You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/03/25 14:50:49 UTC
svn commit: r388759 - in /webservices/axis2/trunk/java/modules/security: ./
src/META-INF/ src/org/apache/axis2/security/trust/
src/org/apache/axis2/security/trust/impl/ test-resources/trust/impl/
Author: ruchithf
Date: Sat Mar 25 05:50:47 2006
New Revision: 388759
URL: http://svn.apache.org/viewcvs?rev=388759&view=rev
Log:
- Moved the sts-services.xml to test-resources
- Got the SCTIssuer working
Added:
webservices/axis2/trunk/java/modules/security/test-resources/trust/impl/sts-services.xml
- copied, changed from r388738, webservices/axis2/trunk/java/modules/security/src/META-INF/sts-services.xml
Removed:
webservices/axis2/trunk/java/modules/security/src/META-INF/sts-services.xml
Modified:
webservices/axis2/trunk/java/modules/security/maven.xml
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
Modified: webservices/axis2/trunk/java/modules/security/maven.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/maven.xml?rev=388759&r1=388758&r2=388759&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/security/maven.xml Sat Mar 25 05:50:47 2006
@@ -70,7 +70,7 @@
<copy file="${maven.repo.local}/opensaml/jars/opensaml-${opensaml.version}.jar" todir="target/sts/lib"/>
<copy file="${maven.repo.local}/wss4j/jars/wss4j-${wss4j.version}.jar" todir="target/sts/lib"/>
- <copy file="target/classes/META-INF/sts-services.xml" toFile="target/sts/META-INF/services.xml"/>
+ <copy file="test-resources/trust/impl/sts-services.xml" toFile="target/sts/META-INF/services.xml"/>
<copy file="test-resources/trust/impl/sctIssuer.properties" toFile="target/sts/sctIssuer.properties"/>
<copy file="test-resources/trust/impl/wss4j.keystore" toFile="target/sts/wss4j.keystore"/>
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java?rev=388759&r1=388758&r2=388759&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java Sat Mar 25 05:50:47 2006
@@ -60,6 +60,7 @@
throw new TrustException("missingDispatcherConfiguration");
}
} catch (TrustException e) {
+ e.printStackTrace();
//Log the exception
log.error(e);
throw new AxisFault(e.getFaultString(), e.getFaultCode());
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java?rev=388759&r1=388758&r2=388759&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java Sat Mar 25 05:50:47 2006
@@ -54,13 +54,13 @@
RequestSecurityTokenType request = null;
- try {
- request = RequestSecurityTokenType.Factory
- .parse(inMsgCtx.getEnvelope().getBody()
+ OMElement rstElem = inMsgCtx.getEnvelope().getBody()
.getFirstChildWithName(
new QName(Constants.WST_NS,
- "RequestSecurityToken"))
- .getXMLStreamReader());
+ "RequestSecurityToken"));
+ try {
+ request = RequestSecurityTokenType.Factory.parse(rstElem
+ .getXMLStreamReader());
} catch (Exception e) {
e.printStackTrace();
throw new TrustException(TrustException.INVALID_REQUEST, e);
@@ -82,13 +82,11 @@
issuer = config.getIssuer(tokenType.toString());
}
- SOAPEnvelope response = issuer.issue(inMsgCtx.getEnvelope().getBody().getFirstChildWithName(new QName(Constants.WST_NS, "RequestSecurityToken")), inMsgCtx);
+ SOAPEnvelope response = issuer.issue(rstElem, inMsgCtx);
//set the response wsa/soap action in teh out message context
outMsgCtx.getOptions().setAction(
- issuer.getResponseAction(new StAXOMBuilder(request
- .getPullParser(null)).getDocumentElement(),
- inMsgCtx));
+ issuer.getResponseAction(rstElem, inMsgCtx));
return response;
} else if(Constants.REQ_TYPE_VALIDATE.equals(reqType.toString())) {
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties?rev=388759&r1=388758&r2=388759&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties Sat Mar 25 05:50:47 2006
@@ -20,4 +20,5 @@
tokenAlreadyExists = "The token \"{0}\" already exists in the store
noTokenToUpdate = Canot find token : \"{0}\" to update
errorInBuildingTheEncryptedKey = Error in building a xenc:EncyptedKey , encrypted for \"{0}\"
-missingDispatcherConfiguration = "Cannot find the token-dispatcher-configuration"
\ No newline at end of file
+missingDispatcherConfiguration = Cannot find the token-dispatcher-configuration
+sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java?rev=388759&r1=388758&r2=388759&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java Sat Mar 25 05:50:47 2006
@@ -34,11 +34,14 @@
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.token.SecurityContextToken;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
+
import java.security.Principal;
+import java.security.cert.X509Certificate;
import java.util.Vector;
public class SCTIssuer implements TokenIssuer {
@@ -70,6 +73,7 @@
} else {
System.out.println("Number of results: " + results.size());
Principal principal = null;
+ X509Certificate cert = null;
for (int i = 0; i < results.size(); i++) {
WSHandlerResult rResult = (WSHandlerResult) results.get(i);
Vector wsSecEngineResults = rResult.getResults();
@@ -79,6 +83,7 @@
(WSSecurityEngineResult) wsSecEngineResults.get(j);
if (wser.getAction() != WSConstants.ENCR
&& wser.getPrincipal() != null) {
+ cert = wser.getCertificate();
principal = wser.getPrincipal();
}
}
@@ -87,30 +92,46 @@
if(principal == null) {
throw new TrustException(TrustException.REQUEST_FAILED);
}
-
+
+// TEMPORARY - will remove this :-)
+// X509Certificate cert = null;
+// try {
+// KeyStore ks = KeyStore.getInstance("JKS"); //KeyStore instance
+// FileInputStream ksfis = new FileInputStream("wss4j.keystore");
+// BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
+// ks.load(ksbufin,"security".toCharArray());
+//
+// cert = (X509Certificate)ks.getCertificate("wss4jcert");
+// }catch (Exception e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
Parameter param = inMsgCtx.getParameter(SCT_ISSUER_CONFIG_PARAM);
SCTIssuerConfig config = new SCTIssuerConfig(param
.getParameterElement().getFirstChildWithName(
new QName(SCT_ISSUER_CONFIG_PARAM)));
if(ENCRYPTED_KEY.equals(config.proofTokenType)) {
- SOAPEnvelope responseEnv = this.doEncryptedKey(config, inMsgCtx, principal);
+ SOAPEnvelope responseEnv = this.doEncryptedKey(config,
+ inMsgCtx, cert);
return responseEnv;
} else if(BINARY_SECRET.equals(config.proofTokenType)) {
- //TODO
+ // TODO
+ throw new UnsupportedOperationException("TODO");
} else if(COMPUTED_KEY.equals(config.proofTokenType)) {
- //TODO
+ // TODO
+ throw new UnsupportedOperationException("TODO");
} else {
- //Default behavior is to use EncrptedKey
- this.doEncryptedKey(config, inMsgCtx, principal);
+ // TODO
+ throw new UnsupportedOperationException("TODO: Default");
}
}
- // TODO TODO
- throw new UnsupportedOperationException("TODO");
+
}
private SOAPEnvelope doEncryptedKey(SCTIssuerConfig config,
- MessageContext msgCtx, Principal principal) throws TrustException {
+ MessageContext msgCtx, X509Certificate cert) throws TrustException {
+
SOAPEnvelope env = this.getSOAPEnvelope(msgCtx);
//Get the document
Document doc = ((Element)env).getOwnerDocument();
@@ -118,17 +139,47 @@
secHeader.insertSecurityHeader(doc);
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile);
+ Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ msgCtx.getAxisService().getClassLoader());
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
try {
+ encrKeyBuilder.setUseThisCert(cert);
encrKeyBuilder.prepare(doc, crypto);
} catch (WSSecurityException e) {
throw new TrustException(
"errorInBuildingTheEncryptedKeyForPrincipal",
- new String[] { principal.getName() });
+ new String[] { cert.getSubjectDN().getName()});
}
+ SecurityContextToken sct = new SecurityContextToken(doc);
+ sct.setID("sctId-" + sct.getElement().hashCode());
+
+ OMElement rstrElem = env.getOMFactory().createOMElement(
+ new QName(Constants.WST_NS, "RequestSecurityTokenResponse",
+ Constants.WST_PREFIX), env.getBody());
+
+ OMElement rstElem = env.getOMFactory().createOMElement(
+ new QName(Constants.WST_NS, "RequestSecurityToken",
+ Constants.WST_PREFIX), rstrElem);
+
+ rstElem.addChild((OMElement)sct.getElement());
+
+
+
+ Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+
+ OMElement reqProofTok = env.getOMFactory().createOMElement(
+ new QName(Constants.WST_NS, "RequestedProofToken",
+ Constants.WST_PREFIX), rstrElem);
+
+ if(bstElem != null) {
+ reqProofTok.addChild((OMElement)bstElem);
+ }
+
+ reqProofTok.addChild((OMElement)encryptedKeyElem);
+
return env;
}
@@ -155,14 +206,27 @@
*
*/
protected class SCTIssuerConfig {
-
+
protected String proofTokenType = SCTIssuer.ENCRYPTED_KEY;
+
protected String cryptoPropertiesFile = null;
-
- public SCTIssuerConfig(OMElement elem) {
- OMElement proofTokenElem = (OMElement)elem.getChildrenWithName(
- new QName("proofToken")).next();
- this.proofTokenType = proofTokenElem.getText();
+
+ public SCTIssuerConfig(OMElement elem) throws TrustException {
+ OMElement proofTokenElem = (OMElement) elem.getFirstChildWithName(
+ new QName("proofToken"));
+ if (proofTokenElem != null) {
+ this.proofTokenType = proofTokenElem.getText();
+ }
+
+ OMElement cryptoPropertiesElem = (OMElement) elem
+ .getFirstChildWithName(new QName("cryptoProperties"));
+
+ if (!SCTIssuer.BINARY_SECRET.equals(proofTokenType)
+ && cryptoPropertiesElem == null) {
+ throw new TrustException("sctIssuerCryptoPropertiesMissing");
+ }
+
+ this.cryptoPropertiesFile = cryptoPropertiesElem.getText();
}
}
Copied: webservices/axis2/trunk/java/modules/security/test-resources/trust/impl/sts-services.xml (from r388738, webservices/axis2/trunk/java/modules/security/src/META-INF/sts-services.xml)
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/test-resources/trust/impl/sts-services.xml?p2=webservices/axis2/trunk/java/modules/security/test-resources/trust/impl/sts-services.xml&p1=webservices/axis2/trunk/java/modules/security/src/META-INF/sts-services.xml&r1=388738&r2=388759&rev=388759&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/META-INF/sts-services.xml (original)
+++ webservices/axis2/trunk/java/modules/security/test-resources/trust/impl/sts-services.xml Sat Mar 25 05:50:47 2006
@@ -22,7 +22,7 @@
<parameter name="sct-issuer-config">
<sct-issuer-config>
<proofToken>EncryptedKey</proofToken>
- <crypto-properties>sctIssuer.properties</crypto-properties>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
</sct-issuer-config>
</parameter>
</service>