Added stand-alone query role.
authorcantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 16 May 2005 18:43:26 +0000 (18:43 +0000)
committercantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 16 May 2005 18:43:26 +0000 (18:43 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1489 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

data/metadata10.xml [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/common/XML.java
src/edu/internet2/middleware/shibboleth/metadata/AttributeRequesterDescriptor.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/metadata/EntityDescriptor.java
src/edu/internet2/middleware/shibboleth/metadata/provider/XMLMetadataProvider.java
src/edu/internet2/middleware/shibboleth/xml/Parser.java
tests/edu/internet2/middleware/shibboleth/metadata/MetadataTests.java

diff --git a/data/metadata10.xml b/data/metadata10.xml
new file mode 100644 (file)
index 0000000..564e3b3
--- /dev/null
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:mdext="urn:oasis:names:tc:SAML:metadata:extension"
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../src/schemas/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:metadata:extension ../src/schemas/saml-schema-metadata-ext.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+       <EntityDescriptor entityID="urn-x:testSP1">
+               <RoleDescriptor xsi:type="mdext:AttributeRequesterDescriptorType"
+                       protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                       <KeyDescriptor>
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>MIIC9zCCArQCBEJMcbswCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUTjEQ
+MA4GA1UEBxMHTWVtcGhpczENMAsGA1UEChMEVGVzdDENMAsGA1UECxMEVGVzdDEVMBMGA1UEAxMM
+V2FsdGVyIEhvZWhuMB4XDTA1MDMzMTIxNTUwN1oXDTA1MDYyOTIxNTUwN1owYTELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgTAlROMRAwDgYDVQQHEwdNZW1waGlzMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQL
+EwRUZXN0MRUwEwYDVQQDEwxXYWx0ZXIgSG9laG4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
+gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
+8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
+Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
+u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
+K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
+gYBGtD+qJdBIzaA/a0oeO/LhW06r9dsPz0LnBD7DLZAFaWpMbfaItwXWANCFleNPzou/mU8+bhOe
+FJ+fkGdW4zbg8lzLOOeRduELoO8srzOdyccmRIeRIkDVj0ckienw0skgKgAvilUWkDQcdpLvtfjl
+W7vFedSYzRQiLso+dFHanDALBgcqhkjOOAQDBQADMAAwLQIUU5z1Ppc7gbjkl3PhkiQghUoTm5YC
+FQCVg3Ej3Sdb8FpJwUXoqO4J6FU/UQ==
+</ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                       </KeyDescriptor>
+                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+               </RoleDescriptor>
+       </EntityDescriptor>
+</EntitiesDescriptor>
index b5c3cd2..ffd9f4a 100755 (executable)
@@ -61,6 +61,9 @@ public class XML
     /**  SAMLv2 Metadata XML namespace */
     public final static String SAML2META_NS = "urn:oasis:names:tc:SAML:2.0:metadata";
 
+    /**  SAMLv2 Metadata Extension XML namespace */
+    public final static String SAML2METAEXT_NS = "urn:oasis:names:tc:SAML:metadata:extension";
+    
     /**  SAMLv2 Assertion XML namespace */
     public final static String SAML2ASSERT_NS = "urn:oasis:names:tc:SAML:2.0:assertion";
     
@@ -78,10 +81,4 @@ public class XML
     
     public final static String MAIN_SHEMA_ID = "shibboleth-targetconfig-1.0.xsd";
     public final static String IDP_SHEMA_ID = "shibboleth-idpconfig-1.0.xsd";
-    
-    public final static String XMLSIG_RETMETHOD_RAWX509    = "http://www.w3.org/2000/09/xmldsig#rawX509Certificate";
-    public final static String XMLSIG_RETMETHOD_RAWX509CRL = "http://www.w3.org/2000/09/xmldsig-more#rawX509CRL";
-    public final static String SHIB_RETMETHOD_PEMX509      = "urn:mace:shibboleth:RetrievalMethod:pemX509Certificate";
-    public final static String SHIB_RETMETHOD_PEMX509CRL   = "urn:mace:shibboleth:RetrievalMethod:pemX509CRL";
-    
 }
diff --git a/src/edu/internet2/middleware/shibboleth/metadata/AttributeRequesterDescriptor.java b/src/edu/internet2/middleware/shibboleth/metadata/AttributeRequesterDescriptor.java
new file mode 100644 (file)
index 0000000..c21d544
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution, if any, must include the following acknowledgment: "This product includes
+ * software developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu>Internet2
+ * Project. Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2,
+ * nor the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please
+ * contact shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name,
+ * without prior written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS
+ * PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND
+ * NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS
+ * WITH LICENSEE. IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED
+ * INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.metadata;
+
+import java.util.Iterator;
+
+/**
+ * Corresponds to SAML Metadata Extension Schema "AttributeRequesterDescriptorType".
+ * 
+ * @author Scott Cantor
+ */
+public interface AttributeRequesterDescriptor extends RoleDescriptor {
+
+    public boolean getWantAssertionsSigned();
+
+    public Iterator /* <String> */ getNameIDFormats();
+    
+    public Iterator /* <AttributeConsumingService> */ getAttributeConsumingServices();
+
+    public AttributeConsumingService getDefaultAttributeConsumingService();
+    
+    public AttributeConsumingService getAttributeConsumingServiceByID(String id);
+}
index b8e5b34..716bbec 100644 (file)
@@ -65,6 +65,7 @@ public interface EntityDescriptor {
     public SPSSODescriptor getSPSSODescriptor(String protocol);
     public AuthnAuthorityDescriptor getAuthnAuthorityDescriptor(String protocol);
     public AttributeAuthorityDescriptor getAttributeAuthorityDescriptor(String protocol);
+    public AttributeRequesterDescriptor getAttributeRequesterDescriptor(String protocol);
     public PDPDescriptor getPDPDescriptor(String protocol);
     public AffiliationDescriptor getAffiliationDescriptor();
     
index 19c57d8..dbe3ad1 100644 (file)
@@ -39,6 +39,8 @@ import java.util.Iterator;
 import java.util.Map;
 import java.util.TimeZone;
 
+import javax.xml.namespace.QName;
+
 import org.apache.log4j.Logger;
 import org.apache.xml.security.encryption.EncryptionMethod;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -1022,6 +1024,51 @@ public class XMLMetadataProvider implements Metadata {
             return null;
         }
     }
+
+    class AttributeRequesterRole extends Role implements AttributeRequesterDescriptor {
+        private boolean wantAssertionsSigned = false;
+        private ArrayList /* <String> */ formats = new ArrayList();
+        
+        public AttributeRequesterRole(XMLEntityDescriptor provider, long validUntil, Element e) throws MetadataException {
+            super(provider, validUntil, e);
+
+            String flag=XML.assign(e.getAttributeNS(null,"WantAssertionsSigned"));
+            wantAssertionsSigned=(XML.safeCompare(flag,"1") || XML.safeCompare(flag,"true"));
+
+            NodeList nlist=e.getElementsByTagNameNS(edu.internet2.middleware.shibboleth.common.XML.SAML2META_NS,"NameIDFormat");
+            for (int i = 0; i < nlist.getLength(); i++) {
+                if (nlist.item(i).hasChildNodes()) {
+                    Node tnode = nlist.item(i).getFirstChild();
+                    if (tnode != null && tnode.getNodeType() == Node.TEXT_NODE) {
+                        formats.add(tnode.getNodeValue());
+                    }
+                }
+            }
+        }
+
+        public boolean getWantAssertionsSigned() {
+            return wantAssertionsSigned;
+        }
+
+        public Iterator getNameIDFormats() {
+            return formats.iterator();
+        }
+
+        public Iterator getAttributeConsumingServices() {
+            // TODO Auto-generated method stub
+            return null;
+        }
+
+        public AttributeConsumingService getDefaultAttributeConsumingService() {
+            // TODO Auto-generated method stub
+            return null;
+        }
+
+        public AttributeConsumingService getAttributeConsumingServiceByID(String id) {
+            // TODO Auto-generated method stub
+            return null;
+        }
+    }
     
     class XMLEntityDescriptor implements ExtendedEntityDescriptor {
         private Element root = null;
@@ -1092,6 +1139,12 @@ public class XMLMetadataProvider implements Metadata {
                     else if (XML.isElementNamed(child,edu.internet2.middleware.shibboleth.common.XML.SAML2META_NS,"SPSSODescriptor")) {
                         roles.add(new SPRole(this,validUntil,child));
                     }
+                    else if (XML.isElementNamed(child,edu.internet2.middleware.shibboleth.common.XML.SAML2META_NS,"RoleDescriptor")) {
+                        QName xsitype = XML.getQNameAttribute(child,XML.XSI_NS,"type");
+                        if (edu.internet2.middleware.shibboleth.common.XML.SAML2METAEXT_NS.equals(xsitype.getNamespaceURI()) &&
+                                "AttributeRequesterDescriptorType".equals(xsitype.getLocalPart()))
+                            roles.add(new AttributeRequesterRole(this,validUntil,child));
+                    }
                     child = XML.getNextSiblingElement(child);
                 }
             }
@@ -1234,6 +1287,10 @@ public class XMLMetadataProvider implements Metadata {
             return (AttributeAuthorityDescriptor)getRoleByType(AttributeAuthorityDescriptor.class, protocol);
         }
 
+        public AttributeRequesterDescriptor getAttributeRequesterDescriptor(String protocol) {
+            return (AttributeRequesterDescriptor)getRoleByType(AttributeRequesterDescriptor.class, protocol);
+        }
+        
         public PDPDescriptor getPDPDescriptor(String protocol) {
             return (PDPDescriptor)getRoleByType(PDPDescriptor.class, protocol);
         }
index b10639b..8ae7d5b 100644 (file)
@@ -85,6 +85,7 @@ public class Parser {
             "urn:mace:shibboleth:arp:1.0",
             "urn:mace:shibboleth:resolver:1.0",
             "urn:oasis:names:tc:SAML:2.0:metadata",
+            "urn:oasis:names:tc:SAML:metadata:extension",
             "urn:mace:shibboleth:target:config:1.0",
             "urn:mace:shibboleth:trust:1.0",
             "urn:mace:shibboleth:metadata:1.0",
@@ -99,6 +100,7 @@ public class Parser {
             "namemapper.xsd",
             "saml-schema-assertion-2.0.xsd",
             "saml-schema-metadata-2.0.xsd",
+            "saml-schema-metadata-ext.xsd",
             "shibboleth-arp-1.0.xsd",
             "shibboleth-idpconfig-1.0.xsd",
             "shibboleth-metadata-1.0.xsd",
index 2c4a5c3..5ec2129 100644 (file)
@@ -43,6 +43,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.InputSource;
 
+import edu.internet2.middleware.shibboleth.common.Constants;
 import edu.internet2.middleware.shibboleth.idp.IdPConfig;
 import edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata;
 import edu.internet2.middleware.shibboleth.xml.Parser;
@@ -195,4 +196,22 @@ public class MetadataTests extends TestCase {
                        fail("Failed to correctly load metadata: " + e);
                }
        }
+
+    public void testExtensionSAMLXML() {
+
+        try {
+            Metadata metadata = new XMLMetadata(new File("data/metadata10.xml").toURL().toString());
+
+            EntityDescriptor entity = metadata.lookup("urn-x:testSP1");
+            assertNotNull("Unable to find test provider", entity);
+
+            AttributeRequesterDescriptor ar = entity.getAttributeRequesterDescriptor(XML.SAML11_PROTOCOL_ENUM);
+            assertNotNull("Missing AR provider role.", ar);
+            
+            Iterator formats = ar.getNameIDFormats();
+            assertTrue("Encountered unexpected NameIDFormat", formats.hasNext() && Constants.SHIB_NAMEID_FORMAT_URI.equals(formats.next()));
+        } catch (Exception e) {
+            fail("Failed to correctly load metadata: " + e);
+        }
+    }
 }