You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/09/03 13:37:50 UTC
svn commit: r439762 - in
/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas:
RahasConstants.java client/STSClient.java errors.properties
Author: ruchithf
Date: Sun Sep 3 04:37:49 2006
New Revision: 439762
URL: http://svn.apache.org/viewvc?rev=439762&view=rev
Log:
- STSClient
- ttl is set in seconds, use milliseconds when creating lifetime element
- Updated to to process the requested proof token to extract the secret
Modified:
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java?rev=439762&r1=439761&r2=439762&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java Sun Sep 3 04:37:49 2006
@@ -48,6 +48,7 @@
public static final String REQUESTED_SECURITY_TOKEN_LN = "RequestedSecurityToken";
public final static String BINARY_SECRET_LN = "BinarySecret";
public final static String COMPUTED_KEY_ALGO_LN = "ComputedKeyAlgorithm";
+ public final static String COMPUTED_KEY_LN = "ComputedKey";
public final static String REQUESTED_ATTACHED_REFERENCE_LN = "RequestedAttachedReference";
public final static String REQUESTED_UNATTACHED_REFERENCE_LN = "RequestedUnattachedReference";
public final static String KEY_SIZE_LN = "KeySize";
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java?rev=439762&r1=439761&r2=439762&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java Sun Sep 3 04:37:49 2006
@@ -35,6 +35,8 @@
import org.apache.ws.secpolicy.model.Binding;
import org.apache.ws.secpolicy.model.Trust10;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.util.WSSecurityUtil;
import javax.xml.namespace.QName;
@@ -51,6 +53,8 @@
private String addressingNs = AddressingConstants.Final.WSA_NAMESPACE;
+ private int keySize;
+
/**
* Life time in seconds
* Default is 300 seconds (5 mins)
@@ -130,9 +134,56 @@
tok.setAttachedReference(reqAttRef);
tok.setUnattachedReference(reqUnattRef);
+ //Handle proof token
+ OMElement rpt = rstr.getFirstChildWithName(new QName(ns, RahasConstants.REQUESTED_PROOF_TOKEN_LN));
+
+ byte[] secret = null;
+
+ if(rpt != null) {
+ OMElement child = rpt.getFirstElement();
+ if(child == null) {
+ throw new TrustException("invalidRPT");
+ }
+ if(child.getQName().equals(new QName(ns, RahasConstants.BINARY_SECRET_LN))) {
+ //First check for the binary secret
+ String b64Secret = child.getText();
+ tok.setSecret(Base64.decode(b64Secret));
+ }else if(child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))){
+ //TODO Handle encrypted key
+ throw new UnsupportedOperationException("TODO: Handle encrypted key");
+ } else if(child.getQName().equals(new QName(ns, RahasConstants.COMPUTED_KEY_LN))) {
+ //Handle the computed key
+
+ //Get service entropy
+ OMElement serviceEntrElem = rstr.getFirstChildWithName(new QName(ns, RahasConstants.ENTROPY_LN));
+ if(serviceEntrElem != null && serviceEntrElem.getText() != null && !"".equals(serviceEntrElem.getText().trim())) {
+ byte[] serviceEntr = Base64.decode(serviceEntrElem.getText());
+
+ //Right now we only use PSHA1 as the computed key algo
+ P_SHA1 p_sha1 = new P_SHA1();
+
+ int length = (this.keySize != -1) ? keySize
+ : this.algorithmSuite
+ .getMaximumSymmetricKeyLength();
+ try {
+ secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length);
+ } catch (ConversationException e) {
+ throw new TrustException("keyDerivationError", e);
+ }
+ } else {
+ //Service entropy missing
+ throw new TrustException("serviceEntropyMissing");
+ }
+ }
+
+ } else {
+ if(this.requestorEntropy != null) {
+ //Use requestor entropy as the key
+ secret = this.requestorEntropy;
+ }
+ }
- //Handle the Lifetime
- OMElement lifetime = rstr.getFirstChildWithName(new QName(ns, RahasConstants.LIFETIME_LN));
+ tok.setSecret(secret);
return tok;
@@ -215,13 +266,24 @@
TrustUtil.createRequestTypeElement(version, rst, requestType);
TrustUtil.createAppliesToElement(rst, requestType, this.addressingNs);
- TrustUtil.createLifetimeElement(version, rst, this.ttl);
+ TrustUtil.createLifetimeElement(version, rst, this.ttl * 1000);
//Copy over the elements from the template
Iterator templateChildren = rstTemplate.getChildElements();
while (templateChildren.hasNext()) {
OMNode child = (OMNode) templateChildren.next();
rst.addChild(child);
+
+ //Look for the key size element
+ if (child instanceof OMElement
+ && ((OMElement) child).getQName().equals(
+ new QName(TrustUtil.getWSTNamespace(version),
+ RahasConstants.KEY_SIZE_LN))) {
+ OMElement childElem = (OMElement)child;
+ this.keySize = (childElem.getText() != null && !""
+ .equals(childElem.getText())) ?
+ Integer.parseInt(childElem.getText()) : -1;
+ }
}
try {
@@ -236,6 +298,7 @@
//Add the ComputedKey element
TrustUtil.createComputedKeyAlgorithm(version, rst, RahasConstants.COMPUTED_KEY_PSHA1);
+
}
}
} catch (Exception e) {
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties?rev=439762&r1=439761&r2=439762&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties Sun Sep 3 04:37:49 2006
@@ -38,6 +38,9 @@
errorInProcessingSTR = Error in processing SecurityTokenReference : {0}
cannotObtainTokenIdentifier = Cannot obtain token identifier
lifeTimeProcessingError = Error in processing Lifetime : {0}
+invalidRPT = Invalid RequestedProofToken
+serviceEntropyMissing = Service entropy missing
+keyDerivationError = Error in key derivation
#SCTIssuer specific error messages
sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org