOApplication; @@ -82,7 +82,7 @@ "agree", g, con.toString()); cl.updateApplicationForm(f1, false); cl.getApplications(1, null); - Identity id = new EmailIdentity("te...@te..."); + ExtendedIdentity id = new EmailIdentity("te...@te..."); VOApplication a = new VOApplication(1, 1, id, false, "te...@te...", VOApplicationRequestsDocument.Factory @@ -107,7 +107,7 @@ Mockery context = new Mockery(); final WSAuthZInterface proxy = context.mock(WSAuthZInterface.class); WSAuthZClient cl = new WSAuthZClient(proxy); - Identity id = new EmailIdentity("te...@te..."); + ExtendedIdentity id = new EmailIdentity("te...@te..."); Group g = new Group("/A"); try { @@ -193,7 +193,7 @@ } try { - Identity id = new EmailIdentity("te...@te..."); + ExtendedIdentity id = new EmailIdentity("te...@te..."); Group g = new Group("/A"); cl.areEquivalent(id, id, Calendar.getInstance().getTime()); Element e = new Element(g, id); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <go...@us...> - 2012-09-27 20:30:34
|
Revision: 14428 http://unicore.svn.sourceforge.net/unicore/?rev=14428&view=rev Author: golbi Date: 2012-09-27 20:30:28 +0000 (Thu, 27 Sep 2012) Log Message: ----------- Fixed bug in SAML attribute query preparation: sometimes API attributes were put as several SAML attributes Modified Paths: -------------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClient.java uvos/uvos-client/trunk/src/test/resources/functionalTest.conf uvos/uvos-client/trunk/src/test/resources/log4j.properties Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClient.java 2012-09-27 20:29:46 UTC (rev 14427) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClient.java 2012-09-27 20:30:28 UTC (rev 14428) @@ -12,7 +12,9 @@ import java.net.URI; import java.util.ArrayList; import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import org.apache.xmlbeans.XmlObject; @@ -341,32 +343,39 @@ { AttributeQuery attrQuery = createQuery(whose); String strScope = scope == null ? null : scope.toString(); - + if (scopingType == null && scope != null) + scopingType = SAMLConstants.SCOPE_TYPE_ATTRIBUTE; + if (attributes != null && attributes.size() > 0) { - SAMLAttribute []samlAttrs = new SAMLAttribute[attributes.size()]; + Map<SAMLAttribute, SAMLAttribute> samlAttrs = new HashMap<SAMLAttribute, SAMLAttribute>(); for (int i=0; i<attributes.size(); i++) { Attribute a = attributes.get(i); - samlAttrs[i] = new SAMLAttribute(a.getName(), + SAMLAttribute samlAttr = new SAMLAttribute(a.getName(), SAMLConstants.AFORMAT_URI); - if (scopingType == null && scope != null) - scopingType = SAMLConstants.SCOPE_TYPE_ATTRIBUTE; + if (scopingType != null) - samlAttrs[i].setScopingType(scopingType); + samlAttr.setScopingType(scopingType); + SAMLAttribute tmp = samlAttrs.get(samlAttr); + if (tmp == null) + samlAttrs.put(samlAttr, samlAttr); + else + samlAttr = tmp; + List<String> attrValues = a.getValues(); if (attrValues != null && attrValues.size() > 0) { for (String aV: attrValues) - addValue(samlAttrs[i], aV, scopingType, strScope); + addValue(samlAttr, aV, scopingType, strScope); } else { if (scopingType != null && !scopingType.equals(SAMLConstants.SCOPE_TYPE_NONE)) - samlAttrs[i].setAttributeWideScope(strScope); + samlAttr.setAttributeWideScope(strScope); } } - attrQuery.setAttributes(samlAttrs); + attrQuery.setAttributes(samlAttrs.keySet().toArray(new SAMLAttribute[samlAttrs.keySet().size()])); } if (scope != null && (attributes == null || attributes.size() == 0)) { Modified: uvos/uvos-client/trunk/src/test/resources/functionalTest.conf =================================================================== --- uvos/uvos-client/trunk/src/test/resources/functionalTest.conf 2012-09-27 20:29:46 UTC (rev 14427) +++ uvos/uvos-client/trunk/src/test/resources/functionalTest.conf 2012-09-27 20:30:28 UTC (rev 14428) @@ -30,3 +30,6 @@ client.httpAuthnEnabled=true client.httpUser=voadmin@localhost client.httpPassword= + +#client.http.socket.timeout=6000000 +#client.http.connection.timeout=6000000 \ No newline at end of file Modified: uvos/uvos-client/trunk/src/test/resources/log4j.properties =================================================================== --- uvos/uvos-client/trunk/src/test/resources/log4j.properties 2012-09-27 20:29:46 UTC (rev 14427) +++ uvos/uvos-client/trunk/src/test/resources/log4j.properties 2012-09-27 20:30:28 UTC (rev 14428) @@ -4,6 +4,7 @@ log4j.logger.org.apache.ibatis=INFO log4j.logger.unicore.uvos=DEBUG log4j.logger.unicore.security=DEBUG +#log4j.logger.unicore.uvos.server.SAMLQueryBase=TRACE log4j.logger.org.codehaus.xfire.handler=WARN log4j.logger.unicore.security.xfireutil.AuthSSLProtocolSocketFactory=INFO log4j.logger.unicore.security.dsig.DigSignatureUtil=DEBUG This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <go...@us...> - 2013-01-07 11:04:22
|
Revision: 15395 http://unicore.svn.sourceforge.net/unicore/?rev=15395&view=rev Author: golbi Date: 2013-01-07 11:04:12 +0000 (Mon, 07 Jan 2013) Log Message: ----------- Updated SAML code. SAML authentication is fully reimplemented: much safer approach and simpler to use. Modified Paths: -------------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/Client.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/SAMLSelfInfoClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSClientFactory.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientSOAP.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOMapClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOMapClientInterface.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClient.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClientInterface.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/IdentityStatusTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttribute2Test.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAttributeTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/SAMLAuthNTest.java uvos/uvos-client/trunk/src/test/java/pl/edu/icm/uvos/test/TDTest.java uvos/uvos-client/trunk/src/test/resources/uvos/uvosServer.conf Added Paths: ----------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLAuthnPOSTConsumer.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLAuthnPOSTRequestor.java Removed Paths: ------------- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLErrorResponseException.java uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientPOST.java Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/Client.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/Client.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/Client.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -317,19 +317,19 @@ ResponseDocument respDoc; attrQuery = new AttributeQuery( - new NameID("me@b", IdentityType.EMAIL.toString()), - new Subject(IDENTITY, IdentityType.DN.toString())); + new NameID("me@b", IdentityType.EMAIL.toString()).getXBean(), + new Subject(IDENTITY, IdentityType.DN.toString()).getXBean()); - System.out.println("SENDING REQUEST:\n" + attrQuery.getDoc().xmlText( + System.out.println("SENDING REQUEST:\n" + attrQuery.getXMLBeanDoc().xmlText( new XmlOptions().setSavePrettyPrint())); - respDoc = samlProxy.attributeQuery(attrQuery.getDoc()); + respDoc = samlProxy.attributeQuery(attrQuery.getXMLBeanDoc()); System.out.println("GOT RESPONSE:\n" + respDoc.xmlText( new XmlOptions().setSavePrettyPrint())); attrQuery = new AttributeQuery( - new NameID("me@b", IdentityType.EMAIL.toString()), - new Subject(IDENTITY, IdentityType.DN.toString())); + new NameID("me@b", IdentityType.EMAIL.toString()).getXBean(), + new Subject(IDENTITY, IdentityType.DN.toString()).getXBean()); SAMLAttribute a1 = new SAMLAttribute(BASE_ATTR, SAMLConstants.AFORMAT_URI); SAMLAttribute a2 = new SAMLAttribute("urn:unicore:attrType:user:proffession", @@ -339,24 +339,24 @@ attrQuery.setAttributes(new SAMLAttribute[] {a1, a2}); System.out.println("\n\nSENDING REQUEST:\n" + - attrQuery.getDoc().xmlText( + attrQuery.getXMLBeanDoc().xmlText( new XmlOptions().setSavePrettyPrint())); - respDoc = samlProxy.attributeQuery(attrQuery.getDoc()); + respDoc = samlProxy.attributeQuery(attrQuery.getXMLBeanDoc()); System.out.println("GOT RESPONSE:\n" + respDoc.xmlText( new XmlOptions().setSavePrettyPrint())); attrQuery = new AttributeQuery( - new NameID("me@b", IdentityType.EMAIL.toString()), - new Subject(IDENTITY, IdentityType.DN.toString())); + new NameID("me@b", IdentityType.EMAIL.toString()).getXBean(), + new Subject(IDENTITY, IdentityType.DN.toString()).getXBean()); a1 = new SAMLAttribute(BASE_ATTR, SAMLConstants.AFORMAT_URI); a1.setScopingType(SAMLConstants.SCOPE_TYPE_NONE); attrQuery.setAttributes(new SAMLAttribute[] {a1}); System.out.println("\n\nSENDING REQUEST:\n" + - attrQuery.getDoc().xmlText( + attrQuery.getXMLBeanDoc().xmlText( new XmlOptions().setSavePrettyPrint())); - respDoc = samlProxy.attributeQuery(attrQuery.getDoc()); + respDoc = samlProxy.attributeQuery(attrQuery.getXMLBeanDoc()); System.out.println("GOT RESPONSE:\n" + respDoc.xmlText( new XmlOptions().setSavePrettyPrint())); @@ -365,13 +365,13 @@ private static void runMapping(SAMLNameIdMappingInterface samlProxy) throws Exception { NameIDMappingRequest req = new NameIDMappingRequest( - new NameID("me@b", IdentityType.EMAIL.toString()), - new NameID(IDENTITY, IdentityType.DN.toString()), - new NameIDPolicy(IdentityType.EMAIL.toString())); + new NameID("me@b", IdentityType.EMAIL.toString()).getXBean(), + new NameID(IDENTITY, IdentityType.DN.toString()).getXBean(), + new NameIDPolicy(IdentityType.EMAIL.toString()).getXBean()); - System.out.println("\n\nSENDING REQUEST:\n" + req.getDoc().xmlText( + System.out.println("\n\nSENDING REQUEST:\n" + req.getXMLBeanDoc().xmlText( new XmlOptions().setSavePrettyPrint())); - NameIDMappingResponseDocument respDoc = samlProxy.mapNameId(req.getDoc()); + NameIDMappingResponseDocument respDoc = samlProxy.mapNameId(req.getXMLBeanDoc()); System.out.println("GOT RESPONSE:\n" + respDoc.xmlText( new XmlOptions().setSavePrettyPrint())); } Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/SAMLSelfInfoClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/SAMLSelfInfoClient.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/SAMLSelfInfoClient.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -69,7 +69,6 @@ Identity subject = new DNIdentity(dn); System.out.println("Quering for DN: " + dn); client = new SAMLVOQueryClient(addr, conf); - client.setDSigPolicy(false, true, conf.getCredential(), conf.getValidator()); List<Attribute> attrs; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSClientFactory.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSClientFactory.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/api/UVOSClientFactory.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -45,7 +45,7 @@ */ public class UVOSClientFactory extends UnicoreXFireClientFactory { - private final String nameIdMapServiceName, samlQueryServiceName, + public final String nameIdMapServiceName, samlQueryServiceName, samlAuthServiceName, manServiceName, authZServiceName, queryServiceName, appsServiceName, CISServiceName; @@ -89,7 +89,7 @@ return asf; } - private String manglePath(String addr, String defName) throws MalformedURLException + public String manglePath(String addr, String defName) throws MalformedURLException { String path = new URL(addr).getPath(); return (path.equals("")) ? @@ -112,6 +112,12 @@ return samlProxy; } + public String getSAMLAuthnClientAddress(String addr) + throws MalformedURLException + { + return manglePath(addr, samlAuthServiceName); + } + public SAMLNameIdMappingInterface getSAMLIdMappingClient(String addr) throws MalformedURLException { Deleted: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/AbstractSAMLBase.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -1,241 +0,0 @@ -/* - * Copyright (c) 2007, 2008 ICM Uniwersytet Warszawski All rights reserved. - * See LICENCE file for licencing information. - * - * Created on Sep 24, 2007 - * Author: K. Benedyczak <go...@ma...> - */ - -package pl.edu.icm.unicore.uvos.wsclient.samlapi; - -import java.net.MalformedURLException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.cert.X509Certificate; - -import eu.emi.security.authn.x509.ValidationResult; -import eu.emi.security.authn.x509.X509CertChainValidator; -import eu.emi.security.authn.x509.X509Credential; -import eu.unicore.samly2.assertion.Assertion; -import eu.unicore.samly2.proto.AbstractRequest; -import eu.unicore.samly2.proto.AbstractStatusResponse; -import eu.unicore.security.dsig.DSigException; - -/** - * This class provides a base for Client implementations. - * It merely provides code to handle signatures. - * - * @author K. Benedyczak - */ -public abstract class AbstractSAMLBase -{ - protected boolean requireSignedResp, requireSignedAssertion, doSignRequest; - protected PublicKey publicKey; - - private transient PrivateKey privKey; - protected X509Certificate[] certificateC; - private transient X509CertChainValidator validator; - - /** - * - * @param secCfg credential from this object is used for creating signatures. - * Validator is used only during verification when the verification key - * was not set manually. - * @throws SecuritySetupException - * @throws MalformedURLException - */ - protected AbstractSAMLBase() - throws SecuritySetupException, MalformedURLException - { - requireSignedAssertion = false; - requireSignedResp = false; - doSignRequest = false; - } - - /** - * Set signing policy, i.e. what is required and checked in received SAML assertions. - * This method variant sets a fixed verification key, which must be trusted. Signature of - * a SAML response or assertion will be accepted only if is matching to this key, but this key - * itself is not anyhow verified. - * @param requireSignedReqResp We require that the response must be signed. Usually this is not needed. - * This argument also controls whether queries are signed. - * @param requireSignedAssertion We require that the assertion in response should be signed. - * @param credential Credential used for creating signatures. May be null (is ignored) if requireSignedReqResp - * is false - * @param publicKey Public key which should be used for signature verification. May be null only if both - * require arguments are false - */ - public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, - X509Credential credential, PublicKey publicKey) - { - if (publicKey == null && (requireSignedAssertion || requireSignedReqResp)) - throw new IllegalArgumentException("Public key can not be null " + - "if signature checking is required."); - setDSigPolicyCommon(requireSignedReqResp, requireSignedAssertion, credential); - this.publicKey = publicKey; - validator = null; - } - - /** - * Set signing policy, i.e. what is required and checked in received SAML assertions. - * This method variant sets a fixed verification key, which must be trusted. Signature of - * a SAML response or assertion will be accepted only if is matching to this key, but this key - * itself is not anyhow verified. - * @param requireSignedReqResp We require that the response must be signed. Usually this is not needed. - * This argument also controls whether queries are signed. - * @param requireSignedAssertion We require that the assertion in response should be signed. - * @param credential Credential used for creating signatures. May be null (is ignored) if requireSignedReqResp - * is false - * @param validator object used to validate the issuer certificate of a signature. Remember that usually this - * should be a different validator then the (much broader) one used for TLS connections. Typically it - * should contain only the trusted SAML authority certificates in its trust store. - */ - public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, - X509Credential credential, X509CertChainValidator validator) - { - if (validator == null && (requireSignedAssertion || requireSignedReqResp)) - throw new IllegalArgumentException("Validator can not be null " + - "if signature checking is required."); - setDSigPolicyCommon(requireSignedReqResp, requireSignedAssertion, credential); - this.publicKey = null; - this.validator = validator; - } - - /*-******************************************************** - * utility methods - *-********************************************************/ - - protected void setDSigPolicyCommon(boolean requireSignedReqResp, boolean requireSignedAssertion, - X509Credential credential) - { - if (credential == null && requireSignedReqResp) - throw new IllegalArgumentException("Credential can not be null " + - "if request signing is required."); - - this.requireSignedAssertion = requireSignedAssertion; - this.requireSignedResp = requireSignedReqResp; - this.doSignRequest = requireSignedReqResp; - if (credential != null) - { - this.certificateC = credential.getCertificateChain(); - this.privKey = credential.getKey(); - } else - { - this.certificateC = null; - this.privKey = null; - } - } - - protected void signIfNeeded(AbstractRequest req) throws InvalidSignatureException - { - if (doSignRequest) - { - try - { - req.sign(privKey, certificateC); - } catch (DSigException e) - { - throw new InvalidSignatureException("Can't sign request: " - + e); - } - } - } - - protected void checkResponseSignature(AbstractStatusResponse resp) - throws InvalidSignatureException - { - if (!requireSignedResp) - return; - if (publicKey != null) - { - try - { - if (!resp.isCorrectlySigned(publicKey)) - throw new InvalidSignatureException( - "Response is incorrectly signed"); - } catch (DSigException e) - { - throw new InvalidSignatureException( - "Problem when checking " + - "response signature with given pub key: " + e); - } - } else - { - X509Certificate[] issuersCC = resp.getIssuerFromSignature(); - if (issuersCC == null || issuersCC.length == 0) - throw new InvalidSignatureException( - "Response doesn't contain " + - "issuer's certificate and public key" + - " for verification wasn't specified"); - try - { - ValidationResult result = validator.validate(issuersCC); - if (!result.isValid()) - throw new InvalidSignatureException( - "Response is signed by an issuer who can not been " + - "validated and verification key was not set automaticvally. " + - "Reson: " + result.toShortString()); - if (!resp.isCorrectlySigned(issuersCC[0].getPublicKey())) - throw new InvalidSignatureException( - "Response is incorrectly signed"); - } catch (DSigException e) - { - throw new InvalidSignatureException( - "Problem when checking " + - "response signature with extracted pub key: " + e); - } - } - } - - protected void checkAssertionSignature(AbstractStatusResponse resp, - Assertion assertion) throws InvalidSignatureException - { - if (!requireSignedAssertion) - return; - if (publicKey != null) - { - try - { - if (!assertion.isCorrectlySigned(publicKey)) - throw new InvalidSignatureException( - "Assertion is incorrectly signed"); - } catch (DSigException e) - { - throw new InvalidSignatureException("Problem when checking " + - "response assertion signature with given " + - "pub key: " + e); - } - } else - { - X509Certificate[] issuersCC = assertion. - getIssuerFromSignature(); - if (issuersCC == null || issuersCC.length == 0) - { - issuersCC = resp.getIssuerFromSignature(); - if (issuersCC == null || issuersCC.length == 0) - throw new InvalidSignatureException( - "Assertion doesn't contain " + - "issuer's certificate and public key" + - " for verification wasn't specified"); - } - try - { - ValidationResult result = validator.validate(issuersCC); - if (!result.isValid()) - throw new InvalidSignatureException( - "Assertion is signed by an issuer who can not been " + - "validated and verification key was not set automaticvally. " + - "Reson: " + result.toShortString()); - if (!assertion.isCorrectlySigned(issuersCC[0].getPublicKey())) - throw new InvalidSignatureException( - "Response is incorrectly signed"); - } catch (DSigException e) - { - throw new InvalidSignatureException("Problem when checking " + - "response assertion signature with extracted " + - "pub key: " + e); - } - } - } - -} Added: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLAuthnPOSTConsumer.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLAuthnPOSTConsumer.java (rev 0) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLAuthnPOSTConsumer.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2007, 2008 ICM Uniwersytet Warszawski All rights reserved. + * See LICENCE file for licencing information. + * + * Created on Sep 24, 2007 + * Author: K. Benedyczak <go...@ma...> + */ + +package pl.edu.icm.unicore.uvos.wsclient.samlapi; + +import java.net.MalformedURLException; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.xmlbeans.XmlException; +import org.apache.xmlbeans.impl.util.Base64; + +import eu.unicore.samly2.SAMLBindings; +import eu.unicore.samly2.exceptions.SAMLValidationException; +import eu.unicore.samly2.proto.AssertionResponse; +import eu.unicore.samly2.trust.SamlTrustChecker; +import eu.unicore.samly2.validators.AssertionValidator; +import eu.unicore.samly2.validators.ReplayAttackChecker; +import eu.unicore.samly2.validators.SSOAuthnResponseValidator; + +import xmlbeans.org.oasis.saml2.assertion.AssertionDocument; +import xmlbeans.org.oasis.saml2.assertion.NameIDType; +import xmlbeans.org.oasis.saml2.protocol.ResponseDocument; + +/** + * Implementation of utility methods for SAML authentication protocol used + * with SAML HTTP POST binding. + * The response is processed using {@link SSOAuthnResponseValidator}. + * This class is not thread safe. + * @since 2.0.0 + * @author K. Benedyczak + */ +public class SAMLAuthnPOSTConsumer +{ + //standard SAML POST binding name - SAML response is encoded in this field + public static final String REQ_SAML_RESPONSE = "SAMLResponse"; + + private SSOAuthnResponseValidator validator; + + public SAMLAuthnPOSTConsumer(String consumerSamlName, String consumerEndpointUri, + String requestId, SamlTrustChecker trustChecker, ReplayAttackChecker replayChecker) + throws SecuritySetupException, MalformedURLException + { + validator = new SSOAuthnResponseValidator(consumerSamlName, consumerEndpointUri, + requestId, AssertionValidator.DEFAULT_VALIDITY_GRACE_PERIOD, + trustChecker, replayChecker, SAMLBindings.HTTP_POST); + } + + + /** + * The main method - extracts assertion from the HTTP request and process it. + * + * @param request + * @return + * @throws SAMLValidationException + * @throws SAMLParseException + */ + public void processResponse(HttpServletRequest request) throws SAMLValidationException + { + String samlResponse = request.getParameter(REQ_SAML_RESPONSE); + if (samlResponse == null) + throw new SAMLValidationException("HTTP request does not contain a properly POSTed SAML response"); + ResponseDocument parsedResp = decodeResponse(samlResponse); + processAuthnResponse(parsedResp); + } + + /** + * @return a list of authenticated identities. The returned array has always at least one + * element. Many elements are returned only if IdP authenticated the subject and + * returned multiple identities. + */ + public NameIDType[] getAuthenticatedIdentities() + { + List<AssertionDocument> authnAssertions = getAuthenticationAssertions(); + if (authnAssertions == null) + throw new IllegalStateException("This method can be called only after a scuccessful processing of SAML input."); + NameIDType[] ret = new NameIDType[authnAssertions.size()]; + for (int i=0; i<authnAssertions.size(); i++) + ret[i] = authnAssertions.get(i).getAssertion().getSubject().getNameID(); + return ret; + } + + public List<AssertionDocument> getAdditionalAssertions() + { + return validator.getOtherAssertions(); + } + + public List<AssertionDocument> getAuthenticationAssertions() + { + return validator.getAuthNAssertions(); + } + + /** + * Low level method, usually not used directly. + * Does validation of already decoded assertion response and sets the + * internal lists of valid assertions. + * It is guaranteed that at least one authentication assertion exists after successful + * invocation of this method. + * + * @param respDoc + * @throws SAMLValidationException + */ + public void processAuthnResponse(ResponseDocument responseDoc) throws SAMLValidationException + { + validator.validate(responseDoc); + } + + /** + * Utility to decode from base64 string the SAML AssertionResponse. + * The response is parsed initially and wrapped as {@link AssertionResponse} + * object. + * @param response + * @return + * @throws SAMLParseException + */ + public static ResponseDocument decodeResponse(String response) + throws SAMLValidationException + { + byte[] decoded = Base64.decode(response.getBytes()); + if (decoded == null) + throw new SAMLValidationException("The SAML response is not properly Base 64 encoded"); + String respString = new String(decoded); + try + { + return ResponseDocument.Factory.parse(respString); + } catch (XmlException e) + { + throw new SAMLValidationException(e.getMessage()); + } + } +} Added: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLAuthnPOSTRequestor.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLAuthnPOSTRequestor.java (rev 0) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLAuthnPOSTRequestor.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -0,0 +1,217 @@ +/* + * Copyright (c) 2007, 2008 ICM Uniwersytet Warszawski All rights reserved. + * See LICENCE file for licencing information. + * + * Created on Sep 24, 2007 + * Author: K. Benedyczak <go...@ma...> + */ + +package pl.edu.icm.unicore.uvos.wsclient.samlapi; + +import java.io.IOException; +import java.io.PrintWriter; +import java.net.MalformedURLException; + +import javax.servlet.http.HttpServletResponse; + +import org.apache.xmlbeans.impl.util.Base64; + +import eu.emi.security.authn.x509.X509Credential; +import eu.unicore.samly2.SAMLConstants; +import eu.unicore.samly2.elements.NameID; +import eu.unicore.samly2.proto.AuthnRequest; +import eu.unicore.security.dsig.DSigException; + + +/** + * Implementation of utility methods for SAML authentication protocol used + * with SAML HTTP POST binding. This class offers code to generate the request. + * The request is generated in accordance with the SAML SSO profile. + * <p> + * Usage: + * (1) construct the object + * (2) invoke any setters to provide optional settings as to require signing of the request + * (3) invoke sendRequest() + * + * @author K. Benedyczak + * @since 2.0.0 + */ +public class SAMLAuthnPOSTRequestor +{ + //standard SAML POST binding name - SAML request is encoded in this field + public static final String REQ_SAML_REQUEST = "SAMLRequest"; + //standard SAML POST binding name - relay state + public static final String RELAY_STATE = "RelayState"; + + private String returnURL; + protected NameID issuer; + protected String identityProviderUrl; + protected String requestedFormat = null; + protected String relayState = null; + protected X509Credential credential = null; + + + + /** + * Setups the object. + * @param issuer URI which will be used as SAML request issuer (of SAML type 'entity'). + * @param returnURL return URL + * @param identityProviderURL SAML POST binding endpoint URL of the IdP, also will be used as destination + * @throws SecuritySetupException + * @throws MalformedURLException + */ + public SAMLAuthnPOSTRequestor(String issuer, String returnURL, String identityProviderURL) + throws SecuritySetupException, MalformedURLException + { + if (issuer == null || returnURL == null || identityProviderURL == null) + throw new IllegalArgumentException("Issuer, returnURL and identityProvider must be provided"); + this.returnURL = returnURL; + this.issuer = new NameID(issuer, SAMLConstants.NFORMAT_ENTITY); + this.identityProviderUrl = identityProviderURL; + } + + /** + * Sets the requested identity format. + * @param reqFormat The format in which identity shall be returned. + * See {@link SAMLConstants}.NFORMAT_*. + */ + public void setRequestedFormat(String reqFormat) + { + this.requestedFormat = reqFormat; + } + + /** + * Causes the message to be signed. + * @param credential + */ + public void setSignParams(X509Credential credential) + { + this.credential = credential; + } + + public void setRelayState(String state) + { + if (state.length() > 80) + throw new IllegalArgumentException("The length of the relayState must not exceed 80 characters."); + relayState = state; + } + + public void sendRequest(HttpServletResponse resp) throws IOException, InvalidSignatureException + { + AuthnRequest request = createRequest(); + configureHttpResponse(resp); + String htmlResponse = getHtmlContents(identityProviderUrl, request, relayState); + PrintWriter writer = resp.getWriter(); + writer.write(htmlResponse); + writer.flush(); + } + + + /* + * Low level utility methods. Exposed, but typically need not to be used. + */ + + /** + * Low level method, typically need not to be used. Creates a new request. + * @return A new signed SAML authentication request. + * @throws InvalidSignatureException + */ + public AuthnRequest createRequest() throws InvalidSignatureException + { + AuthnRequest request = new AuthnRequest(issuer.getXBean()); + if (requestedFormat != null) + request.setFormat(requestedFormat); + request.getXMLBean().setDestination(identityProviderUrl); + request.getXMLBean().setAssertionConsumerServiceURL(returnURL); + + if (credential != null) + { + try + { + request.sign(credential.getKey(), credential.getCertificateChain()); + } catch (DSigException e) + { + throw new InvalidSignatureException("Can't sign request: " + + e); + } + } + return request; + } + + /** + * Configures the provided HTTP response object with the mandatory and suggested + * parameters as content type or expiration, so the response can be used to return + * the auto-submitting HTML response form. + * @param resp + */ + public static void configureHttpResponse(HttpServletResponse resp) + { + resp.setContentType("text/html; charset=utf-8"); + resp.setHeader("Cache-Control","no-cache,no-store,must-revalidate"); + resp.setHeader("Pragma","no-cache"); + resp.setDateHeader("Expires", -1); + } + + /** + * @see #getHtmlContents(String, String, String) + */ + public static String getHtmlContents(String identityProviderURL, + AuthnRequest request, String relayState) + { + return getHtmlContents(identityProviderURL, + request.getXMLBeanDoc().xmlText(), relayState); + } + + /** + * Utility to prepare default POST HTML form to the writer. The form will be automatically + * POSTed to given IdP, with the relayState (optional) and assertion. + * @param identityProviderURL where the request will be targeted. In general it will be + * servlet URL. + * @param xmlRequest request to be encoded and sent as a raw XML string. + * @param relayState arbitrary data (encoded in HTML compatible form!) to be passed + * - it should be returned with response without changes. Can be null. + */ + public static String getHtmlContents(String identityProviderURL, + String xmlRequest, String relayState) + { + String f = formForm.replace("__ACTION__", identityProviderURL); + f = f.replace("__RELAYSTATE__", relayState == null ? "" : relayState); + String encodedReq = new String(Base64.encode(xmlRequest.getBytes())); + f = f.replace("__SAMLREQUEST__", encodedReq); + return f; + } + + private static final String formForm = + "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + + "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" " + + "\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">" + + "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">" + + "<body " + + "onload=\"document.forms[0].submit()\"" + + ">" + + "<noscript>" + + "<p>" + + "<strong>Note:</strong> Since your browser does not support JavaScript," + + "you must press the Continue button once to proceed." + + "</p>" + + "</noscript>" + + "<form action=\"" + + "__ACTION__" + + "\" method=\"post\">" + + "<div>" + + "<input type=\"hidden\" name=\""+ RELAY_STATE + "\" value=\"" + + "__RELAYSTATE__" + + "\"/>" + + "<input type=\"hidden\" name=\""+ REQ_SAML_REQUEST + "\" value=\"" + + "__SAMLREQUEST__" + + "\"/>" + + "</div>" + + "<noscript>" + + "<div>" + + "<input type=\"submit\" value=\"Continue\"/>" + + "</div>" + + "</noscript>" + + "</form>" + + "</body></html>"; + +} Deleted: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLErrorResponseException.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLErrorResponseException.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLErrorResponseException.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2007, 2008 ICM Uniwersytet Warszawski All rights reserved. - * See LICENCE file for licencing information. - * - * Created on Sep 27, 2007 - * Author: K. Benedyczak <go...@ma...> - */ - -package pl.edu.icm.unicore.uvos.wsclient.samlapi; - -/** - * Thrown when SAML response received has status other then OK, i.e. there is - * SAML domain error signaled by server side. - * @author K. Benedyczak - */ -@SuppressWarnings("serial") -public class SAMLErrorResponseException extends Exception -{ - private String status, subStatus; - - public SAMLErrorResponseException(String msg, String status, String subStatus) - { - super(msg); - this.status = status; - this.subStatus = subStatus; - } - - public String getStatus() - { - return status; - } - - public String getSubStatus() - { - return subStatus; - } - - public String toString() - { - String msg = "SAML domain error"; - if (getMessage() != null) - msg += ": " + getMessage(); - if (status != null) - { - msg += " (status is: " + status; - if (subStatus != null) - msg += " substatus is: " + subStatus; - msg += ")"; - } - return msg; - } -} Deleted: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientPOST.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientPOST.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientPOST.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -1,292 +0,0 @@ -/* - * Copyright (c) 2007, 2008 ICM Uniwersytet Warszawski All rights reserved. - * See LICENCE file for licencing information. - * - * Created on Sep 24, 2007 - * Author: K. Benedyczak <go...@ma...> - */ - -package pl.edu.icm.unicore.uvos.wsclient.samlapi; - -import java.net.MalformedURLException; -import java.net.URI; -import java.security.PublicKey; - -import org.apache.xmlbeans.XmlException; -import org.apache.xmlbeans.impl.util.Base64; - -import eu.emi.security.authn.x509.X509CertChainValidator; -import eu.emi.security.authn.x509.X509Credential; -import eu.unicore.samly2.SAMLConstants; -import eu.unicore.samly2.assertion.Assertion; -import eu.unicore.samly2.elements.NameID; -import eu.unicore.samly2.exceptions.SAMLParseException; -import eu.unicore.samly2.proto.AssertionResponse; -import eu.unicore.samly2.proto.AuthnRequest; -import eu.unicore.util.httpclient.IClientConfiguration; - -import pl.edu.icm.unicore.uvos.api.Identity; -import pl.edu.icm.unicore.uvos.api.exceptions.InvalidValueException; -import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.SAMLXMLBeansMapper; -import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.UnsupportedSAMLException; -import xmlbeans.org.oasis.saml2.assertion.AuthnStatementType; -import xmlbeans.org.oasis.saml2.assertion.SubjectType; -import xmlbeans.org.oasis.saml2.protocol.ResponseDocument; - -/** - * Implementation of utility methods for SAML authentication protocol used - * with SAML HTTP POST binding. - * @author K. Benedyczak - */ -public class SAMLVOAuthnClientPOST extends AbstractSAMLBase -{ - private String returnURL; - protected NameID issuer; - - /** - * Setups the object. - * @param address server address to use. - * @param secProv security configuration used to setup TLS and local identity - * @param issuer URI which will be used as SAML request issuer (of SAML type 'entity'). - * @param returnURL return URL - * @param validator used to check retrieved assertion signature issuer - * @throws SecuritySetupException - * @throws MalformedURLException - */ - public SAMLVOAuthnClientPOST(IClientConfiguration secProv, - URI issuer, URI returnURL, X509CertChainValidator validator) - throws SecuritySetupException, MalformedURLException - { - super(); - this.returnURL = returnURL.toString(); - if (issuer == null) - throw new IllegalArgumentException("No issuer was provided"); - this.issuer = new NameID(issuer.toString(), - SAMLConstants.NFORMAT_ENTITY); - setDSigPolicy(true, true, secProv.getCredential(), validator); - } - - @Override - public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, - X509Credential credential, PublicKey publicKey) - { - if (!requireSignedAssertion) - throw new IllegalArgumentException("For SAML authentication, the signatures of " + - "response assertions must be required"); - super.setDSigPolicy(requireSignedReqResp, requireSignedAssertion, credential, publicKey); - } - - @Override - public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, - X509Credential credential, X509CertChainValidator validator) - { - if (!requireSignedAssertion) - throw new IllegalArgumentException("For SAML authentication, the signatures of " + - "response assertions must be required"); - super.setDSigPolicy(requireSignedReqResp, requireSignedAssertion, credential, validator); - } - - /** - * Extracts subject from authentication assertion and returns - * it wrapped in Identity object. - * @param ass authentication assertion. - * @return - */ - public static Identity getIdentityFromAssertion(Assertion ass) - { - AuthnStatementType aS[] = ass.getAuthStatements(); - if (aS == null || aS.length != 1) - throw new IllegalArgumentException("The assertion passed has zero or" + - " more then one authentication statements."); - SubjectType subject = ass.getXML().getAssertion().getSubject(); - if (subject == null) - throw new IllegalArgumentException("The assertion passed has no subject" + - "set."); - if (subject.getNameID() == null) - throw new IllegalArgumentException("The subjeect in assertion passed has" + - " no nameID set."); - try - { - return SAMLXMLBeansMapper.map2APIIdentity(subject.getNameID()); - } catch (InvalidValueException e) - { - throw new IllegalArgumentException("The subjeect in assertion passed can not be parsed: " + - e.toString()); - } - } - - /** - * Utility to encode to base64 form (ready to be put into - * HTTP form) a SAML authn request. - * @param request to be encoded - * @return encoded string - */ - public static String encodeRequest(AuthnRequest request) - { - String assertion = request.getDoc().xmlText(); - return new String(Base64.encode(assertion.getBytes())); - } - - /** - * Utility to decode from base64 string the SAML AssertionResponse. - * The response is parsed initially and wrapped as {@link AssertionResponse} - * object. - * @param response - * @return - * @throws SAMLParseException - */ - public static AssertionResponse decodeResponse(String response) - throws SAMLParseException - { - String respString = new String(Base64.decode(response.getBytes())); - ResponseDocument xmlRespDoc; - try - { - xmlRespDoc = ResponseDocument.Factory.parse(respString); - } catch (XmlException e) - { - throw new SAMLParseException(e.getMessage()); - } - AssertionResponse resp = new AssertionResponse(xmlRespDoc); - resp.parse(); - return resp; - } - - /** - * Utility to write default POST form to the writer. The form will be automatically - * POSTed to given IdP, with the relayState (optional) and assertion. - * @param identityProviderURL where the request will be targeted. In general it will be - * servlet URL. - * @param request request to be encoded and sent. - * @param relayState arbitrary data (encoded in HTML compatible form!) to be passed - * - it should be returned with response without changes. Can be null. - */ - public static String writeRequestForm(String identityProviderURL, - AuthnRequest request, String relayState) - { - String f = formForm.replace("__ACTION__", identityProviderURL); - f = f.replace("__RELAYSTATE__", relayState == null ? "" : relayState); - String encodedReq = encodeRequest(request); - f = f.replace("__SAMLREQUEST__", encodedReq); - return f; - } - - - - - /** - * Creates a new request. - * @param requestedFormat The format in which identity shall be returned. - * See {@link SAMLConstants}.NFORMAT_*. - * @return A new signed SAML authentication request. - * @throws InvalidSignatureException - */ - public AuthnRequest createRequest(String requestedFormat) - throws InvalidSignatureException - { - AuthnRequest request = new AuthnRequest(issuer); - if (requestedFormat != null) - request.setFormat(requestedFormat); - request.setConsumerURL(returnURL); - - signIfNeeded(request); - - return request; - } - - - /** - * Does processing of already decoded assertion response and returns - * the first authentication assertion found wrapped into {@link Assertion}. - * - * @param resp - * @return - * @throws SAMLErrorResponseException - * @throws SAMLParseException - * @throws UnsupportedSAMLException - * @throws InvalidSignatureException - */ - public Assertion processAuthnResponse(AssertionResponse resp) - throws SAMLErrorResponseException, SAMLParseException, - UnsupportedSAMLException, InvalidSignatureException - { - if (!resp.isStatusOK()) - throw new SAMLErrorResponseException(resp.getErrorMessage(), - resp.getErrorStatus(), resp.getSubErrorStatus()); - - checkResponseSignature(resp); - - Assertion[] assertions; - try - { - assertions = resp.getAssertions(); - } catch (Exception e) - { - throw new SAMLParseException(e.toString()); - } - - if (assertions.length == 0) - return null; - if (assertions.length > 1) - throw new UnsupportedSAMLException( - "More than one assertion was returned. It is OK," + - "however this implementation supports only " + - "responses with a single assertion."); - Assertion assertion = assertions[0]; - - checkAssertionSignature(resp, assertion); - - return assertion; - } - - /** - * Decodes and then processes the response as taken from HTTP POST parameter. - * @param response in base64 form. - * @return - * @throws SAMLParseException - * @throws SAMLErrorResponseException - * @throws UnsupportedSAMLException - * @throws InvalidSignatureException - */ - public Assertion decodeAndProcess(String response) throws SAMLParseException, - SAMLErrorResponseException, UnsupportedSAMLException, InvalidSignatureException - { - AssertionResponse resp = decodeResponse(response); - return processAuthnResponse(resp); - } - - - private static final String formForm = - "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + - "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" " + - "\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">" + - "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">" + - "<body " + - "onload=\"document.forms[0].submit()\"" + - ">" + - "<noscript>" + - "<p>" + - "<strong>Note:</strong> Since your browser does not support JavaScript," + - "you must press the Continue button once to proceed." + - "</p>" + - "</noscript>" + - "<form action=\"" + - "__ACTION__" + - "\" method=\"post\">" + - "<div>" + - "<input type=\"hidden\" name=\"RelayState\" value=\"" + - "__RELAYSTATE__" + - "\"/>" + - "<input type=\"hidden\" name=\"SAMLRequest\" value=\"" + - "__SAMLREQUEST__" + - "\"/>" + - "</div>" + - "<noscript>" + - "<div>" + - "<input type=\"submit\" value=\"Continue\"/>" + - "</div>" + - "</noscript>" + - "</form>" + - "</body></html>"; - -} Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientSOAP.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientSOAP.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOAuthnClientSOAP.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -10,19 +10,22 @@ import java.net.MalformedURLException; import java.net.URI; -import java.security.PublicKey; +import java.util.List; import eu.emi.security.authn.x509.X509CertChainValidator; -import eu.emi.security.authn.x509.X509Credential; +import eu.unicore.samly2.SAMLBindings; import eu.unicore.samly2.assertion.Assertion; -import eu.unicore.samly2.exceptions.SAMLParseException; -import eu.unicore.samly2.proto.AssertionResponse; +import eu.unicore.samly2.exceptions.SAMLValidationException; +import eu.unicore.samly2.validators.AssertionValidator; +import eu.unicore.samly2.validators.ReplayAttackChecker; +import eu.unicore.samly2.validators.SSOAuthnResponseValidator; import eu.unicore.util.httpclient.IClientConfiguration; import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.SAMLAuthnInterface; import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.UVOSFault; import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.UnsupportedSAMLException; +import xmlbeans.org.oasis.saml2.assertion.AssertionDocument; import xmlbeans.org.oasis.saml2.protocol.AuthnRequestDocument; import xmlbeans.org.oasis.saml2.protocol.ResponseDocument; @@ -35,12 +38,13 @@ * <li>Always requires signed assertion in response. * <li>Always signing the request. * </ul> + * * @author K. Benedyczak */ public class SAMLVOAuthnClientSOAP extends SAMLVOClient { private SAMLAuthnInterface proxy; - private SAMLVOAuthnClientPOST util; + private SAMLAuthnPOSTRequestor util; /** * Use this constructor if you want to use SAML SOAP binding. @@ -51,18 +55,20 @@ * @throws SecuritySetupException * @throws MalformedURLException */ - public SAMLVOAuthnClientSOAP(String address, IClientConfiguration secProv, + public SAMLVOAuthnClientSOAP(String address, + IClientConfiguration secProv, URI issuer, X509CertChainValidator validator) throws SecuritySetupException, MalformedURLException { super(address, secProv, issuer); - setDSigPolicy(true, true, secProv.getCredential(), validator); try { if (proxy == null) proxy = fact.getSAMLAuthnClient(address); } catch (MalformedURLException e){} - util = new SAMLVOAuthnClientPOST(secProv, issuer, issuer, validator); + String idpUri = fact.getSAMLAuthnClientAddress(address); + util = new SAMLAuthnPOSTRequestor(issuer.toASCIIString(), issuer.toASCIIString(), + idpUri); } @Override @@ -71,28 +77,6 @@ return proxy; } - @Override - public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, - X509Credential credential, PublicKey publicKey) - { - if (!requireSignedAssertion) - throw new IllegalArgumentException("For SAML authentication, the signatures of " + - "response assertions must be required"); - super.setDSigPolicy(requireSignedReqResp, requireSignedAssertion, credential, publicKey); - requireSignedResp = false; - } - - @Override - public void setDSigPolicy(boolean requireSignedReqResp, boolean requireSignedAssertion, - X509Credential credential, X509CertChainValidator validator) - { - if (!requireSignedAssertion) - throw new IllegalArgumentException("For SAML authentication, the signatures of " + - "response assertions must be required"); - super.setDSigPolicy(requireSignedReqResp, requireSignedAssertion, credential, validator); - requireSignedResp = false; - } - /** * Performs SOAP request. * @param requestedFormat requested SAML name format to be returned. @@ -103,11 +87,11 @@ * @throws InvocationException * @throws SAMLErrorResponseException */ - public Assertion authenticate(String requestedFormat) throws SAMLParseException, - UnsupportedSAMLException, InvalidSignatureException, InvocationException, - SAMLErrorResponseException + public Assertion authenticate(String requestedFormat) throws SAMLValidationException, + UnsupportedSAMLException, InvalidSignatureException, InvocationException { - AuthnRequestDocument reqDoc = util.createRequest(requestedFormat).getDoc(); + util.setRequestedFormat(requestedFormat); + AuthnRequestDocument reqDoc = util.createRequest().getXMLBeanDoc(); ResponseDocument xmlRespDoc; try { @@ -118,35 +102,24 @@ throw new InvocationException(e); } - AssertionResponse resp = new AssertionResponse(xmlRespDoc); - resp.parse(); + SSOAuthnResponseValidator validator = new SSOAuthnResponseValidator( + null, + null, + reqDoc.getAuthnRequest().getID(), + AssertionValidator.DEFAULT_VALIDITY_GRACE_PERIOD, + getTrustChecker(), + new ReplayAttackChecker(), + SAMLBindings.SOAP); + validator.validate(xmlRespDoc); - if (!resp.isStatusOK()) - throw new SAMLErrorResponseException(resp.getErrorMessage(), - resp.getErrorStatus(), resp.getSubErrorStatus()); - - checkResponseSignature(resp); - - Assertion[] assertions; - try - { - assertions = resp.getAssertions(); - } catch (Exception e) - { - throw new SAMLParseException(e.toString()); - } + List<AssertionDocument> assertions = validator.getAuthNAssertions(); - if (assertions.length == 0) - return null; - if (assertions.length > 1) + if (assertions.size() > 1) throw new UnsupportedSAMLException( "More than one assertion was returned. It is OK," + "however this implementation supports only " + "responses with a single assertion."); - Assertion assertion = assertions[0]; - - checkAssertionSignature(resp, assertion); - - return assertion; + AssertionDocument assertion = assertions.get(0); + return new Assertion(assertion); } } Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClient.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOClient.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -11,11 +11,15 @@ import java.net.MalformedURLException; import java.net.URI; import java.net.URL; +import java.security.cert.X509Certificate; import org.apache.xmlbeans.XmlObject; +import eu.emi.security.authn.x509.X509CertChainValidator; import eu.unicore.samly2.SAMLConstants; import eu.unicore.samly2.elements.NameID; +import eu.unicore.samly2.trust.PKISamlTrustChecker; +import eu.unicore.samly2.trust.SamlTrustChecker; import eu.unicore.util.httpclient.IClientConfiguration; import pl.edu.icm.unicore.uvos.wsclient.api.UVOSClientFactory; @@ -27,12 +31,15 @@ * * @author K. Benedyczak */ -public abstract class SAMLVOClient extends AbstractSAMLBase +public abstract class SAMLVOClient { protected String address; protected NameID issuer; protected boolean autoIssuer; protected UVOSClientFactory fact; + //private is intended! + private SamlTrustChecker trustChecker; + protected transient X509CertChainValidator validator; protected XmlObject lastResponse; @@ -55,7 +62,7 @@ NameID issuer) throws SecuritySetupException, MalformedURLException { - super(); + this.validator = secCfg.getValidator(); new URL(address); this.address = address; fact = new UVOSClientFactory(secCfg); @@ -66,6 +73,7 @@ this.autoIssuer = false; } else { + X509Certificate[] certificateC = null; if (secCfg.getCredential() != null) certificateC = secCfg.getCredential().getCertificateChain(); if (certificateC == null || certificateC.length == 0) @@ -79,6 +87,16 @@ } } + /** + * Allows to set manually the trust checker. If not set the default trust checker + * will be used for this class extension. + * @param trustChecker + */ + public void setTrustChecker(SamlTrustChecker trustChecker) + { + this.trustChecker = trustChecker; + } + public XmlObject getLastResponse() { return lastResponse; @@ -90,5 +108,14 @@ autoIssuer = false; } + protected SamlTrustChecker getTrustChecker() + { + if (trustChecker != null) + return trustChecker; + //for SOAP binding (we assume TLS) we use a trivial trust model + //-> everything is trusted if correctly signed or if unsigned + return new PKISamlTrustChecker(validator, true); + } + public abstract Object getProxy(); } Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOMapClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOMapClient.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOMapClient.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -18,9 +18,9 @@ import eu.unicore.samly2.SAMLConstants; import eu.unicore.samly2.elements.NameID; import eu.unicore.samly2.elements.NameIDPolicy; -import eu.unicore.samly2.exceptions.SAMLParseException; +import eu.unicore.samly2.exceptions.SAMLValidationException; import eu.unicore.samly2.proto.NameIDMappingRequest; -import eu.unicore.samly2.proto.NameIDMappingResponse; +import eu.unicore.samly2.validators.NameIDMappingResponseValidator; import eu.unicore.util.httpclient.IClientConfiguration; import pl.edu.icm.unicore.uvos.api.Identity; @@ -76,8 +76,8 @@ } public Identity mapIdentity(Identity toBeMapped, IdentityType mappedTo) - throws InvocationException, InvalidSignatureException, SAMLParseException, - SAMLErrorResponseException, UnsupportedSAMLException, InvalidValueException + throws InvocationException, InvalidSignatureException, SAMLValidationException, + UnsupportedSAMLException, InvalidValueException { List<Identity> list = mapIdentityGeneric(toBeMapped, mappedTo.toString()); @@ -88,7 +88,7 @@ public List<Identity> mapIdentity(Identity toBeMapped) throws InvalidSignatureException, InvocationException, - SAMLParseException, SAMLErrorResponseException, UnsupportedSAMLException, InvalidValueException + SAMLValidationException, UnsupportedSAMLException, InvalidValueException { return mapIdentityGeneric(toBeMapped, SAMLConstants.NFORMAT_UNSPEC); } @@ -99,36 +99,33 @@ private List<Identity> mapIdentityGeneric(Identity toBeMapped, String format) throws InvalidSignatureException, InvocationException, - SAMLParseException, SAMLErrorResponseException, UnsupportedSAMLException, InvalidValueException + SAMLValidationException, UnsupportedSAMLException, InvalidValueException { NameID toMap = new NameID(toBeMapped.getValue(), toBeMapped.getType().toString()); NameIDPolicy policy = new NameIDPolicy(format); - NameIDMappingRequest request = new NameIDMappingRequest(issuer, - toMap, policy); + NameIDMappingRequest request = new NameIDMappingRequest(issuer.getXBean(), + toMap.getXBean(), policy.getXBean()); - signIfNeeded(request); - NameIDMappingResponseDocument respDoc = null; try { - respDoc = mappingProxy.mapNameId(request.getDoc()); + respDoc = mappingProxy.mapNameId(request.getXMLBeanDoc()); lastResponse = respDoc; } catch (Exception e) { throw new InvocationException(e); } - NameIDMappingResponse resp = new NameIDMappingResponse(respDoc); - resp.parse(); + NameIDMappingResponseValidator validator = new NameIDMappingResponseValidator( + null, + request.getXMLBean().getID(), + getTrustChecker()); + validator.validate(respDoc); - if (!resp.isStatusOK()) - throw new SAMLErrorResponseException(resp.getErrorMessage(), - resp.getErrorStatus(), resp.getSubErrorStatus()); - - checkResponseSignature(resp); - NameIDMappingResponseType rr = respDoc.getNameIDMappingResponse(); + if (rr.getEncryptedID() != null) + throw new SAMLValidationException("Unsupported encrypted nameID received"); Identity baseMap = SAMLXMLBeansMapper.map2APIIdentity(rr.getNameID()); List<Identity> ret = new ArrayList<Identity>(); @@ -140,7 +137,7 @@ } private boolean addFromExts(List<Identity> ret, ExtensionsType exts) - throws SAMLParseException, InvalidValueException + throws SAMLValidationException, InvalidValueException { if (exts == null) return false; Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOMapClientInterface.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOMapClientInterface.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOMapClientInterface.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -10,7 +10,7 @@ import java.util.List; -import eu.unicore.samly2.exceptions.SAMLParseException; +import eu.unicore.samly2.exceptions.SAMLValidationException; import pl.edu.icm.unicore.uvos.api.Identity; import pl.edu.icm.unicore.uvos.api.IdentityType; @@ -35,7 +35,7 @@ * @throws InvalidValueException */ public abstract Identity mapIdentity(Identity toBeMapped, - IdentityType mappedTo) throws InvocationException, InvalidSignatureException, SAMLParseException, SAMLErrorResponseException, UnsupportedSAMLException, InvalidValueException; + IdentityType mappedTo) throws InvocationException, InvalidSignatureException, SAMLValidationException, UnsupportedSAMLException, InvalidValueException; /** * Retrieves the list of all equivalent identities to the given one. @@ -48,6 +48,6 @@ * @throws InvalidSignatureException * @throws InvalidValueException */ - public abstract List<Identity> mapIdentity(Identity toBeMapped) throws InvalidSignatureException, InvocationException, SAMLParseException, SAMLErrorResponseException, UnsupportedSAMLException, InvalidValueException; + public abstract List<Identity> mapIdentity(Identity toBeMapped) throws InvalidSignatureException, InvocationException, SAMLValidationException, UnsupportedSAMLException, InvalidValueException; } \ No newline at end of file Modified: uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClient.java =================================================================== --- uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClient.java 2013-01-07 11:02:18 UTC (rev 15394) +++ uvos/uvos-client/trunk/src/main/java/pl/edu/icm/unicore/uvos/wsclient/samlapi/SAMLVOQueryClient.java 2013-01-07 11:04:12 UTC (rev 15395) @@ -22,9 +22,10 @@ import eu.unicore.samly2.assertion.Assertion; import eu.unicore.samly2.elements.SAMLAttribute; import eu.unicore.samly2.elements.Subject; -import eu.unicore.samly2.exceptions.SAMLParseException; -import eu.unicore.samly2.proto.AssertionResponse; +import eu.unicore.samly2.exceptions.SAMLValidationException; import eu.unicore.samly2.proto.AttributeQuery; +import eu.unicore.samly2.validators.AssertionValidator; +import eu.unicore.samly2.validators.AttributeAssertionResponseValidator; import eu.unicore.util.httpclient.IClientConfiguration; import pl.edu.icm.unicore.uvos.api.Attribute; @@ -36,6 +37,7 @@ import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.SAMLQueryInterface; import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.SAMLXMLBeansMapper; import pl.edu.icm.unicore.uvos.wsapi.xmlbeans.UnsupportedSAMLException; +import xmlbeans.org.oasis.saml2.assertion.AssertionDocument; import xmlbeans.org.oasis.saml2.assertion.AttributeStatementType; import xmlbeans.org.oasis.saml2.assertion.AttributeType; import xmlbeans.org.oasis.saml2.protocol.AttributeQueryType; @@ -83,15 +85,15 @@ } public List<Attribute> getAttributes(Identity whose, String attributeName) - throws SAMLParseException, UnsupportedSAMLException, - InvalidSignatureException, InvocationException, SAMLErrorResponseException + throws SAMLValidationException, UnsupportedSAMLException, + InvalidSignatureException, InvocationException { return getAttributesGeneric(whose, attributeName, null, null, null); } public Attribute getAttribute(Identity whose, Group scope, String attributeName) - throws SAMLParseException, UnsupportedSAMLException, - InvalidSignatureException, InvocationException, SAMLErrorResponseException + throws SAMLValidationException, UnsupportedSAMLException, + InvalidSignatureException, InvocationException { List<Attribute> list = getAttributesGeneric(whose, attributeName, null, scope, SAMLConstants.SCOPE_TYPE_ATTRIBUTE); @@ -101,8 +103,8 @@ } public List<Attribute> getAttributes(Identity whose, Attribute attribute) - throws SAMLParseException, UnsupportedSAMLException, - InvalidSignatureException, InvocationException, SAMLErrorResponseException + throws SAMLValidationException, UnsupportedSAMLException, + InvalidSignatureException, InvocationException { return getAttributesGeneric(whose, attribute.getName(), @@ -110,8 +112,8 @@ } public Attribute getAttribute(Identity whose, Group scope, Attribute attribute) - throws SAMLParseException, UnsupportedSAMLException, - InvalidSignatureException, InvocationException, SAMLErrorResponseException + throws SAMLValidationException, UnsupportedSAMLException, + InvalidSignatureException, InvocationException { List<Attribute> list = getAttributesGeneric(whose, attribute.getName(), @@ -122,22 +124,22 @@ } public List<Attribute> getAttributes(Identity whose) throws - SAMLParseException, UnsupportedSAMLException, InvalidSignatureException, - InvocationException, SAMLErrorResponseException + SAMLValidationException, UnsupportedSAMLException, InvalidSignatureException, + InvocationException { return getAttributesGeneric(whose, null, null, null, null); } public List<Attribute> getAttributes(Identity whose, Group scope) - throws SAMLParseException, UnsupportedSAMLException, - InvalidSignatureException, Invocat... [truncated message content] |