You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by az...@apache.org on 2006/09/20 10:57:32 UTC
svn commit: r448128 - in
/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas:
RahasConstants.java TrustUtil.java impl/SAMLTokenIssuer.java
impl/SCTIssuer.java
Author: azeez
Date: Wed Sep 20 01:57:31 2006
New Revision: 448128
URL: http://svn.apache.org/viewvc?view=rev&rev=448128
Log:
Extra condition check added by Ruchith to SAMLTokenIssuer.java
Modified:
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java?view=diff&rev=448128&r1=448127&r2=448128
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java Wed Sep 20 01:57:31 2006
@@ -98,7 +98,7 @@
public static final String RSTR_ACTON_VALIDATE = "/RSTR" + REQ_TYPE_VALIDATE;
public static final String RSTR_ACTON_RENEW = "/RSTR" + REQ_TYPE_RENEW;
public static final String RSTR_ACTION_CANCEL = "/RSTR" + REQ_TYPE_CANCEL;
- public static final String RSTR_ACTON_SCT = "/RSTR/SCT";
+ public static final String RSTR_ACTION_SCT = "/RSTR/SCT";
//Token types
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java?view=diff&rev=448128&r1=448127&r2=448128
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java Wed Sep 20 01:57:31 2006
@@ -326,7 +326,7 @@
RahasConstants.RSTR_ACTION_CANCEL.equals(action) ||
RahasConstants.RSTR_ACTON_RENEW.equals(action) ||
RahasConstants.RSTR_ACTON_VALIDATE.equals(action) ||
- RahasConstants.RSTR_ACTON_SCT.equals(action)) {
+ RahasConstants.RSTR_ACTION_SCT.equals(action)) {
return getWSTNamespace(version) + action;
}
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java?view=diff&rev=448128&r1=448127&r2=448128
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java Wed Sep 20 01:57:31 2006
@@ -219,11 +219,12 @@
}
- if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY) &&
+ config.keyComputation != SAMLTokenIssuerConfig.KEY_COMP_USE_REQ_ENT) {
//Add the RequestedProofToken
- OMElement reqProofTokElem = TrustUtil.createRequestedProofTokenElement(
- version, rstrElem);
+ OMElement reqProofTokElem =
+ TrustUtil.createRequestedProofTokenElement(version, rstrElem);
if (config.keyComputation == SAMLTokenIssuerConfig.KEY_COMP_PROVIDE_ENT
&& data.getRequestEntropy() != null) {
@@ -253,7 +254,7 @@
}
}
- // Unet the DOM impl to DOOM
+ // Unset the DOM impl to default
DocumentBuilderFactoryImpl.setDOOMRequired(false);
return env;
@@ -261,8 +262,11 @@
private SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig config,
- Document doc, Crypto crypto, Date creationTime,
- Date expirationTime, RahasData data) throws TrustException {
+ Document doc,
+ Crypto crypto,
+ Date creationTime,
+ Date expirationTime,
+ RahasData data) throws TrustException {
try {
Principal principal = data.getPrincipal();
// In the case where the principal is a UT
@@ -284,8 +288,11 @@
}
private SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig config,
- Document doc, Crypto crypto, Date creationTime,
- Date expirationTime, RahasData data) throws TrustException {
+ Document doc,
+ Crypto crypto,
+ Date creationTime,
+ Date expirationTime,
+ RahasData data) throws TrustException {
if (data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
@@ -315,17 +322,18 @@
boolean reqEntrPresent = data.getRequestEntropy() != null;
- if (reqEntrPresent && config.keyComputation != SAMLTokenIssuerConfig.KEY_COMP_USE_OWN_KEY)
- {
- //If there's no requestor entropy and if the issuer is not
+ if (reqEntrPresent &&
+ config.keyComputation != SAMLTokenIssuerConfig.KEY_COMP_USE_OWN_KEY) {
+ //If there is requestor entropy and if the issuer is not
//configured to use its own key
if (config.keyComputation == SAMLTokenIssuerConfig.KEY_COMP_PROVIDE_ENT) {
data.setResponseEntropy(WSSecurityUtil.generateNonce(config.keySize / 8));
P_SHA1 p_sha1 = new P_SHA1();
- encrKeyBuilder.setEphemeralKey(p_sha1.createKey(data
- .getRequestEntropy(),
- data.getResponseEntropy(), 0, keysize / 8));
+ encrKeyBuilder.setEphemeralKey(p_sha1.createKey(data.getRequestEntropy(),
+ data.getResponseEntropy(),
+ 0,
+ keysize / 8));
} else {
//If we reach this its expected to use the requestor's
//entropy
@@ -348,20 +356,20 @@
//Extract the Encryptedkey DOM element
encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
} catch (WSSecurityException e) {
- throw new TrustException(
- "errorInBuildingTheEncryptedKeyForPrincipal",
- new String[]{serviceCert.getSubjectDN().getName()}, e);
+ throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[]{serviceCert.getSubjectDN().getName()}, e);
} catch (ConversationException e) {
- throw new TrustException(
- "errorInBuildingTheEncryptedKeyForPrincipal",
- new String[]{serviceCert.getSubjectDN().getName()}, e);
+ throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[]{serviceCert.getSubjectDN().getName()}, e);
}
return this.createAttributeAssertion(doc, encryptedKeyElem,
config, crypto, creationTime, expirationTime);
} else {
try {
String subjectNameId = data.getPrincipal().getName();
- SAMLNameIdentifier nameId = new SAMLNameIdentifier(subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+ SAMLNameIdentifier nameId = new SAMLNameIdentifier(subjectNameId,
+ null,
+ SAMLNameIdentifier.FORMAT_EMAIL);
//Create the ds:KeyValue element with the ds:X509Data
byte[] clientCertBytes = data.getClientCert().getEncoded();
@@ -375,7 +383,14 @@
Element keyValueElem = doc.createElementNS(WSConstants.SIG_NS, "KeyValue");
keyValueElem.appendChild(x509DataElem);
- return this.createAuthAssertion(doc, SAMLSubject.CONF_HOLDER_KEY, nameId, keyValueElem, config, crypto, creationTime, expirationTime);
+ return this.createAuthAssertion(doc,
+ SAMLSubject.CONF_HOLDER_KEY,
+ nameId,
+ keyValueElem,
+ config,
+ crypto,
+ creationTime,
+ expirationTime);
} catch (SAMLException e) {
throw new TrustException("samlAssertionCreationError", e);
} catch (CertificateEncodingException e) {
@@ -450,14 +465,20 @@
SAMLAttribute attribute = new SAMLAttribute("Name",
"https://rahas.apache.org/saml/attrns",
- null, -1, Arrays.asList(new String[]{"Colombo/Rahas"}));
+ null,
+ -1,
+ Arrays.asList(new String[]{"Colombo/Rahas"}));
SAMLAttributeStatement attrStmt = new SAMLAttributeStatement(
subject, Arrays.asList(new SAMLAttribute[]{attribute}));
SAMLStatement[] statements = {attrStmt};
- SAMLAssertion assertion = new SAMLAssertion(config.issuerName, notBefore,
- notAfter, null, null, Arrays.asList(statements));
+ SAMLAssertion assertion = new SAMLAssertion(config.issuerName,
+ notBefore,
+ notAfter,
+ null,
+ null,
+ Arrays.asList(statements));
//sign the assertion
X509Certificate[] issuerCerts =
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java?view=diff&rev=448128&r1=448127&r2=448128
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java Wed Sep 20 01:57:31 2006
@@ -57,7 +57,7 @@
private String configParamName;
/**
- * Issue a SecuritycontextToken based on the wsse:Signature or
+ * Issue a {@link SecurityContextToken} based on the wsse:Signature or
* wsse:UsernameToken
*
* This will support returning the SecurityContextToken with the following
@@ -288,7 +288,7 @@
}
public String getResponseAction(RahasData data) throws TrustException {
- return TrustUtil.getActionValue(data.getVersion(), RahasConstants.RSTR_ACTON_SCT);
+ return TrustUtil.getActionValue(data.getVersion(), RahasConstants.RSTR_ACTION_SCT);
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org