added java-saml-core module, left servlet dependencies in java-saml

updated SamlResponse to take in the requestURL and SAMLResponse
parameter directly. the new module does not depend on
javax.servlet.*, meaning it can more easily be reused together with
different server stacks.

improved Util.getFileAsString() to work for classpath resources that are
in JARs as well (previously only on the filesystem worked).

Author: Luis Miranda

core/.gitignore

@@ -8,7 +8,7 @@
 
 	<packaging>jar</packaging>
 	<name>OneLogin java-saml Toolkit Core</name>
-	<artifactId>java-saml</artifactId>
+	<artifactId>java-saml-core</artifactId>
 
 	<dependencies>
 		<!-- for test -->
@@ -34,14 +34,6 @@
 			<scope>test</scope>
 		</dependency>
 
-		<!-- httprequest and httpresponse -->
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>servlet-api</artifactId>
-			<version>2.5</version>
-			<scope>provided</scope>
-		</dependency>
-
 		<!-- date and time library for Java -->
 		<dependency>
 			<groupId>joda-time</groupId>
@@ -85,6 +77,17 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+				<executions>
+					<execution>
+						<goals>
+							<goal>test-jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>

core/pom.xml

@@ -184,7 +184,7 @@ public boolean isValid(String requestId) {
 				if (requestId != null && !ObjectUtils.equals(responseInResponseTo, requestId)) {
 						throw new Exception("The InResponseTo of the Response: " + responseInResponseTo
 								+ ", does not match the ID of the AuthNRequest sent by the SP: " + requestId);
-					}
+				}
 
 				if (!this.encrypted && settings.getWantAssertionsEncrypted()) {
 					throw new Exception("The assertion of the Response is not encrypted and the SP requires it");
@@ -286,68 +286,68 @@ public boolean isValid(String requestId) {
 		}
 	}
 
-				// Check SubjectConfirmation, at least one SubjectConfirmation must be valid
+	// Check SubjectConfirmation, at least one SubjectConfirmation must be valid
 	private void validateSubjectConfirmation(String responseInResponseTo) throws Exception {
 		final List<SubjectConfirmationIssue> validationIssues = new ArrayList<>();
-				boolean validSubjectConfirmation = false;
-				NodeList subjectConfirmationNodes = this.queryAssertion("/saml:Subject/saml:SubjectConfirmation");
-				for (int i = 0; i < subjectConfirmationNodes.getLength(); i++) {
-					Node scn = subjectConfirmationNodes.item(i);
-
-					Node method = scn.getAttributes().getNamedItem("Method");
-					if (method != null && !method.getNodeValue().equals(Constants.CM_BEARER)) {
-						continue;
-					}
+		boolean validSubjectConfirmation = false;
+		NodeList subjectConfirmationNodes = this.queryAssertion("/saml:Subject/saml:SubjectConfirmation");
+		for (int i = 0; i < subjectConfirmationNodes.getLength(); i++) {
+			Node scn = subjectConfirmationNodes.item(i);
+
+			Node method = scn.getAttributes().getNamedItem("Method");
+			if (method != null && !method.getNodeValue().equals(Constants.CM_BEARER)) {
+				continue;
+			}
 
-					NodeList subjectConfirmationDataNodes = scn.getChildNodes();
-					for (int c = 0; c < subjectConfirmationDataNodes.getLength(); c++) {
-						if (subjectConfirmationDataNodes.item(c).getLocalName() != null && subjectConfirmationDataNodes.item(c).getLocalName().equals("SubjectConfirmationData")) {
+			NodeList subjectConfirmationDataNodes = scn.getChildNodes();
+			for (int c = 0; c < subjectConfirmationDataNodes.getLength(); c++) {
+				if (subjectConfirmationDataNodes.item(c).getLocalName() != null && subjectConfirmationDataNodes.item(c).getLocalName().equals("SubjectConfirmationData")) {
 
-							Node recipient = subjectConfirmationDataNodes.item(c).getAttributes().getNamedItem("Recipient");
+					Node recipient = subjectConfirmationDataNodes.item(c).getAttributes().getNamedItem("Recipient");
 					if (recipient == null) {
 						validationIssues.add(new SubjectConfirmationIssue(i, "SubjectConfirmationData doesn't contain a Recipient"));
 						continue;
 					}
 
 					if (!recipient.getNodeValue().equals(currentUrl)) {
 						validationIssues.add(new SubjectConfirmationIssue(i, "SubjectConfirmationData doesn't match a valid Recipient"));
-								continue;
-							}
+						continue;
+					}
 
-							Node inResponseTo = subjectConfirmationDataNodes.item(c).getAttributes().getNamedItem("InResponseTo");
+					Node inResponseTo = subjectConfirmationDataNodes.item(c).getAttributes().getNamedItem("InResponseTo");
 					if (inResponseTo == null && responseInResponseTo != null ||
 							inResponseTo != null && !inResponseTo.getNodeValue().equals(responseInResponseTo)) {
 						validationIssues.add(new SubjectConfirmationIssue(i, "SubjectConfirmationData has an invalid InResponseTo value"));;
-								continue;
-							}
+						continue;
+					}
 
-							
-							Node notOnOrAfter = subjectConfirmationDataNodes.item(c).getAttributes().getNamedItem("NotOnOrAfter");
+
+					Node notOnOrAfter = subjectConfirmationDataNodes.item(c).getAttributes().getNamedItem("NotOnOrAfter");
 					if (notOnOrAfter == null) {
 						validationIssues.add(new SubjectConfirmationIssue(i, "SubjectConfirmationData doesn't contain a NotOnOrAfter attribute"));
 						continue;
 					}
 
-								DateTime noa = Util.parseDateTime(notOnOrAfter.getNodeValue());
-								if (noa.isEqualNow() || noa.isBeforeNow()) {
+					DateTime noa = Util.parseDateTime(notOnOrAfter.getNodeValue());
+					if (noa.isEqualNow() || noa.isBeforeNow()) {
 						validationIssues.add(new SubjectConfirmationIssue(i, "SubjectConfirmationData is no longer valid"));
-									continue;
-								}
+						continue;
+					}
 
-							Node notBefore = subjectConfirmationDataNodes.item(c).getAttributes().getNamedItem("NotBefore");
-							if (notBefore != null) {
-								DateTime nb = Util.parseDateTime(notBefore.getNodeValue());
-								if (nb.isAfterNow()) {
+					Node notBefore = subjectConfirmationDataNodes.item(c).getAttributes().getNamedItem("NotBefore");
+					if (notBefore != null) {
+						DateTime nb = Util.parseDateTime(notBefore.getNodeValue());
+						if (nb.isAfterNow()) {
 							validationIssues.add(new SubjectConfirmationIssue(i, "SubjectConfirmationData is not yet valid"));
-									continue;
-								}
-							}
-							validSubjectConfirmation = true;
+							continue;
 						}
 					}
+					validSubjectConfirmation = true;
 				}
+			}
+		}
 
-				if (!validSubjectConfirmation) {
+		if (!validSubjectConfirmation) {
 			throw new Exception(SubjectConfirmationIssue.prettyPrintIssues(validationIssues));
 		}
 	}

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -1,4 +1,4 @@
-package com.onelogin.saml2;
+package com.onelogin.saml2.settings;
 
 import java.net.URL;
 import java.util.Calendar;
@@ -19,7 +19,6 @@
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 
-import com.onelogin.saml2.settings.Saml2Settings;
 import com.onelogin.saml2.model.Contact;
 import com.onelogin.saml2.model.Organization;
 import com.onelogin.saml2.util.Util;

…in/java/com/onelogin/saml2/Metadata.java …om/onelogin/saml2/settings/Metadata.javacore/src/main/java/com/onelogin/saml2/Metadata.java renamed to core/src/main/java/com/onelogin/saml2/settings/Metadata.java core/src/main/java/com/onelogin/saml2/Metadata.java renamed to core/src/main/java/com/onelogin/saml2/settings/Metadata.java

@@ -8,14 +8,11 @@
 import java.util.LinkedList;
 import java.util.List;
 
-import com.onelogin.saml2.authn.SamlResponse;
-import com.onelogin.saml2.logout.LogoutResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import com.onelogin.saml2.Metadata;
 import com.onelogin.saml2.model.Contact;
 import com.onelogin.saml2.model.Organization;
 import com.onelogin.saml2.util.Constants;
@@ -640,7 +637,7 @@ public void setSignatureAlgorithm(String signatureAlgorithm) {
 	/**
 	 * Controls if unsolicited Responses are rejected if they contain an InResponseTo value.
 	 *
-	 * If false using a validate method {@link SamlResponse#isValid(String)} with a null argument will
+	 * If false using a validate method {@link com.onelogin.saml2.authn.SamlResponse#isValid(String)} with a null argument will
 	 * accept messages with any (or none) InResponseTo value.
 	 *
 	 * If true using these methods with a null argument will only accept messages with no InRespoonseTo value,
@@ -912,4 +909,4 @@ public static List<String> validateMetadata(String metadataString) throws Except
 
 		return errors;
 	}
-}
+}