perfsonar-dev - perfsonar: r3439 - in trunk/perfsonar_base: ant src/main/java/org/perfsonar/client/base/authn src/main/java/org/perfsonar/client/testHarness
Subject: perfsonar development work
List archive
perfsonar: r3439 - in trunk/perfsonar_base: ant src/main/java/org/perfsonar/client/base/authn src/main/java/org/perfsonar/client/testHarness
Chronological Thread
- From:
- To:
- Subject: perfsonar: r3439 - in trunk/perfsonar_base: ant src/main/java/org/perfsonar/client/base/authn src/main/java/org/perfsonar/client/testHarness
- Date: Mon, 3 Mar 2008 07:23:27 -0500
Author: rodriguez
Date: 2008-03-03 07:23:26 -0500 (Mon, 03 Mar 2008)
New Revision: 3439
Modified:
trunk/perfsonar_base/ant/const.properties
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/AuthNSAMLData.java
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/WSSAuthNSAMLData.java
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/WSSAuthNX509Data.java
trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/SOAPX509Client.java
Log:
Improving the timestamp issue when the security token is created
Modified: trunk/perfsonar_base/ant/const.properties
===================================================================
--- trunk/perfsonar_base/ant/const.properties 2008-03-03 07:54:01 UTC (rev
3438)
+++ trunk/perfsonar_base/ant/const.properties 2008-03-03 12:23:26 UTC (rev
3439)
@@ -13,4 +13,4 @@
# name of jar file to be created
jarfilename=perfsonar-base
# version of the product (will be included in the final name of jar file)
-version=1.0.20080225
+version=1.0.20080303
Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/AuthNSAMLData.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/AuthNSAMLData.java
2008-03-03 07:54:01 UTC (rev 3438)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/AuthNSAMLData.java
2008-03-03 12:23:26 UTC (rev 3439)
@@ -8,4 +8,5 @@
public interface AuthNSAMLData {
public Object addSAMLSTInMessage(Object message,SAMLAssertion
authAssertion,PrivateKey key,Collection certchain,String
cidPerfsonarResource,String cidPerfsonarClient) throws PerfSONARException;
+ public Object addSAMLSTInMessage(Object message,SAMLAssertion
authAssertion,PrivateKey key,Collection certchain,String
cidPerfsonarResource,String cidPerfsonarClient,int ttl) throws
PerfSONARException;
}
Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/WSSAuthNSAMLData.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/WSSAuthNSAMLData.java
2008-03-03 07:54:01 UTC (rev 3438)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/WSSAuthNSAMLData.java
2008-03-03 12:23:26 UTC (rev 3439)
@@ -6,9 +6,13 @@
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.Certificate;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
+import java.util.TimeZone;
import java.util.Vector;
import org.apache.axis.Message;
@@ -17,14 +21,18 @@
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.CredentialException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
import org.apache.xml.security.signature.XMLSignature;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -44,13 +52,22 @@
import org.w3c.dom.Text;
public class WSSAuthNSAMLData implements AuthNSAMLData {
- private String sigalg = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
+ private static int defaultTtl=900;
+
+ private String sigalg = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
private String digalg = MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1;
public Object addSAMLSTInMessage(Object message,
SAMLAssertion authAssertion, PrivateKey key,
Collection certchain,
String cidPerfsonarResource, String
cidPerfsonarClient)
throws PerfSONARException {
+ return addSAMLSTInMessage(message, authAssertion, key,
certchain, cidPerfsonarResource, cidPerfsonarClient, defaultTtl);
+ }
+
+ public Object addSAMLSTInMessage(Object message,
+ SAMLAssertion authAssertion, PrivateKey key,
Collection certchain,
+ String cidPerfsonarResource, String
cidPerfsonarClient, int ttl)
+ throws PerfSONARException {
if (!(message instanceof SOAPBodyElement)) {
throw new
PerfSONARException("error.as.body","WSSAuthNSAMLData: the method
addSAMLSTInMessage requires a SOAPBodyElement object");
}
@@ -80,7 +97,7 @@
try {
SAMLAssertion sa=getAssertionAsSecurityToken(authAssertion,
key, certchain, cidPerfsonarResource, cidPerfsonarClient);
-
+
Document doc = envelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
@@ -103,10 +120,11 @@
// Adding timestamp information
WSSecTimestamp timestamp = new WSSecTimestamp();
timestamp.prepare(doc);
+ adjustTime(timestamp,ttl/2);
WSSecurityUtil.prependChildElement(doc, secHeader
.getSecurityHeader(), timestamp.getElement(), false);
parts.add(new WSEncryptionPart(timestamp.getId()));
-
+
// Adding the SAML assertion as a binary token
BinarySecurity bs=new BinarySecurity(doc);
bs.setID("SAML");
@@ -124,7 +142,7 @@
Document signedDoc = sec509.build(doc, crypto, secHeader);
Message signedMsg = (Message) SOAPUtil.toSOAPMessage(signedDoc);
envelope = signedMsg.getSOAPEnvelope();
-
+
/* Document doc = envelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.setActor("we");
@@ -154,7 +172,7 @@
cond.addAudience(cidPerfsonarResource);
authStatementAssertion.addCondition(cond);
authStatementAssertion.setIssuer(cidPerfsonarClient);
-
+
SAMLSubject subject=new SAMLSubject();
subject.addConfirmationMethod("relayed-trust");
Iterator<?> it=authAssertion.getStatements();
@@ -166,26 +184,52 @@
subject.setNameIdentifier(new
SAMLNameIdentifier(old.getName(),old.getNameQualifier(),old.getFormat()));
}
}
- try {
+ try {
Document request =
authAssertion.toDOM().getOwnerDocument();
Element c=request.createElementNS(XML.SAML_NS,
"SubjectConfirmationData");
c.appendChild(authAssertion.toDOM());
-
+
subject.setConfirmationData(c);
} catch (Exception pce) {
pce.printStackTrace();
}
-
+
SAMLAuthenticationStatement authStatement=new
SAMLAuthenticationStatement();
authStatement.setAuthMethod(SAMLAuthenticationStatement.AuthenticationMethod_Unspecified);
authStatement.setAuthInstant(new Date());
authStatement.setSubject(subject);
authStatementAssertion.addStatement(authStatement);
-
+
authStatementAssertion.sign(sigalg, digalg, key, certchain);
-
+
return authStatementAssertion;
}
+
+ private void adjustTime(WSSecTimestamp timestamp, int range) throws
WSSecurityException {
+ DateFormat zulu = null;
+ if (WSSConfig.getDefaultWSConfig().isPrecisionInMilliSeconds()) {
+ zulu = new XmlSchemaDateFormat();
+ }
+ else {
+ zulu = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ zulu.setTimeZone(TimeZone.getTimeZone("UTC"));
+ }
+
+ Element e=timestamp.getElement();
+ Timestamp ts=new Timestamp(e);
+ Element e2=ts.getElement();
+ for (int i=0; i<e2.getChildNodes().getLength(); i++) {
+ Element e3=(Element)e2.getChildNodes().item(i);
+ if (e3.getNodeName().equals("wsu:Created")) {
+ ts.getCreated().add(Calendar.SECOND, -range);
+
e3.setTextContent(zulu.format(ts.getCreated().getTime()));
+ }
+ else if (e3.getNodeName().equals("wsu:Expires")) {
+ ts.getExpires().add(Calendar.SECOND, -range);
+
e3.setTextContent(zulu.format(ts.getExpires().getTime()));
+ }
+ }
+ }
}
Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/WSSAuthNX509Data.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/WSSAuthNX509Data.java
2008-03-03 07:54:01 UTC (rev 3438)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/authn/WSSAuthNX509Data.java
2008-03-03 12:23:26 UTC (rev 3439)
@@ -13,6 +13,10 @@
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.TimeZone;
import java.util.Vector;
import org.apache.axis.Message;
@@ -21,18 +25,23 @@
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.CredentialException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.perfsonar.base.auxiliary.components.authn.DynamicCrypto;
import org.perfsonar.base.auxiliary.components.authn.SOAPUtil;
import org.perfsonar.base.exceptions.PerfSONARException;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
public class WSSAuthNX509Data implements AuthNX509Data {
private static int defaultTtl=900;
@@ -63,7 +72,7 @@
return addX509STInMessage(message, privateKey, cert, ttl);
}
-
+
public Object addX509STInMessage(Object message,PrivateKey
privateKey,X509Certificate cert, int ttl) throws PerfSONARException {
if (!(message instanceof SOAPBodyElement)) {
throw new
PerfSONARException("error.as.body","WSSAuthNData: the method
addX509STInMessage requires a SOAPBodyElement object");
@@ -114,10 +123,11 @@
WSSecTimestamp timestamp = new WSSecTimestamp();
timestamp.setTimeToLive(ttl);
timestamp.prepare(doc);
+ adjustTime(timestamp,ttl/2);
WSSecurityUtil.prependChildElement(doc, secHeader
.getSecurityHeader(), timestamp.getElement(), false);
parts.add(new WSEncryptionPart(timestamp.getId()));
-
+
sec509.setParts(parts);
sec509.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
@@ -132,7 +142,7 @@
return envelope;
}
-
+
public Object addX509STInMessage(Object message,PrivateKey
privateKey,X509Certificate cert) throws PerfSONARException {
return addX509STInMessage(message,privateKey,cert,defaultTtl);
}
@@ -172,4 +182,31 @@
}
}
+ private void adjustTime(WSSecTimestamp timestamp, int range) throws
WSSecurityException {
+ DateFormat zulu = null;
+ if (WSSConfig.getDefaultWSConfig().isPrecisionInMilliSeconds()) {
+ zulu = new XmlSchemaDateFormat();
+ }
+ else {
+ zulu = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ zulu.setTimeZone(TimeZone.getTimeZone("UTC"));
+ }
+
+ Element e=timestamp.getElement();
+ Timestamp ts=new Timestamp(e);
+ Element e2=ts.getElement();
+ for (int i=0; i<e2.getChildNodes().getLength(); i++) {
+ Element e3=(Element)e2.getChildNodes().item(i);
+ System.out.println(">>>>>> "+e3.getNodeName());
+ if (e3.getNodeName().equals("wsu:Created")) {
+ ts.getCreated().add(Calendar.SECOND, -range);
+
e3.setTextContent(zulu.format(ts.getCreated().getTime()));
+ }
+ else if (e3.getNodeName().equals("wsu:Expires")) {
+ ts.getExpires().add(Calendar.SECOND, -range);
+
e3.setTextContent(zulu.format(ts.getExpires().getTime()));
+ }
+ System.out.println(">>>>>> "+e3.getTextContent());
+ }
+ }
}
Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/SOAPX509Client.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/SOAPX509Client.java
2008-03-03 07:54:01 UTC (rev 3438)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/SOAPX509Client.java
2008-03-03 12:23:26 UTC (rev 3439)
@@ -3,6 +3,10 @@
import java.io.File;
import java.io.FileWriter;
import java.net.URL;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.TimeZone;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
@@ -54,6 +58,10 @@
System.out.println("Response file: " + outputFile);
System.out.println("Private key file: " + keyFile);
System.out.println("Certificate file: " + certFile);
+ DateFormat zulu = new
SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ zulu.setTimeZone(TimeZone.getTimeZone("UTC"));
+ Calendar cal=Calendar.getInstance();
+ System.out.println("Date host: "+zulu.format(cal.getTime()));
// read the certificate... more or less...
// InputStream isCert=new FileInputStream(certFile);
@@ -73,7 +81,7 @@
request = builder.parse(new File(inputFile));
// build a SOAPBodyElement from the document
- SOAPBodyElement requestMessage =
+ SOAPBodyElement requestMessage =
new SOAPBodyElement(request.getDocumentElement());
AuthNX509Data
authnData=AuthNDataFactory.getDefaultAuthNX509Data();
- perfsonar: r3439 - in trunk/perfsonar_base: ant src/main/java/org/perfsonar/client/base/authn src/main/java/org/perfsonar/client/testHarness, svnlog, 03/03/2008
Archive powered by MHonArc 2.6.16.