You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/09/07 15:26:58 UTC
svn commit: r441084 - in /webservices/axis2/trunk/java/modules:
rahas/src/org/apache/rahas/ rahas/src/org/apache/rahas/impl/
security/src/org/apache/rampart/
security/src/org/apache/rampart/conversation/
security/src/org/apache/rampart/util/
Author: ruchithf
Date: Thu Sep 7 06:26:57 2006
New Revision: 441084
URL: http://svn.apache.org/viewvc?view=rev&rev=441084
Log:
- Updated Rahas and Rampart to match the latest changes in WSS4J
- Updated MessageBuilder to use STSClient in handling Issuedtoken and SecureConversationToken assertions
- Updated RampartMessageData with keys to hold on to service policy, sts policy and the sts address in the message context
IMPORTANT: Requires latest WSS4J - 441080
Modified:
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/Util.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java Thu Sep 7 06:26:57 2006
@@ -89,20 +89,6 @@
public final static String RSTR_ACTON_SCT = "/RSTR/SCT";
- public class V_05_02 {
-
- //Token types
- public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
-
- }
-
- public class V_05_12 {
-
- //Token types
- public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/12/sc/sct";
-
- }
-
//Token types
public final static String TOK_TYPE_SAML_10="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java Thu Sep 7 06:26:57 2006
@@ -209,12 +209,17 @@
public static OMElement createKeyTypeElement(
int version, OMElement parent, String type) throws TrustException {
String ns = getWSTNamespace(version);
- OMElement ktelem = createOMElement(parent, ns,
+ OMElement ktElem = createOMElement(parent, ns,
RahasConstants.KEY_TYPE_LN,
RahasConstants.WST_PREFIX);
-
- ktelem.setText(ns + type);
- return ktelem;
+ if(RahasConstants.KEY_TYPE_BEARER.equals(type) ||
+ RahasConstants.KEY_TYPE_PUBLIC_KEY.equals(type) ||
+ RahasConstants.KEY_TYPE_SYMM_KEY.equals(type)) {
+ ktElem.setText(ns + type);
+ } else {
+ ktElem.setText(type);
+ }
+ return ktElem;
}
public static OMElement createLifetimeElement(
@@ -321,13 +326,13 @@
}
}
- public static int getWSTVersion(String ns) {
+ public static int getWSTVersion(String ns) throws TrustException {
if(RahasConstants.WST_NS_05_02.equals(ns)) {
return RahasConstants.VERSION_05_02;
} else if(RahasConstants.WST_NS_05_12.equals(ns)) {
return RahasConstants.VERSION_05_12;
} else {
- return -1;
+ throw new TrustException("unsupportedWSTVersion");
}
}
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java Thu Sep 7 06:26:57 2006
@@ -33,6 +33,7 @@
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Base64;
@@ -348,6 +349,10 @@
//Extract the Encryptedkey DOM element
encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
} catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { serviceCert.getSubjectDN().getName()}, e);
+ } catch (ConversationException e) {
throw new TrustException(
"errorInBuildingTheEncryptedKeyForPrincipal",
new String[] { serviceCert.getSubjectDN().getName()}, e);
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java Thu Sep 7 06:26:57 2006
@@ -30,6 +30,8 @@
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -117,167 +119,177 @@
private SOAPEnvelope doBinarySecret(SCTIssuerConfig config, RahasData data)
throws TrustException {
- SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
- int wstVersion = data.getVersion();
-
- // Get the document
- Document doc = ((Element) env).getOwnerDocument();
-
- SecurityContextToken sct = new SecurityContextToken(doc);
-
- OMElement rstrElem = TrustUtil
- .createRequestSecurityTokenResponseElement(wstVersion, env
- .getBody());
-
- OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(
- wstVersion, rstrElem);
-
- rstElem.addChild((OMElement) sct.getElement());
-
- if (config.addRequestedAttachedRef) {
- if (wstVersion == RahasConstants.VERSION_05_02) {
- TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
- + sct.getID(), RahasConstants.V_05_02.TOK_TYPE_SCT);
- } else {
- TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
- + sct.getID(), RahasConstants.V_05_12.TOK_TYPE_SCT);
+ try {
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
+ int wstVersion = data.getVersion();
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ SecurityContextToken sct = new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
+
+ OMElement rstrElem = TrustUtil
+ .createRequestSecurityTokenResponseElement(wstVersion, env
+ .getBody());
+
+ OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(
+ wstVersion, rstrElem);
+
+ rstElem.addChild((OMElement) sct.getElement());
+
+ String tokenType = data.getTokenType();
+
+ if (config.addRequestedAttachedRef) {
+ if (wstVersion == RahasConstants.VERSION_05_02) {
+ TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+ + sct.getID(), tokenType);
+ } else {
+ TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+ + sct.getID(), tokenType);
+ }
}
- }
-
- if (config.addRequestedUnattachedRef) {
- if (wstVersion == RahasConstants.VERSION_05_02) {
- TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
- sct.getIdentifier(),
- RahasConstants.V_05_02.TOK_TYPE_SCT);
- } else {
- TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
- sct.getIdentifier(),
- RahasConstants.V_05_12.TOK_TYPE_SCT);
+
+ if (config.addRequestedUnattachedRef) {
+ if (wstVersion == RahasConstants.VERSION_05_02) {
+ TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+ sct.getIdentifier(),
+ tokenType);
+ } else {
+ TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+ sct.getIdentifier(),
+ tokenType);
+ }
}
+
+ OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
+ wstVersion, rstrElem);
+
+ OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+ reqProofTok, null);
+
+ byte[] secret = this.generateEphemeralKey();
+ binSecElem.setText(Base64.encode(secret));
+
+ //Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ // Store the tokens
+ Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
+ .getElement(), creationTime, expirationTime);
+ sctToken.setSecret(secret);
+ TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
+
+ return env;
+ } catch (ConversationException e) {
+ throw new TrustException(e.getMessage(), e);
}
-
- OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
- wstVersion, rstrElem);
-
- OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
- reqProofTok, null);
-
- byte[] secret = this.generateEphemeralKey();
- binSecElem.setText(Base64.encode(secret));
-
- //Creation and expiration times
- Date creationTime = new Date();
- Date expirationTime = new Date();
-
- expirationTime.setTime(creationTime.getTime() + config.ttl);
-
-
- // Use GMT time in milliseconds
- DateFormat zulu = new XmlSchemaDateFormat();
-
- // Add the Lifetime element
- TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
- .format(creationTime), zulu.format(expirationTime));
-
- // Store the tokens
- Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
- .getElement(), creationTime, expirationTime);
- sctToken.setSecret(secret);
- TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
-
- return env;
}
private SOAPEnvelope doEncryptedKey(SCTIssuerConfig config, RahasData data)
throws TrustException {
- int wstVersion = data.getVersion();
-
- SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
- // Get the document
- Document doc = ((Element) env).getOwnerDocument();
-
- WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- data.getInMessageContext().getAxisService().getClassLoader());
-
- encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
try {
- encrKeyBuilder.setUseThisCert(data.getClientCert());
- encrKeyBuilder.prepare(doc, crypto);
- } catch (WSSecurityException e) {
- throw new TrustException(
- "errorInBuildingTheEncryptedKeyForPrincipal",
- new String[] { data.getClientCert().getSubjectDN()
- .getName() });
- }
-
- SecurityContextToken sct = new SecurityContextToken(doc);
-
- OMElement rstrElem = TrustUtil
- .createRequestSecurityTokenResponseElement(wstVersion, env
- .getBody());
-
- OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(
- wstVersion, rstrElem);
-
- rstElem.addChild((OMElement) sct.getElement());
-
- if (config.addRequestedAttachedRef) {
- if (wstVersion == RahasConstants.VERSION_05_02) {
- TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
- + sct.getID(), RahasConstants.V_05_02.TOK_TYPE_SCT);
- } else {
- TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
- + sct.getID(), RahasConstants.V_05_12.TOK_TYPE_SCT);
+ int wstVersion = data.getVersion();
+
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ data.getInMessageContext().getAxisService().getClassLoader());
+
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ try {
+ encrKeyBuilder.setUseThisCert(data.getClientCert());
+ encrKeyBuilder.prepare(doc, crypto);
+ } catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { data.getClientCert().getSubjectDN()
+ .getName() });
}
- }
-
- if (config.addRequestedUnattachedRef) {
- if (wstVersion == RahasConstants.VERSION_05_02) {
- TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
- sct.getIdentifier(),
- RahasConstants.V_05_02.TOK_TYPE_SCT);
- } else {
- TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
- sct.getIdentifier(),
- RahasConstants.V_05_12.TOK_TYPE_SCT);
+
+ SecurityContextToken sct = new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
+
+ OMElement rstrElem = TrustUtil
+ .createRequestSecurityTokenResponseElement(wstVersion, env
+ .getBody());
+
+ OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(
+ wstVersion, rstrElem);
+
+ rstElem.addChild((OMElement) sct.getElement());
+
+ String tokenType = data.getTokenType();
+
+ if (config.addRequestedAttachedRef) {
+ if (wstVersion == RahasConstants.VERSION_05_02) {
+ TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+ + sct.getID(), tokenType);
+ } else {
+ TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+ + sct.getID(), tokenType);
+ }
}
+
+ if (config.addRequestedUnattachedRef) {
+ if (wstVersion == RahasConstants.VERSION_05_02) {
+ TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+ sct.getIdentifier(), tokenType);
+ } else {
+ TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+ sct.getIdentifier(), tokenType);
+ }
+ }
+
+ //Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+
+ OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
+ wstVersion, rstrElem);
+
+ if (bstElem != null) {
+ reqProofTok.addChild((OMElement) bstElem);
+ }
+
+ reqProofTok.addChild((OMElement) encryptedKeyElem);
+
+
+ // Store the tokens
+ Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
+ .getElement(), creationTime, expirationTime);
+ sctToken.setSecret(encrKeyBuilder.getEphemeralKey());
+ TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
+
+ return env;
+ } catch (ConversationException e) {
+ throw new TrustException(e.getMessage(), e);
}
-
- //Creation and expiration times
- Date creationTime = new Date();
- Date expirationTime = new Date();
-
- expirationTime.setTime(creationTime.getTime() + config.ttl);
-
- // Use GMT time in milliseconds
- DateFormat zulu = new XmlSchemaDateFormat();
-
- // Add the Lifetime element
- TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
- .format(creationTime), zulu.format(expirationTime));
-
- Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
- Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
-
- OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
- wstVersion, rstrElem);
-
- if (bstElem != null) {
- reqProofTok.addChild((OMElement) bstElem);
- }
-
- reqProofTok.addChild((OMElement) encryptedKeyElem);
-
-
- // Store the tokens
- Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
- .getElement(), creationTime, expirationTime);
- sctToken.setSecret(encrKeyBuilder.getEphemeralKey());
- TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
-
- return env;
}
public String getResponseAction(RahasData data) throws TrustException {
@@ -319,4 +331,19 @@
this.configParamName = configParamName;
}
+ private int getWSCVersion(String tokenTypeValue) throws ConversationException {
+
+ if(tokenTypeValue == null) {
+ return ConversationConstants.DEFAULT_VERSION;
+ }
+
+ if(tokenTypeValue != null && tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_02)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
+ } else if(tokenTypeValue != null && tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_12)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
+ } else {
+ throw new ConversationException("unsupportedSecConvVersion");
+ }
+ }
+
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java Thu Sep 7 06:26:57 2006
@@ -22,20 +22,28 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
import org.apache.rampart.builder.TimestampBuilder;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
+import javax.security.auth.callback.CallbackHandler;
+
import java.util.Iterator;
public class MessageBuilder {
@@ -87,22 +95,131 @@
if(sigTok instanceof IssuedToken) {
if(rmd.getIssuedSignatureTokenId() == null) {
- //TODO: Obtain the Token
+ IssuedToken issuedToken = (IssuedToken)sigTok;
+
+ try {
+ STSClient client = new STSClient(rmd.getMsgContext()
+ .getConfigurationContext());
+
+ // Set request action
+ client.setAction(TrustUtil.getActionValue(rmd
+ .getWstVersion(),
+ RahasConstants.RST_ACTON_ISSUE));
+
+ client.setRstTemplate(issuedToken.getRstTemplate());
+
+ // Set crypto information
+ Crypto crypto = RampartUtil.getSignatureCrypto(rmd
+ .getPolicyData().getRampartConfig());
+ CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
+ client.setCryptoInfo(crypto, cbh);
+
+ // Get service policy
+ Policy servicePolicy = (Policy) msgCtx
+ .getProperty(RampartMessageData.KEY_SERVICE_POLICY);
+
+ // Get STS policy
+ Policy stsPolicy = (Policy) msgCtx
+ .getProperty(RampartMessageData.KEY_ISSUER_POLICY);
+
+ // Get service epr
+ String servceEprAddress = rmd.getMsgContext()
+ .getOptions().getTo().getAddress();
+ // Get sts epr
+ String issuerEprAddress = RampartUtil
+ .processIssuerAddress(issuedToken
+ .getIssuerEpr());
+
+ // Request type
+ String reqType = TrustUtil.getWSTNamespace(rmd
+ .getWstVersion())
+ + RahasConstants.REQ_TYPE_ISSUE;
+
+ //Make the request
+ org.apache.rahas.Token rst =
+ client.requestSecurityToken(servicePolicy,
+ issuerEprAddress,
+ stsPolicy,
+ reqType,
+ servceEprAddress);
+
+ //Set the token ID
+ rmd.setIssuedSignatureTokenId(rst.getId());
+
+ //Add the token to token storage
+ rmd.getTokenStorage().add(rst);
+
+ } catch (TrustException e) {
+ throw new RampartException(e.getMessage(), e);
+ }
+
}
} else if(sigTok instanceof SecureConversationToken) {
if(rmd.getSecConvTokenId() == null) {
- OMElement elem = ((SecureConversationToken) sigTok)
- .getIssuerEpr();
+ SecureConversationToken secConvTok =
+ (SecureConversationToken) sigTok;
- String issuerAddress = this.extractIssuerAddress(elem);
- issuerAddress = (issuerAddress != null) ? issuerAddress
- : msgCtx.getOptions().getTo().getAddress();
-
-// String id = STSClient.getSct(rmd, issuerAddress,
-// ((SecureConversationToken) sigTok)
-// .getBootstrapPolicy());
+ try {
+ STSClient client = new STSClient(rmd.getMsgContext()
+ .getConfigurationContext());
+
+ // Set request action
+ client.setAction(TrustUtil.getActionValue(
+ rmd.getWstVersion(),
+ RahasConstants.RST_ACTON_ISSUE));
+
+ //Find SC version
+ int conversationVersion = 1;
+
+ client.setRstTemplate(RampartUtil.createRSTTempalteForSCT(conversationVersion, rmd.getWstVersion()));
+
+ // Set crypto information
+ Crypto crypto = RampartUtil.getSignatureCrypto(rmd
+ .getPolicyData().getRampartConfig());
+ CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
+ client.setCryptoInfo(crypto, cbh);
+
+ // Get service policy
+ Policy servicePolicy = (Policy) msgCtx
+ .getProperty(RampartMessageData.KEY_SERVICE_POLICY);
+
+ // Get STS policy
+ Policy stsPolicy = (Policy) msgCtx
+ .getProperty(RampartMessageData.KEY_ISSUER_POLICY);
+
+ // Get service epr
+ String servceEprAddress = rmd.getMsgContext()
+ .getOptions().getTo().getAddress();
+
+ // Get sts epr
+ String issuerEprAddress = RampartUtil
+ .processIssuerAddress(secConvTok.getIssuerEpr());
+
+ // Request type
+ String reqType = TrustUtil.getWSTNamespace(rmd
+ .getWstVersion())
+ + RahasConstants.REQ_TYPE_ISSUE;
+
+ //Make the request
+ org.apache.rahas.Token rst =
+ client.requestSecurityToken(servicePolicy,
+ issuerEprAddress,
+ stsPolicy,
+ reqType,
+ servceEprAddress);
+
+ //Set the token ID
+ rmd.setIssuedSignatureTokenId(rst.getId());
+
+ //Add the token to token storage
+ rmd.getTokenStorage().add(rst);
+
+ } catch (TrustException e) {
+ throw new RampartException(e.getMessage(), e);
+ }
+
}
}
} else if(!rpd.isSymmetricBinding() && !rpd.isTransportBinding()) {
@@ -112,19 +229,6 @@
//TODO: Handle transport binding
}
- }
-
- /**
- * @param elem
- * @return
- */
- private String extractIssuerAddress(OMElement elem) {
- //Assuming the element is a wsa:Address element
- if(elem == null) {
- return null;
- }
-
- return elem.getText().trim();
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java Thu Sep 7 06:26:57 2006
@@ -21,12 +21,28 @@
import org.apache.rahas.TokenStorage;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.message.WSSecHeader;
import org.w3c.dom.Document;
import java.util.Vector;
public class RampartMessageData {
+
+ /**
+ * Key to hold the address of the issuer in the msg ctx.
+ */
+ public final static String KEY_ISSUER_ADDRESS = "issuerAddress";
+
+ /**
+ * Key to hold the issuer policy
+ */
+ public final static String KEY_ISSUER_POLICY = "issuerPolicy";
+
+ /**
+ * Key to hold the service policy
+ */
+ public static final String KEY_SERVICE_POLICY = "servicePolicy";
private MessageContext msgContext = null;
@@ -58,6 +74,8 @@
private int wstVersion = RahasConstants.VERSION_05_02;
+ private int secConvVersion = ConversationConstants.DEFAULT_VERSION;
+
/*
* IssuedTokens or SecurityContextTokens can be used
* as the encryption token, signature token,
@@ -273,6 +291,13 @@
*/
public void setWstVersion(int wstVerion) {
this.wstVersion = wstVerion;
+ }
+
+ /**
+ * @return Returns the secConvVersion.
+ */
+ public int getSecConvVersion() {
+ return secConvVersion;
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java Thu Sep 7 06:26:57 2006
@@ -33,6 +33,7 @@
import org.apache.rampart.RampartException;
import org.apache.rampart.handler.WSSHandlerConstants;
import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
@@ -84,12 +85,7 @@
OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(config.getWstVersion());
OMElement reqTypeElem = TrustUtil.createRequestTypeElement(config.getWstVersion(), rstElem, RahasConstants.REQ_TYPE_ISSUE);
OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(config.getWstVersion(), rstElem);
-
- if(config.getWstVersion() == RahasConstants.VERSION_05_02) {
- tokenTypeElem.setText(RahasConstants.V_05_02.TOK_TYPE_SCT);
- } else {
- tokenTypeElem.setText(RahasConstants.V_05_12.TOK_TYPE_SCT);
- }
+ tokenTypeElem.setText(ConversationConstants.getWSCNs(ConversationConstants.DEFAULT_VERSION) + ConversationConstants.TOKEN_TYPE_SECURITY_CONTEXT_TOKEN);
if(config.isProvideEntropy()) {
//TODO Option to get the nonce lenght and
@@ -118,7 +114,8 @@
} catch (Exception e) {
e.printStackTrace();
- throw new RampartException(e.getMessage());
+ throw new RampartException("errorInObtainingSct",
+ new String[] { config.getStsEPRAddress() }, e);
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/Util.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/Util.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/Util.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/Util.java Thu Sep 7 06:26:57 2006
@@ -91,8 +91,7 @@
}
Token token = null;
if (rstElem != null) {
- OMElement sctElem = rstElem
- .getFirstChildWithName(SecurityContextToken.TOKEN);
+ OMElement sctElem = rstElem.getFirstElement();
if (sctElem != null) {
SecurityContextToken sct = new SecurityContextToken(
(Element) sctElem);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java?view=diff&rev=441084&r1=441083&r2=441084
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java Thu Sep 7 06:26:57 2006
@@ -16,12 +16,20 @@
package org.apache.rampart.util;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
@@ -218,4 +226,47 @@
}
}
+ /**
+ * Process a give issuer address element and return the address.
+ * @param issuerAddress
+ * @return
+ * @throws RampartException If the issuer address element is malformed.
+ */
+ public static String processIssuerAddress(OMElement issuerAddress)
+ throws RampartException {
+ if(issuerAddress != null && issuerAddress.getText() != null &&
+ !"".equals(issuerAddress.getText())) {
+ return issuerAddress.getText().trim();
+ } else {
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { issuerAddress.toString() });
+ }
+ }
+
+
+ public static OMElement createRSTTempalteForSCT(int conversationVersion,
+ int wstVersion) throws RampartException {
+ try {
+ log.debug("Creating RSTTemplate for an SCT request");
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+
+ OMNamespace wspNs = fac.createOMNamespace(Constants.SP_NS, "wsp");
+ OMElement rstTempl = fac.createOMElement(
+ Constants.REQUEST_SECURITY_TOKEN_TEMPLATE.getLocalPart(),
+ wspNs);
+
+ //Create TokenType element and set the value
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(
+ wstVersion, rstTempl);
+ tokenTypeElem.setText(getConversationNs(conversationVersion) + "/sct");
+
+ return rstTempl;
+ } catch (TrustException e) {
+ throw new RampartException(e.getMessage(), e);
+ }
+ }
+
+ public static String getConversationNs(int version) {
+ return null;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org