You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2008/12/11 22:36:30 UTC

svn commit: r725823 - /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java

Author: dkulp
Date: Thu Dec 11 13:36:30 2008
New Revision: 725823

URL: http://svn.apache.org/viewvc?rev=725823&view=rev
Log:
Start working on actually creating a real RequestSecurityToken request

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=725823&r1=725822&r2=725823&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Thu Dec 11 13:36:30 2008
@@ -19,13 +19,16 @@
 
 package org.apache.cxf.ws.security.trust;
 
-import java.io.StringReader;
 import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 
 import javax.xml.namespace.QName;
 import javax.xml.transform.dom.DOMSource;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusException;
 import org.apache.cxf.binding.BindingFactory;
@@ -40,7 +43,7 @@
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.endpoint.EndpointException;
 import org.apache.cxf.endpoint.EndpointImpl;
-import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.ServiceImpl;
 import org.apache.cxf.service.model.BindingInfo;
@@ -51,12 +54,19 @@
 import org.apache.cxf.service.model.MessagePartInfo;
 import org.apache.cxf.service.model.OperationInfo;
 import org.apache.cxf.service.model.ServiceInfo;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.transport.ConduitInitiator;
 import org.apache.cxf.transport.ConduitInitiatorManager;
+import org.apache.cxf.ws.policy.PolicyBuilder;
+import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
+import org.apache.cxf.ws.security.policy.model.Binding;
 import org.apache.cxf.ws.security.policy.model.Trust10;
 import org.apache.cxf.ws.security.policy.model.Trust13;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.WSSecurityUtil;
 
 /**
  * 
@@ -69,6 +79,10 @@
     String location;
     Policy policy;
     String soapVersion = SoapBindingConstants.SOAP11_BINDING_ID;
+    int keySize = 256;
+    Trust10 trust10;
+    Trust13 trust13;
+    AlgorithmSuite algorithmSuite;
     
     Map<String, Object> ctx = new HashMap<String, Object>();
     
@@ -87,6 +101,20 @@
     }
     public void setPolicy(Policy policy) {
         this.policy = policy;
+        if (algorithmSuite == null) {
+            Iterator i = policy.getAlternatives();
+            while (i.hasNext() && algorithmSuite == null) {
+                List<PolicyComponent> p = CastUtils.cast((List)i.next());
+                for (PolicyComponent p2 : p) {
+                    if (p2 instanceof Binding) {
+                        algorithmSuite = ((Binding)p2).getAlgorithmSuite();
+                    }
+                }
+            }
+        }
+    }
+    public void setPolicy(Element policy) {
+        setPolicy(bus.getExtension(PolicyBuilder.class).getPolicy(policy));
     }
     public void setSoap12() {
         soapVersion = SoapBindingConstants.SOAP12_BINDING_ID;
@@ -102,10 +130,13 @@
         }
     }
     public void setTrust(Trust10 trust) {
-        
+        trust10 = trust;
     }
     public void setTrust(Trust13 trust) {
-        
+        trust13 = trust;        
+    }
+    public void setAlgorithmSuite(AlgorithmSuite ag) {
+        algorithmSuite = ag;
     }
     
     public Map<String, Object> getRequestContext() {
@@ -180,31 +211,50 @@
     }
 
     public SecurityToken requestSecurityToken() throws Exception {
+        return requestSecurityToken(null);
+    }
+    public SecurityToken requestSecurityToken(String appliesTo) throws Exception {
         createClient();
         client.getRequestContext().putAll(ctx);
         
-        //TODO: create the DOM based on the Trust10/Trust13 tokens
-        String rqst = "<t:RequestSecurityToken " 
-            + "xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' "
-            + "xmlns:t='http://schemas.xmlsoap.org/ws/2005/02/trust'>\n"
-            + "<t:RequestType>"
-            + "http://schemas.xmlsoap.org/ws/2005/02/trust/Issue"
-            + "</t:RequestType>\n"
-            + "<t:Entropy>\n"
-            + "<t:BinarySecret u:Id='uuid-4acf589c-0076-4a83-8b66-5f29341514b7-3'"
-            + " Type='http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce'>"
-            + "Uv38QLxDQM9gLoDZ6OwYDiFk094nmwu3Wmay7EdKmhw=</t:BinarySecret>\n"
-            + "</t:Entropy>\n"
-            + "<t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>\n"
-            + "<t:KeySize>256</t:KeySize>\n"
-            + "<t:ComputedKeyAlgorithm>\n"
-            + "http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1"
-            + "</t:ComputedKeyAlgorithm>\n"
-            + "</t:RequestSecurityToken>\n";
-
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        String namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+        writer.writeStartElement(namespace, "RequestSecurityToken");
+        writer.writeStartElement(namespace, "RequestType");
+        writer.writeCharacters("http://schemas.xmlsoap.org/ws/2005/02/trust/Issue");
+        writer.writeEndElement();
+        if (appliesTo != null) {
+            //TODO: AppliesTo element? 
+        }
+        //TODO: Lifetime element?
+        writer.writeStartElement(namespace, "KeyType");
+        //TODO: Set the KeyType?
+        writer.writeCharacters(namespace + "/SymmetricKey");
+        writer.writeEndElement();
+        writer.writeStartElement(namespace, "KeySize");
+        writer.writeCharacters(Integer.toString(keySize));
+        writer.writeEndElement();
+        
+        
+        if ((trust10 != null && trust10.isRequireClientEntropy())
+            || (trust13 != null && trust13.isRequireClientEntropy())) {
+            writer.writeStartElement(namespace, "Entropy");
+            writer.writeStartElement(namespace, "BinarySecret");
+            writer.writeAttribute("Type", namespace + "/Nounce");
+            byte[] requestorEntropy =
+                WSSecurityUtil.generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8);
+            writer.writeCharacters(Base64.encode(requestorEntropy));
+
+            writer.writeEndElement();
+            writer.writeEndElement();
+            writer.writeStartElement(namespace, "ComputedKeyAlgorithm");
+            writer.writeCharacters(namespace + "/CK/PSHA1");
+            writer.writeEndElement();
+        }
+        writer.writeEndElement();
         
         client.invoke("RequestSecurityToken",
-                      new DOMSource(DOMUtils.readXml(new StringReader(rqst)).getDocumentElement()));
+                      new DOMSource(writer.getDocument().getDocumentElement()));
         return null;
     }