You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2011/10/20 18:38:03 UTC
svn commit: r1186905 [3/6] - in /cxf/trunk:
rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/
rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/
rt/transports/jms/src/test/java/org/apache/cxf/transport/jms/
rt/ws/policy/src/mai...
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java Thu Oct 20 16:37:54 2011
@@ -1,429 +1,429 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.request.KeyRequirements;
-import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.sts.token.realm.SAMLRealm;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.SAMLParms;
-import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-
-/**
- * A TokenProvider implementation that provides a SAML Token.
- */
-public class SAMLTokenProvider implements TokenProvider {
-
- private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenProvider.class);
-
- private List<AttributeStatementProvider> attributeStatementProviders;
- private List<AuthenticationStatementProvider> authenticationStatementProviders;
- private List<AuthDecisionStatementProvider> authenticationDecisionStatementProviders;
- private SubjectProvider subjectProvider = new DefaultSubjectProvider();
- private ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
- private boolean signToken = true;
- private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
-
- /**
- * Return true if this TokenProvider implementation is capable of providing a token
- * that corresponds to the given TokenType.
- */
- public boolean canHandleToken(String tokenType) {
- return canHandleToken(tokenType, null);
- }
-
- /**
- * Return true if this TokenProvider implementation is capable of providing a token
- * that corresponds to the given TokenType in a given realm.
- */
- public boolean canHandleToken(String tokenType, String realm) {
- if (realm != null && !realmMap.containsKey(realm)) {
- return false;
- }
- if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)
- || WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) {
- return true;
- }
- return false;
- }
-
- /**
- * Create a token given a TokenProviderParameters
- */
- public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
- testKeyType(tokenParameters);
- byte[] secret = null;
- byte[] entropyBytes = null;
- long keySize = 0;
- boolean computedKey = false;
- KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
- TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
- LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
-
- if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyRequirements.getKeyType())) {
- SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
- keyHandler.createSymmetricKey();
- secret = keyHandler.getSecret();
- entropyBytes = keyHandler.getEntropyBytes();
- keySize = keyHandler.getKeySize();
- computedKey = keyHandler.isComputedKey();
- }
-
- try {
- Document doc = DOMUtils.createDocument();
- AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
- Element token = assertion.toDOM(doc);
-
- // set the token in cache
- if (tokenParameters.getTokenStore() != null) {
- SecurityToken securityToken = new SecurityToken(assertion.getId());
- securityToken.setToken(token);
- securityToken.setPrincipal(tokenParameters.getPrincipal());
- int hash = 0;
- byte[] signatureValue = assertion.getSignatureValue();
- if (signatureValue != null && signatureValue.length > 0) {
- hash = Arrays.hashCode(signatureValue);
- securityToken.setAssociatedHash(hash);
- }
- if (tokenParameters.getRealm() != null) {
- Properties props = securityToken.getProperties();
- if (props == null) {
- props = new Properties();
- }
- props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
- securityToken.setProperties(props);
- }
- Integer timeToLive = (int)(conditionsProvider.getLifetime() * 1000);
- tokenParameters.getTokenStore().add(securityToken, timeToLive);
- }
-
- TokenProviderResponse response = new TokenProviderResponse();
- response.setToken(token);
- String tokenType = tokenRequirements.getTokenType();
- if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
- || WSConstants.SAML2_NS.equals(tokenType)) {
- response.setTokenId(token.getAttribute("ID"));
- } else {
- response.setTokenId(token.getAttribute("AssertionID"));
- }
- response.setLifetime(conditionsProvider.getLifetime());
- response.setEntropy(entropyBytes);
- if (keySize > 0) {
- response.setKeySize(keySize);
- }
- response.setComputedKey(computedKey);
-
- return response;
- } catch (Exception e) {
- LOG.log(Level.WARNING, "", e);
- throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
- }
- }
-
- /**
- * Set the List of AttributeStatementProviders.
- */
- public void setAttributeStatementProviders(
- List<AttributeStatementProvider> attributeStatementProviders
- ) {
- this.attributeStatementProviders = attributeStatementProviders;
- }
-
- /**
- * Get the List of AttributeStatementProviders.
- */
- public List<AttributeStatementProvider> getAttributeStatementProviders() {
- return attributeStatementProviders;
- }
-
- /**
- * Set the List of AuthenticationStatementProviders.
- */
- public void setAuthenticationStatementProviders(
- List<AuthenticationStatementProvider> authnStatementProviders
- ) {
- this.authenticationStatementProviders = authnStatementProviders;
- }
-
- /**
- * Get the List of AuthenticationStatementProviders.
- */
- public List<AuthenticationStatementProvider> getAuthenticationStatementProviders() {
- return authenticationStatementProviders;
- }
-
- /**
- * Set the List of AuthDecisionStatementProviders.
- */
- public void setAuthDecisionStatementProviders(
- List<AuthDecisionStatementProvider> authDecisionStatementProviders
- ) {
- this.authenticationDecisionStatementProviders = authDecisionStatementProviders;
- }
-
- /**
- * Get the List of AuthDecisionStatementProviders.
- */
- public List<AuthDecisionStatementProvider> getAuthDecisionStatementProviders() {
- return authenticationDecisionStatementProviders;
- }
-
- /**
- * Set the SubjectProvider.
- */
- public void setSubjectProvider(SubjectProvider subjectProvider) {
- this.subjectProvider = subjectProvider;
- }
-
- /**
- * Get the SubjectProvider.
- */
- public SubjectProvider getSubjectProvider() {
- return subjectProvider;
- }
-
- /**
- * Set the ConditionsProvider
- */
- public void setConditionsProvider(ConditionsProvider conditionsProvider) {
- this.conditionsProvider = conditionsProvider;
- }
-
- /**
- * Get the ConditionsProvider
- */
- public ConditionsProvider getConditionsProvider() {
- return conditionsProvider;
- }
-
- /**
- * Return whether the provided token will be signed or not. Default is true.
- */
- public boolean isSignToken() {
- return signToken;
- }
-
- /**
- * Set whether the provided token will be signed or not. Default is true.
- */
- public void setSignToken(boolean signToken) {
- this.signToken = signToken;
- }
-
- /**
- * Set the map of realm->SAMLRealm for this token provider
- * @param realms the map of realm->SAMLRealm for this token provider
- */
- public void setRealmMap(Map<String, SAMLRealm> realms) {
- this.realmMap = realms;
- }
-
- /**
- * Get the map of realm->SAMLRealm for this token provider
- * @return the map of realm->SAMLRealm for this token provider
- */
- public Map<String, SAMLRealm> getRealmMap() {
- return realmMap;
- }
-
- private AssertionWrapper createSamlToken(
- TokenProviderParameters tokenParameters, byte[] secret, Document doc
- ) throws Exception {
- String realm = tokenParameters.getRealm();
- SAMLRealm samlRealm = null;
- if (realm != null && realmMap.containsKey(realm)) {
- samlRealm = realmMap.get(realm);
- }
-
- SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, samlRealm, doc);
-
- SAMLParms samlParms = new SAMLParms();
- samlParms.setCallbackHandler(handler);
- AssertionWrapper assertion = new AssertionWrapper(samlParms);
-
- if (signToken) {
- STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-
- String alias = null;
- if (samlRealm != null) {
- alias = samlRealm.getSignatureAlias();
- }
- if (alias == null || "".equals(alias)) {
- alias = stsProperties.getSignatureUsername();
- }
- if (alias == null || "".equals(alias)) {
- Crypto signatureCrypto = stsProperties.getSignatureCrypto();
- if (signatureCrypto != null) {
- alias = signatureCrypto.getDefaultX509Identifier();
- LOG.fine("Signature alias is null so using default alias: " + alias);
- }
- }
- // Get the password
- WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
- LOG.fine("Creating SAML Token");
- stsProperties.getCallbackHandler().handle(cb);
- String password = cb[0].getPassword();
-
- LOG.fine("Signing SAML Token");
- boolean useKeyValue = stsProperties.getSignatureProperties().isUseKeyValue();
- assertion.signAssertion(alias, password, stsProperties.getSignatureCrypto(), useKeyValue);
- }
-
- return assertion;
- }
-
- public SamlCallbackHandler createCallbackHandler(
- TokenProviderParameters tokenParameters, byte[] secret, SAMLRealm samlRealm, Document doc
- ) throws Exception {
- // Parse the AttributeStatements
- List<AttributeStatementBean> attrBeanList = null;
- if (attributeStatementProviders != null && attributeStatementProviders.size() > 0) {
- attrBeanList = new ArrayList<AttributeStatementBean>();
- for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
- AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
- if (statementBean != null) {
- LOG.fine(
- "AttributeStatements" + statementBean.toString()
- + "returned by AttributeStatementProvider "
- + statementProvider.getClass().getName()
- );
- attrBeanList.add(statementBean);
- }
- }
- }
-
- // Parse the AuthenticationStatements
- List<AuthenticationStatementBean> authBeanList = null;
- if (authenticationStatementProviders != null && authenticationStatementProviders.size() > 0) {
- authBeanList = new ArrayList<AuthenticationStatementBean>();
- for (AuthenticationStatementProvider statementProvider : authenticationStatementProviders) {
- AuthenticationStatementBean statementBean =
- statementProvider.getStatement(tokenParameters);
- if (statementBean != null) {
- LOG.fine(
- "AuthenticationStatement" + statementBean.toString()
- + "returned by AuthenticationStatementProvider "
- + statementProvider.getClass().getName()
- );
- authBeanList.add(statementBean);
- }
- }
- }
-
- // Parse the AuthDecisionStatements
- List<AuthDecisionStatementBean> authDecisionBeanList = null;
- if (authenticationDecisionStatementProviders != null
- && authenticationDecisionStatementProviders.size() > 0) {
- authDecisionBeanList = new ArrayList<AuthDecisionStatementBean>();
- for (AuthDecisionStatementProvider statementProvider
- : authenticationDecisionStatementProviders) {
- AuthDecisionStatementBean statementBean =
- statementProvider.getStatement(tokenParameters);
- if (statementBean != null) {
- LOG.fine(
- "AuthDecisionStatement" + statementBean.toString()
- + "returned by AuthDecisionStatementProvider "
- + statementProvider.getClass().getName()
- );
- authDecisionBeanList.add(statementBean);
- }
- }
- }
-
- // If no statements, then default to the DefaultAttributeStatementProvider
- if ((attrBeanList == null || attrBeanList.isEmpty())
- && (authBeanList == null || authBeanList.isEmpty())
- && (authDecisionBeanList == null || authDecisionBeanList.isEmpty())) {
- attrBeanList = new ArrayList<AttributeStatementBean>();
- AttributeStatementProvider attributeProvider = new DefaultAttributeStatementProvider();
- AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
- attrBeanList.add(attributeBean);
- }
-
- // Get the Subject and Conditions
- SubjectBean subjectBean = subjectProvider.getSubject(tokenParameters, doc, secret);
- ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
-
- // Set all of the beans on the SamlCallbackHandler
- SamlCallbackHandler handler = new SamlCallbackHandler();
- handler.setTokenProviderParameters(tokenParameters);
- handler.setSubjectBean(subjectBean);
- handler.setConditionsBean(conditionsBean);
- handler.setAttributeBeans(attrBeanList);
- handler.setAuthenticationBeans(authBeanList);
- handler.setAuthDecisionStatementBeans(authDecisionBeanList);
-
- if (samlRealm != null) {
- handler.setIssuer(samlRealm.getIssuer());
- }
-
- return handler;
- }
-
- /**
- * Do some tests on the KeyType parameter.
- */
- private void testKeyType(TokenProviderParameters tokenParameters) {
- KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
-
- String keyType = keyRequirements.getKeyType();
- if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
- if (keyRequirements.getCertificate() == null) {
- LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate is provided");
- throw new STSException(
- "No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST
- );
- }
- } else if (!STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
- && !STSConstants.BEARER_KEY_KEYTYPE.equals(keyType) && keyType != null) {
- LOG.log(Level.WARNING, "An unknown KeyType was requested: " + keyType);
- throw new STSException("Unknown KeyType", STSException.INVALID_REQUEST);
- }
-
- }
-
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
+import org.apache.ws.security.saml.ext.bean.ConditionsBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+
+/**
+ * A TokenProvider implementation that provides a SAML Token.
+ */
+public class SAMLTokenProvider implements TokenProvider {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenProvider.class);
+
+ private List<AttributeStatementProvider> attributeStatementProviders;
+ private List<AuthenticationStatementProvider> authenticationStatementProviders;
+ private List<AuthDecisionStatementProvider> authenticationDecisionStatementProviders;
+ private SubjectProvider subjectProvider = new DefaultSubjectProvider();
+ private ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
+ private boolean signToken = true;
+ private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
+
+ /**
+ * Return true if this TokenProvider implementation is capable of providing a token
+ * that corresponds to the given TokenType.
+ */
+ public boolean canHandleToken(String tokenType) {
+ return canHandleToken(tokenType, null);
+ }
+
+ /**
+ * Return true if this TokenProvider implementation is capable of providing a token
+ * that corresponds to the given TokenType in a given realm.
+ */
+ public boolean canHandleToken(String tokenType, String realm) {
+ if (realm != null && !realmMap.containsKey(realm)) {
+ return false;
+ }
+ if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)
+ || WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Create a token given a TokenProviderParameters
+ */
+ public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+ testKeyType(tokenParameters);
+ byte[] secret = null;
+ byte[] entropyBytes = null;
+ long keySize = 0;
+ boolean computedKey = false;
+ KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+ TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+ LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
+
+ if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyRequirements.getKeyType())) {
+ SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
+ keyHandler.createSymmetricKey();
+ secret = keyHandler.getSecret();
+ entropyBytes = keyHandler.getEntropyBytes();
+ keySize = keyHandler.getKeySize();
+ computedKey = keyHandler.isComputedKey();
+ }
+
+ try {
+ Document doc = DOMUtils.createDocument();
+ AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
+ Element token = assertion.toDOM(doc);
+
+ // set the token in cache
+ if (tokenParameters.getTokenStore() != null) {
+ SecurityToken securityToken = new SecurityToken(assertion.getId());
+ securityToken.setToken(token);
+ securityToken.setPrincipal(tokenParameters.getPrincipal());
+ int hash = 0;
+ byte[] signatureValue = assertion.getSignatureValue();
+ if (signatureValue != null && signatureValue.length > 0) {
+ hash = Arrays.hashCode(signatureValue);
+ securityToken.setAssociatedHash(hash);
+ }
+ if (tokenParameters.getRealm() != null) {
+ Properties props = securityToken.getProperties();
+ if (props == null) {
+ props = new Properties();
+ }
+ props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
+ securityToken.setProperties(props);
+ }
+ Integer timeToLive = (int)(conditionsProvider.getLifetime() * 1000);
+ tokenParameters.getTokenStore().add(securityToken, timeToLive);
+ }
+
+ TokenProviderResponse response = new TokenProviderResponse();
+ response.setToken(token);
+ String tokenType = tokenRequirements.getTokenType();
+ if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML2_NS.equals(tokenType)) {
+ response.setTokenId(token.getAttribute("ID"));
+ } else {
+ response.setTokenId(token.getAttribute("AssertionID"));
+ }
+ response.setLifetime(conditionsProvider.getLifetime());
+ response.setEntropy(entropyBytes);
+ if (keySize > 0) {
+ response.setKeySize(keySize);
+ }
+ response.setComputedKey(computedKey);
+
+ return response;
+ } catch (Exception e) {
+ LOG.log(Level.WARNING, "", e);
+ throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
+ }
+ }
+
+ /**
+ * Set the List of AttributeStatementProviders.
+ */
+ public void setAttributeStatementProviders(
+ List<AttributeStatementProvider> attributeStatementProviders
+ ) {
+ this.attributeStatementProviders = attributeStatementProviders;
+ }
+
+ /**
+ * Get the List of AttributeStatementProviders.
+ */
+ public List<AttributeStatementProvider> getAttributeStatementProviders() {
+ return attributeStatementProviders;
+ }
+
+ /**
+ * Set the List of AuthenticationStatementProviders.
+ */
+ public void setAuthenticationStatementProviders(
+ List<AuthenticationStatementProvider> authnStatementProviders
+ ) {
+ this.authenticationStatementProviders = authnStatementProviders;
+ }
+
+ /**
+ * Get the List of AuthenticationStatementProviders.
+ */
+ public List<AuthenticationStatementProvider> getAuthenticationStatementProviders() {
+ return authenticationStatementProviders;
+ }
+
+ /**
+ * Set the List of AuthDecisionStatementProviders.
+ */
+ public void setAuthDecisionStatementProviders(
+ List<AuthDecisionStatementProvider> authDecisionStatementProviders
+ ) {
+ this.authenticationDecisionStatementProviders = authDecisionStatementProviders;
+ }
+
+ /**
+ * Get the List of AuthDecisionStatementProviders.
+ */
+ public List<AuthDecisionStatementProvider> getAuthDecisionStatementProviders() {
+ return authenticationDecisionStatementProviders;
+ }
+
+ /**
+ * Set the SubjectProvider.
+ */
+ public void setSubjectProvider(SubjectProvider subjectProvider) {
+ this.subjectProvider = subjectProvider;
+ }
+
+ /**
+ * Get the SubjectProvider.
+ */
+ public SubjectProvider getSubjectProvider() {
+ return subjectProvider;
+ }
+
+ /**
+ * Set the ConditionsProvider
+ */
+ public void setConditionsProvider(ConditionsProvider conditionsProvider) {
+ this.conditionsProvider = conditionsProvider;
+ }
+
+ /**
+ * Get the ConditionsProvider
+ */
+ public ConditionsProvider getConditionsProvider() {
+ return conditionsProvider;
+ }
+
+ /**
+ * Return whether the provided token will be signed or not. Default is true.
+ */
+ public boolean isSignToken() {
+ return signToken;
+ }
+
+ /**
+ * Set whether the provided token will be signed or not. Default is true.
+ */
+ public void setSignToken(boolean signToken) {
+ this.signToken = signToken;
+ }
+
+ /**
+ * Set the map of realm->SAMLRealm for this token provider
+ * @param realms the map of realm->SAMLRealm for this token provider
+ */
+ public void setRealmMap(Map<String, SAMLRealm> realms) {
+ this.realmMap = realms;
+ }
+
+ /**
+ * Get the map of realm->SAMLRealm for this token provider
+ * @return the map of realm->SAMLRealm for this token provider
+ */
+ public Map<String, SAMLRealm> getRealmMap() {
+ return realmMap;
+ }
+
+ private AssertionWrapper createSamlToken(
+ TokenProviderParameters tokenParameters, byte[] secret, Document doc
+ ) throws Exception {
+ String realm = tokenParameters.getRealm();
+ SAMLRealm samlRealm = null;
+ if (realm != null && realmMap.containsKey(realm)) {
+ samlRealm = realmMap.get(realm);
+ }
+
+ SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, samlRealm, doc);
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(handler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+ if (signToken) {
+ STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+
+ String alias = null;
+ if (samlRealm != null) {
+ alias = samlRealm.getSignatureAlias();
+ }
+ if (alias == null || "".equals(alias)) {
+ alias = stsProperties.getSignatureUsername();
+ }
+ if (alias == null || "".equals(alias)) {
+ Crypto signatureCrypto = stsProperties.getSignatureCrypto();
+ if (signatureCrypto != null) {
+ alias = signatureCrypto.getDefaultX509Identifier();
+ LOG.fine("Signature alias is null so using default alias: " + alias);
+ }
+ }
+ // Get the password
+ WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
+ LOG.fine("Creating SAML Token");
+ stsProperties.getCallbackHandler().handle(cb);
+ String password = cb[0].getPassword();
+
+ LOG.fine("Signing SAML Token");
+ boolean useKeyValue = stsProperties.getSignatureProperties().isUseKeyValue();
+ assertion.signAssertion(alias, password, stsProperties.getSignatureCrypto(), useKeyValue);
+ }
+
+ return assertion;
+ }
+
+ public SamlCallbackHandler createCallbackHandler(
+ TokenProviderParameters tokenParameters, byte[] secret, SAMLRealm samlRealm, Document doc
+ ) throws Exception {
+ // Parse the AttributeStatements
+ List<AttributeStatementBean> attrBeanList = null;
+ if (attributeStatementProviders != null && attributeStatementProviders.size() > 0) {
+ attrBeanList = new ArrayList<AttributeStatementBean>();
+ for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
+ AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
+ if (statementBean != null) {
+ LOG.fine(
+ "AttributeStatements" + statementBean.toString()
+ + "returned by AttributeStatementProvider "
+ + statementProvider.getClass().getName()
+ );
+ attrBeanList.add(statementBean);
+ }
+ }
+ }
+
+ // Parse the AuthenticationStatements
+ List<AuthenticationStatementBean> authBeanList = null;
+ if (authenticationStatementProviders != null && authenticationStatementProviders.size() > 0) {
+ authBeanList = new ArrayList<AuthenticationStatementBean>();
+ for (AuthenticationStatementProvider statementProvider : authenticationStatementProviders) {
+ AuthenticationStatementBean statementBean =
+ statementProvider.getStatement(tokenParameters);
+ if (statementBean != null) {
+ LOG.fine(
+ "AuthenticationStatement" + statementBean.toString()
+ + "returned by AuthenticationStatementProvider "
+ + statementProvider.getClass().getName()
+ );
+ authBeanList.add(statementBean);
+ }
+ }
+ }
+
+ // Parse the AuthDecisionStatements
+ List<AuthDecisionStatementBean> authDecisionBeanList = null;
+ if (authenticationDecisionStatementProviders != null
+ && authenticationDecisionStatementProviders.size() > 0) {
+ authDecisionBeanList = new ArrayList<AuthDecisionStatementBean>();
+ for (AuthDecisionStatementProvider statementProvider
+ : authenticationDecisionStatementProviders) {
+ AuthDecisionStatementBean statementBean =
+ statementProvider.getStatement(tokenParameters);
+ if (statementBean != null) {
+ LOG.fine(
+ "AuthDecisionStatement" + statementBean.toString()
+ + "returned by AuthDecisionStatementProvider "
+ + statementProvider.getClass().getName()
+ );
+ authDecisionBeanList.add(statementBean);
+ }
+ }
+ }
+
+ // If no statements, then default to the DefaultAttributeStatementProvider
+ if ((attrBeanList == null || attrBeanList.isEmpty())
+ && (authBeanList == null || authBeanList.isEmpty())
+ && (authDecisionBeanList == null || authDecisionBeanList.isEmpty())) {
+ attrBeanList = new ArrayList<AttributeStatementBean>();
+ AttributeStatementProvider attributeProvider = new DefaultAttributeStatementProvider();
+ AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
+ attrBeanList.add(attributeBean);
+ }
+
+ // Get the Subject and Conditions
+ SubjectBean subjectBean = subjectProvider.getSubject(tokenParameters, doc, secret);
+ ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
+
+ // Set all of the beans on the SamlCallbackHandler
+ SamlCallbackHandler handler = new SamlCallbackHandler();
+ handler.setTokenProviderParameters(tokenParameters);
+ handler.setSubjectBean(subjectBean);
+ handler.setConditionsBean(conditionsBean);
+ handler.setAttributeBeans(attrBeanList);
+ handler.setAuthenticationBeans(authBeanList);
+ handler.setAuthDecisionStatementBeans(authDecisionBeanList);
+
+ if (samlRealm != null) {
+ handler.setIssuer(samlRealm.getIssuer());
+ }
+
+ return handler;
+ }
+
+ /**
+ * Do some tests on the KeyType parameter.
+ */
+ private void testKeyType(TokenProviderParameters tokenParameters) {
+ KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+
+ String keyType = keyRequirements.getKeyType();
+ if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
+ if (keyRequirements.getCertificate() == null) {
+ LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate is provided");
+ throw new STSException(
+ "No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST
+ );
+ }
+ } else if (!STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
+ && !STSConstants.BEARER_KEY_KEYTYPE.equals(keyType) && keyType != null) {
+ LOG.log(Level.WARNING, "An unknown KeyType was requested: " + keyType);
+ throw new STSException("Unknown KeyType", STSException.INVALID_REQUEST);
+ }
+
+ }
+
+
+}
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java Thu Oct 20 16:37:54 2011
@@ -1,191 +1,191 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-import java.util.Properties;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Document;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.trust.STSUtils;
-
-import org.apache.ws.security.conversation.ConversationConstants;
-import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.message.token.SecurityContextToken;
-
-/**
- * A TokenProvider implementation that provides a SecurityContextToken.
- */
-public class SCTProvider implements TokenProvider {
-
- private static final Logger LOG = LogUtils.getL7dLogger(SCTProvider.class);
- private boolean returnEntropy = true;
- private long lifetime = 300L;
-
- /**
- * Return the lifetime of the generated SCT
- * @return the lifetime of the generated SCT
- */
- public long getLifetime() {
- return lifetime;
- }
-
- /**
- * Set the lifetime of the generated SCT
- * @param lifetime the lifetime of the generated SCT
- */
- public void setLifetime(long lifetime) {
- this.lifetime = lifetime;
- }
-
- /**
- * Return true if this TokenProvider implementation is capable of providing a token
- * that corresponds to the given TokenType.
- */
- public boolean canHandleToken(String tokenType) {
- return canHandleToken(tokenType, null);
- }
-
- /**
- * Return true if this TokenProvider implementation is capable of providing a token
- * that corresponds to the given TokenType in a given realm. The realm is ignored in this
- * token provider.
- */
- public boolean canHandleToken(String tokenType, String realm) {
- if (STSUtils.TOKEN_TYPE_SCT_05_02.equals(tokenType)
- || STSUtils.TOKEN_TYPE_SCT_05_12.equals(tokenType)) {
- return true;
- }
- return false;
- }
-
- /**
- * Set whether Entropy is returned to the client or not
- * @param returnEntropy whether Entropy is returned to the client or not
- */
- public void setReturnEntropy(boolean returnEntropy) {
- this.returnEntropy = returnEntropy;
- }
-
- /**
- * Get whether Entropy is returned to the client or not
- * @return whether Entropy is returned to the client or not
- */
- public boolean isReturnEntropy() {
- return returnEntropy;
- }
-
- /**
- * Create a token given a TokenProviderParameters
- */
- public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
- TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
- LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
-
- if (tokenParameters.getTokenStore() == null) {
- LOG.log(Level.FINE, "A cache must be configured to use the SCTProvider");
- throw new STSException("Can't serialize SCT", STSException.REQUEST_FAILED);
- }
-
- SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
- keyHandler.createSymmetricKey();
-
- try {
- Document doc = DOMUtils.createDocument();
- SecurityContextToken sct =
- new SecurityContextToken(getWSCVersion(tokenRequirements.getTokenType()), doc);
-
- TokenProviderResponse response = new TokenProviderResponse();
- response.setToken(sct.getElement());
- response.setTokenId(sct.getIdentifier());
- if (returnEntropy) {
- response.setEntropy(keyHandler.getEntropyBytes());
- }
- long keySize = keyHandler.getKeySize();
- response.setKeySize(keySize);
- response.setComputedKey(keyHandler.isComputedKey());
-
- // putting the secret key into the cache
- SecurityToken token = new SecurityToken(sct.getIdentifier());
- token.setSecret(keyHandler.getSecret());
- token.setPrincipal(tokenParameters.getPrincipal());
- if (tokenParameters.getRealm() != null) {
- Properties props = token.getProperties();
- if (props == null) {
- props = new Properties();
- }
- props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
- token.setProperties(props);
- }
- if (lifetime > 0) {
- Integer lifetimeInteger = new Integer(Long.valueOf(lifetime).intValue());
- tokenParameters.getTokenStore().add(token, lifetimeInteger);
- } else {
- tokenParameters.getTokenStore().add(token);
- }
-
- // Create the references
- TokenReference attachedReference = new TokenReference();
- attachedReference.setIdentifier(sct.getID());
- attachedReference.setUseDirectReference(true);
- attachedReference.setWsseValueType(tokenRequirements.getTokenType());
- response.setAttachedReference(attachedReference);
-
- TokenReference unAttachedReference = new TokenReference();
- unAttachedReference.setIdentifier(sct.getIdentifier());
- unAttachedReference.setUseDirectReference(true);
- unAttachedReference.setWsseValueType(tokenRequirements.getTokenType());
- response.setUnattachedReference(unAttachedReference);
-
- response.setLifetime(lifetime);
-
- return response;
- } catch (Exception e) {
- LOG.log(Level.WARNING, "", e);
- throw new STSException("Can't serialize SCT", e, STSException.REQUEST_FAILED);
- }
- }
-
- /**
- * Get the Secure Conversation version from the TokenType parameter
- */
- private static int getWSCVersion(String tokenType) throws ConversationException {
- if (tokenType == null) {
- return ConversationConstants.DEFAULT_VERSION;
- }
-
- if (tokenType.startsWith(ConversationConstants.WSC_NS_05_02)) {
- return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
- } else if (tokenType.startsWith(ConversationConstants.WSC_NS_05_12)) {
- return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
- } else {
- throw new ConversationException("unsupportedSecConvVersion");
- }
- }
-
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSUtils;
+
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.token.SecurityContextToken;
+
+/**
+ * A TokenProvider implementation that provides a SecurityContextToken.
+ */
+public class SCTProvider implements TokenProvider {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(SCTProvider.class);
+ private boolean returnEntropy = true;
+ private long lifetime = 300L;
+
+ /**
+ * Return the lifetime of the generated SCT
+ * @return the lifetime of the generated SCT
+ */
+ public long getLifetime() {
+ return lifetime;
+ }
+
+ /**
+ * Set the lifetime of the generated SCT
+ * @param lifetime the lifetime of the generated SCT
+ */
+ public void setLifetime(long lifetime) {
+ this.lifetime = lifetime;
+ }
+
+ /**
+ * Return true if this TokenProvider implementation is capable of providing a token
+ * that corresponds to the given TokenType.
+ */
+ public boolean canHandleToken(String tokenType) {
+ return canHandleToken(tokenType, null);
+ }
+
+ /**
+ * Return true if this TokenProvider implementation is capable of providing a token
+ * that corresponds to the given TokenType in a given realm. The realm is ignored in this
+ * token provider.
+ */
+ public boolean canHandleToken(String tokenType, String realm) {
+ if (STSUtils.TOKEN_TYPE_SCT_05_02.equals(tokenType)
+ || STSUtils.TOKEN_TYPE_SCT_05_12.equals(tokenType)) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Set whether Entropy is returned to the client or not
+ * @param returnEntropy whether Entropy is returned to the client or not
+ */
+ public void setReturnEntropy(boolean returnEntropy) {
+ this.returnEntropy = returnEntropy;
+ }
+
+ /**
+ * Get whether Entropy is returned to the client or not
+ * @return whether Entropy is returned to the client or not
+ */
+ public boolean isReturnEntropy() {
+ return returnEntropy;
+ }
+
+ /**
+ * Create a token given a TokenProviderParameters
+ */
+ public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+ TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+ LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
+
+ if (tokenParameters.getTokenStore() == null) {
+ LOG.log(Level.FINE, "A cache must be configured to use the SCTProvider");
+ throw new STSException("Can't serialize SCT", STSException.REQUEST_FAILED);
+ }
+
+ SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
+ keyHandler.createSymmetricKey();
+
+ try {
+ Document doc = DOMUtils.createDocument();
+ SecurityContextToken sct =
+ new SecurityContextToken(getWSCVersion(tokenRequirements.getTokenType()), doc);
+
+ TokenProviderResponse response = new TokenProviderResponse();
+ response.setToken(sct.getElement());
+ response.setTokenId(sct.getIdentifier());
+ if (returnEntropy) {
+ response.setEntropy(keyHandler.getEntropyBytes());
+ }
+ long keySize = keyHandler.getKeySize();
+ response.setKeySize(keySize);
+ response.setComputedKey(keyHandler.isComputedKey());
+
+ // putting the secret key into the cache
+ SecurityToken token = new SecurityToken(sct.getIdentifier());
+ token.setSecret(keyHandler.getSecret());
+ token.setPrincipal(tokenParameters.getPrincipal());
+ if (tokenParameters.getRealm() != null) {
+ Properties props = token.getProperties();
+ if (props == null) {
+ props = new Properties();
+ }
+ props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
+ token.setProperties(props);
+ }
+ if (lifetime > 0) {
+ Integer lifetimeInteger = new Integer(Long.valueOf(lifetime).intValue());
+ tokenParameters.getTokenStore().add(token, lifetimeInteger);
+ } else {
+ tokenParameters.getTokenStore().add(token);
+ }
+
+ // Create the references
+ TokenReference attachedReference = new TokenReference();
+ attachedReference.setIdentifier(sct.getID());
+ attachedReference.setUseDirectReference(true);
+ attachedReference.setWsseValueType(tokenRequirements.getTokenType());
+ response.setAttachedReference(attachedReference);
+
+ TokenReference unAttachedReference = new TokenReference();
+ unAttachedReference.setIdentifier(sct.getIdentifier());
+ unAttachedReference.setUseDirectReference(true);
+ unAttachedReference.setWsseValueType(tokenRequirements.getTokenType());
+ response.setUnattachedReference(unAttachedReference);
+
+ response.setLifetime(lifetime);
+
+ return response;
+ } catch (Exception e) {
+ LOG.log(Level.WARNING, "", e);
+ throw new STSException("Can't serialize SCT", e, STSException.REQUEST_FAILED);
+ }
+ }
+
+ /**
+ * Get the Secure Conversation version from the TokenType parameter
+ */
+ private static int getWSCVersion(String tokenType) throws ConversationException {
+ if (tokenType == null) {
+ return ConversationConstants.DEFAULT_VERSION;
+ }
+
+ if (tokenType.startsWith(ConversationConstants.WSC_NS_05_02)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
+ } else if (tokenType.startsWith(ConversationConstants.WSC_NS_05_12)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
+ } else {
+ throw new ConversationException("unsupportedSecConvVersion");
+ }
+ }
+
+
+}
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java Thu Oct 20 16:37:54 2011
@@ -1,150 +1,150 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.SignatureProperties;
-import org.apache.cxf.sts.request.Entropy;
-import org.apache.cxf.sts.request.KeyRequirements;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.conversation.dkalgo.P_SHA1;
-import org.apache.ws.security.util.WSSecurityUtil;
-
-/**
- * Some common functionality relating to parsing and generating Symmetric Keys.
- */
-public class SymmetricKeyHandler {
-
- private static final Logger LOG = LogUtils.getL7dLogger(SymmetricKeyHandler.class);
-
- private int keySize = 256;
- private Entropy clientEntropy;
- private byte[] entropyBytes;
- private byte[] secret;
- private boolean computedKey;
-
- public SymmetricKeyHandler(TokenProviderParameters tokenParameters) {
- KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
-
- // Test KeySize
- keySize = Long.valueOf(keyRequirements.getKeySize()).intValue();
- STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
- SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
- if (keySize < signatureProperties.getMinimumKeySize()
- || keySize > signatureProperties.getMaximumKeySize()) {
- keySize = Long.valueOf(signatureProperties.getKeySize()).intValue();
- LOG.log(
- Level.WARNING, "Received KeySize of " + keyRequirements.getKeySize()
- + " not accepted so defaulting to " + signatureProperties.getKeySize()
- );
- }
-
- // Test Entropy
- clientEntropy = keyRequirements.getEntropy();
- if (clientEntropy == null) {
- LOG.log(Level.WARNING, "A SymmetricKey KeyType is requested, but no client entropy is provided");
- } else {
- String binarySecurityType = clientEntropy.getBinarySecretType();
- byte[] nonce = clientEntropy.getBinarySecretValue();
- if (!STSConstants.NONCE_TYPE.equals(binarySecurityType)) {
- LOG.log(Level.WARNING, "The type " + binarySecurityType + " is not supported");
- throw new STSException(
- "No user supplied entropy for SymmetricKey case", STSException.INVALID_REQUEST
- );
- }
- if (nonce == null || (nonce.length < (keySize / 8))) {
- LOG.log(Level.WARNING, "User Entropy rejected");
- clientEntropy = null;
- }
- String computedKeyAlgorithm = keyRequirements.getComputedKeyAlgorithm();
- if (!STSConstants.COMPUTED_KEY_PSHA1.equals(computedKeyAlgorithm)) {
- LOG.log(
- Level.WARNING,
- "The computed key algorithm of " + computedKeyAlgorithm + " is not supported"
- );
- throw new STSException(
- "Computed Key Algorithm not supported", STSException.INVALID_REQUEST
- );
- }
- }
- }
-
- /**
- * Create the Symmetric Key
- */
- public void createSymmetricKey() {
- try {
- entropyBytes = WSSecurityUtil.generateNonce(keySize / 8);
- secret = entropyBytes;
- computedKey = false;
- } catch (WSSecurityException ex) {
- LOG.log(Level.WARNING, "", ex);
- throw new STSException("Error in creating symmetric key", ex, STSException.INVALID_REQUEST);
- }
- if (clientEntropy != null) {
- byte[] nonce = clientEntropy.getBinarySecretValue();
- try {
- P_SHA1 psha1 = new P_SHA1();
- secret = psha1.createKey(nonce, entropyBytes, 0, keySize / 8);
- computedKey = true;
- } catch (ConversationException ex) {
- LOG.log(Level.WARNING, "", ex);
- throw new STSException("Error in creating symmetric key", STSException.INVALID_REQUEST);
- }
- }
- }
-
- /**
- * Get the KeySize.
- */
- public long getKeySize() {
- return keySize;
- }
-
- /**
- * Get the Entropy bytes
- */
- public byte[] getEntropyBytes() {
- return entropyBytes;
- }
-
- /**
- * Get the secret
- */
- public byte[] getSecret() {
- return secret;
- }
-
- /**
- * Get whether this is a computed key or not
- */
- public boolean isComputedKey() {
- return computedKey;
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.SignatureProperties;
+import org.apache.cxf.sts.request.Entropy;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.util.WSSecurityUtil;
+
+/**
+ * Some common functionality relating to parsing and generating Symmetric Keys.
+ */
+public class SymmetricKeyHandler {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(SymmetricKeyHandler.class);
+
+ private int keySize = 256;
+ private Entropy clientEntropy;
+ private byte[] entropyBytes;
+ private byte[] secret;
+ private boolean computedKey;
+
+ public SymmetricKeyHandler(TokenProviderParameters tokenParameters) {
+ KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+
+ // Test KeySize
+ keySize = Long.valueOf(keyRequirements.getKeySize()).intValue();
+ STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+ SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
+ if (keySize < signatureProperties.getMinimumKeySize()
+ || keySize > signatureProperties.getMaximumKeySize()) {
+ keySize = Long.valueOf(signatureProperties.getKeySize()).intValue();
+ LOG.log(
+ Level.WARNING, "Received KeySize of " + keyRequirements.getKeySize()
+ + " not accepted so defaulting to " + signatureProperties.getKeySize()
+ );
+ }
+
+ // Test Entropy
+ clientEntropy = keyRequirements.getEntropy();
+ if (clientEntropy == null) {
+ LOG.log(Level.WARNING, "A SymmetricKey KeyType is requested, but no client entropy is provided");
+ } else {
+ String binarySecurityType = clientEntropy.getBinarySecretType();
+ byte[] nonce = clientEntropy.getBinarySecretValue();
+ if (!STSConstants.NONCE_TYPE.equals(binarySecurityType)) {
+ LOG.log(Level.WARNING, "The type " + binarySecurityType + " is not supported");
+ throw new STSException(
+ "No user supplied entropy for SymmetricKey case", STSException.INVALID_REQUEST
+ );
+ }
+ if (nonce == null || (nonce.length < (keySize / 8))) {
+ LOG.log(Level.WARNING, "User Entropy rejected");
+ clientEntropy = null;
+ }
+ String computedKeyAlgorithm = keyRequirements.getComputedKeyAlgorithm();
+ if (!STSConstants.COMPUTED_KEY_PSHA1.equals(computedKeyAlgorithm)) {
+ LOG.log(
+ Level.WARNING,
+ "The computed key algorithm of " + computedKeyAlgorithm + " is not supported"
+ );
+ throw new STSException(
+ "Computed Key Algorithm not supported", STSException.INVALID_REQUEST
+ );
+ }
+ }
+ }
+
+ /**
+ * Create the Symmetric Key
+ */
+ public void createSymmetricKey() {
+ try {
+ entropyBytes = WSSecurityUtil.generateNonce(keySize / 8);
+ secret = entropyBytes;
+ computedKey = false;
+ } catch (WSSecurityException ex) {
+ LOG.log(Level.WARNING, "", ex);
+ throw new STSException("Error in creating symmetric key", ex, STSException.INVALID_REQUEST);
+ }
+ if (clientEntropy != null) {
+ byte[] nonce = clientEntropy.getBinarySecretValue();
+ try {
+ P_SHA1 psha1 = new P_SHA1();
+ secret = psha1.createKey(nonce, entropyBytes, 0, keySize / 8);
+ computedKey = true;
+ } catch (ConversationException ex) {
+ LOG.log(Level.WARNING, "", ex);
+ throw new STSException("Error in creating symmetric key", STSException.INVALID_REQUEST);
+ }
+ }
+ }
+
+ /**
+ * Get the KeySize.
+ */
+ public long getKeySize() {
+ return keySize;
+ }
+
+ /**
+ * Get the Entropy bytes
+ */
+ public byte[] getEntropyBytes() {
+ return entropyBytes;
+ }
+
+ /**
+ * Get the secret
+ */
+ public byte[] getSecret() {
+ return secret;
+ }
+
+ /**
+ * Get whether this is a computed key or not
+ */
+ public boolean isComputedKey() {
+ return computedKey;
+ }
+
+}
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java Thu Oct 20 16:37:54 2011
@@ -1,44 +1,44 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-/**
- * An interface that can provide a security token.
- */
-public interface TokenProvider {
-
- /**
- * Return true if this TokenProvider implementation is capable of providing a token
- * that corresponds to the given TokenType
- */
- boolean canHandleToken(String tokenType);
-
- /**
- * Return true if this TokenProvider implementation is capable of providing a token
- * that corresponds to the given TokenType in a given realm
- */
- boolean canHandleToken(String tokenType, String realm);
-
- /**
- * Create a token given a TokenProviderParameters
- */
- TokenProviderResponse createToken(TokenProviderParameters tokenParameters);
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+/**
+ * An interface that can provide a security token.
+ */
+public interface TokenProvider {
+
+ /**
+ * Return true if this TokenProvider implementation is capable of providing a token
+ * that corresponds to the given TokenType
+ */
+ boolean canHandleToken(String tokenType);
+
+ /**
+ * Return true if this TokenProvider implementation is capable of providing a token
+ * that corresponds to the given TokenType in a given realm
+ */
+ boolean canHandleToken(String tokenType, String realm);
+
+ /**
+ * Create a token given a TokenProviderParameters
+ */
+ TokenProviderResponse createToken(TokenProviderParameters tokenParameters);
+
+}
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java Thu Oct 20 16:37:54 2011
@@ -1,114 +1,114 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-/**
- * A class that encapsulates how a token should be referenced
- */
-public class TokenReference {
-
- private String identifier;
- private String wsse11TokenType;
- private String wsseValueType;
- private boolean useDirectReference;
- private boolean useKeyIdentifier;
-
- /**
- * Get the identifier associated with this token
- * @return the identifier associated with this token
- */
- public String getIdentifier() {
- return identifier;
- }
-
- /**
- * Set the identifier associated with this token
- * @param identifier the identifier associated with this token
- */
- public void setIdentifier(String identifier) {
- this.identifier = identifier;
- }
-
- /**
- * Get the wsse11 TokenType attribute
- * @return the wsse11 TokenType attribute
- */
- public String getWsse11TokenType() {
- return wsse11TokenType;
- }
-
- /**
- * Set the wsse11 TokenType attribute
- * @param wsse11TokenType the wsse11 TokenType attribute
- */
- public void setWsse11TokenType(String wsse11TokenType) {
- this.wsse11TokenType = wsse11TokenType;
- }
-
- /**
- * Get the wsse ValueType attribute
- * @return the wsse ValueType attribute
- */
- public String getWsseValueType() {
- return wsseValueType;
- }
-
- /**
- * Set the wsse ValueType attribute
- * @param wsseValueType the wsse ValueType attribute
- */
- public void setWsseValueType(String wsseValueType) {
- this.wsseValueType = wsseValueType;
- }
-
- /**
- * Get whether to use direct reference to refer to this token
- * @return whether to use direct reference to refer to this token
- */
- public boolean isUseDirectReference() {
- return useDirectReference;
- }
-
- /**
- * Set whether to use direct reference to refer to this token
- * @param useDirectReference whether to use direct reference to refer to this token
- */
- public void setUseDirectReference(boolean useDirectReference) {
- this.useDirectReference = useDirectReference;
- }
-
- /**
- * Get whether to use a KeyIdentifier to refer to this token
- * @return whether to use a KeyIdentifier to refer to this token
- */
- public boolean isUseKeyIdentifier() {
- return useKeyIdentifier;
- }
-
- /**
- * Set whether to use a KeyIdentifier to refer to this token
- * @param useKeyIdentifier whether to use a KeyIdentifier to refer to this token
- */
- public void setUseKeyIdentifier(boolean useKeyIdentifier) {
- this.useKeyIdentifier = useKeyIdentifier;
- }
-
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+/**
+ * A class that encapsulates how a token should be referenced
+ */
+public class TokenReference {
+
+ private String identifier;
+ private String wsse11TokenType;
+ private String wsseValueType;
+ private boolean useDirectReference;
+ private boolean useKeyIdentifier;
+
+ /**
+ * Get the identifier associated with this token
+ * @return the identifier associated with this token
+ */
+ public String getIdentifier() {
+ return identifier;
+ }
+
+ /**
+ * Set the identifier associated with this token
+ * @param identifier the identifier associated with this token
+ */
+ public void setIdentifier(String identifier) {
+ this.identifier = identifier;
+ }
+
+ /**
+ * Get the wsse11 TokenType attribute
+ * @return the wsse11 TokenType attribute
+ */
+ public String getWsse11TokenType() {
+ return wsse11TokenType;
+ }
+
+ /**
+ * Set the wsse11 TokenType attribute
+ * @param wsse11TokenType the wsse11 TokenType attribute
+ */
+ public void setWsse11TokenType(String wsse11TokenType) {
+ this.wsse11TokenType = wsse11TokenType;
+ }
+
+ /**
+ * Get the wsse ValueType attribute
+ * @return the wsse ValueType attribute
+ */
+ public String getWsseValueType() {
+ return wsseValueType;
+ }
+
+ /**
+ * Set the wsse ValueType attribute
+ * @param wsseValueType the wsse ValueType attribute
+ */
+ public void setWsseValueType(String wsseValueType) {
+ this.wsseValueType = wsseValueType;
+ }
+
+ /**
+ * Get whether to use direct reference to refer to this token
+ * @return whether to use direct reference to refer to this token
+ */
+ public boolean isUseDirectReference() {
+ return useDirectReference;
+ }
+
+ /**
+ * Set whether to use direct reference to refer to this token
+ * @param useDirectReference whether to use direct reference to refer to this token
+ */
+ public void setUseDirectReference(boolean useDirectReference) {
+ this.useDirectReference = useDirectReference;
+ }
+
+ /**
+ * Get whether to use a KeyIdentifier to refer to this token
+ * @return whether to use a KeyIdentifier to refer to this token
+ */
+ public boolean isUseKeyIdentifier() {
+ return useKeyIdentifier;
+ }
+
+ /**
+ * Set whether to use a KeyIdentifier to refer to this token
+ * @param useKeyIdentifier whether to use a KeyIdentifier to refer to this token
+ */
+ public void setUseKeyIdentifier(boolean useKeyIdentifier) {
+ this.useKeyIdentifier = useKeyIdentifier;
+ }
+
+
+}
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/CertConstraintsParser.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealmCodec.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/UsernameTokenRealmCodec.java
------------------------------------------------------------------------------
svn:eol-style = native