You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by bi...@apache.org on 2020/04/15 16:10:19 UTC
[axis-axis2-java-rampart] branch 1_2 created (now 016d478)
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a change to branch 1_2
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git.
at 016d478 Moving axis svn, part of TLP move INFRA-2441
This branch includes the following new commits:
new 016d478 Moving axis svn, part of TLP move INFRA-2441
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[axis-axis2-java-rampart] 01/01: Moving axis svn,
part of TLP move INFRA-2441
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch 1_2
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 016d47824259e9bba65dd0b3692def566608d61e
Author: Gavin McDonald <gm...@apache.org>
AuthorDate: Sat Feb 13 14:01:54 2010 +0000
Moving axis svn, part of TLP move INFRA-2441
---
build.xml | 145 ++++
modules/rampart-core/pom.xml | 62 ++
.../org.apache.neethi.builders.AssertionBuilder | 2 +
.../java/org/apache/rampart/MessageBuilder.java | 146 ++++
.../rampart/PolicyBasedResultsValidator.java | 607 ++++++++++++++
.../src/main/java/org/apache/rampart/Rampart.java | 56 ++
.../java/org/apache/rampart/RampartEngine.java | 97 +++
.../java/org/apache/rampart/RampartException.java | 101 +++
.../org/apache/rampart/RampartMessageData.java | 651 ++++++++++++++
.../org/apache/rampart/TokenCallbackHandler.java | 78 ++
.../java/org/apache/rampart/ValidatorData.java | 82 ++
.../rampart/builder/AsymmetricBindingBuilder.java | 606 +++++++++++++
.../org/apache/rampart/builder/BindingBuilder.java | 631 ++++++++++++++
.../rampart/builder/SymmetricBindingBuilder.java | 657 +++++++++++++++
.../rampart/builder/TransportBindingBuilder.java | 344 ++++++++
.../conversation/ConversationCallbackHandler.java | 67 ++
.../conversation/ConversationConfiguration.java | 688 +++++++++++++++
.../apache/rampart/conversation/STSRequester.java | 124 +++
.../java/org/apache/rampart/conversation/Util.java | 216 +++++
.../main/java/org/apache/rampart/errors.properties | 84 ++
.../apache/rampart/handler/RampartReceiver.java | 136 +++
.../org/apache/rampart/handler/RampartSender.java | 84 ++
.../org/apache/rampart/handler/WSDoAllHandler.java | 210 +++++
.../apache/rampart/handler/WSDoAllReceiver.java | 453 ++++++++++
.../org/apache/rampart/handler/WSDoAllSender.java | 444 ++++++++++
.../rampart/handler/WSSHandlerConstants.java | 153 ++++
.../handler/config/InflowConfiguration.java | 181 ++++
.../handler/config/OutflowConfiguration.java | 600 +++++++++++++
.../rampart/policy/RampartPolicyBuilder.java | 323 +++++++
.../apache/rampart/policy/RampartPolicyData.java | 670 +++++++++++++++
.../policy/builders/CryptoConfigBuilder.java | 75 ++
.../policy/builders/RampartConfigBuilder.java | 80 ++
.../apache/rampart/policy/model/CryptoConfig.java | 118 +++
.../apache/rampart/policy/model/RampartConfig.java | 315 +++++++
.../java/org/apache/rampart/util/Axis2Util.java | 249 ++++++
.../rampart/util/HandlerParameterDecoder.java | 291 +++++++
.../org/apache/rampart/util/MessageOptimizer.java | 91 ++
.../java/org/apache/rampart/util/RampartUtil.java | 933 +++++++++++++++++++++
modules/rampart-integration/pom.xml | 769 +++++++++++++++++
.../org/apache/axis2/integration/TestingUtils.java | 56 ++
.../org/apache/axis2/integration/UtilServer.java | 244 ++++++
.../axis2/integration/UtilServerBasedTestCase.java | 68 ++
.../apache/axis2/integration/UtilsJMSServer.java | 94 +++
.../apache/axis2/integration/UtilsTCPServer.java | 99 +++
.../org/apache/axis2/security/sc/PWCallback.java | 187 +++++
.../java/org/apache/axis2/security/sc/Service.java | 29 +
.../org/apache/axis2/security/sc/TestClient.java | 126 +++
.../src/main/java/org/apache/rahas/PWCallback.java | 195 +++++
.../src/main/java/org/apache/rahas/Service.java | 29 +
.../src/main/java/org/apache/rahas/TestClient.java | 186 ++++
.../main/java/org/apache/rampart/PWCallback.java | 193 +++++
.../src/main/java/org/apache/rampart/Service.java | 29 +
.../src/main/resources/ping/ping.wsdl | 68 ++
.../apache/axis2/oasis/ping/PingPortSkeleton.java | 74 ++
.../axis2/security/InteropScenarioClient.java | 180 ++++
.../src/org/apache/axis2/security/PWCallback.java | 185 ++++
.../axis2/security/AddressingMTOMSecurityTest.java | 127 +++
.../org/apache/axis2/security/InteropTestBase.java | 239 ++++++
.../axis2/security/MTOMOptimizedSecurityTest.java | 119 +++
.../org/apache/axis2/security/Scenario1Test.java | 68 ++
.../org/apache/axis2/security/Scenario2Test.java | 105 +++
.../org/apache/axis2/security/Scenario2aTest.java | 99 +++
.../org/apache/axis2/security/Scenario3Test.java | 119 +++
.../org/apache/axis2/security/Scenario4Test.java | 119 +++
.../org/apache/axis2/security/Scenario5Test.java | 113 +++
.../org/apache/axis2/security/Scenario6Test.java | 114 +++
.../org/apache/axis2/security/Scenario7Test.java | 141 ++++
.../org/apache/axis2/security/ScenarioST1Test.java | 77 ++
.../security/sc/ConversationScenario1Test.java | 72 ++
.../security/sc/ConversationScenario2Test.java | 34 +
.../security/sc/ConversationScenario3Test.java | 60 ++
.../security/sc/ConversationScenario4Test.java | 71 ++
.../apache/rahas/RahasSAMLTokenCertForHoKTest.java | 138 +++
.../rahas/RahasSAMLTokenCertForHoKV1205Test.java | 153 ++++
.../java/org/apache/rahas/RahasSAMLTokenTest.java | 132 +++
.../rahas/RahasSAMLTokenUTForBearerTest.java | 123 +++
.../rahas/RahasSAMLTokenUTForBearerV1205Test.java | 126 +++
.../apache/rahas/RahasSAMLTokenUTForHoKTest.java | 120 +++
.../rahas/RahasSAMLTokenUTForHoKV1205Test.java | 253 ++++++
.../org/apache/rahas/RahasSAMLTokenV1205Test.java | 134 +++
.../test/java/org/apache/rampart/RampartTest.java | 146 ++++
.../src/test/resources/conf/axis2.xml | 280 +++++++
.../src/test/resources/interop.properties | 5 +
.../src/test/resources/interop2.jks | Bin 0 -> 4857 bytes
.../src/test/resources/rahas/issuer.properties | 4 +
.../rahas/policy/service-policy-symm-binding.xml | 70 ++
.../policy/service-policy-transport-binding.xml | 73 ++
.../src/test/resources/rahas/policy/store.jks | Bin 0 -> 6377 bytes
.../rahas/policy/sts-policy-asymm-binding.xml | 66 ++
.../rahas/policy/sts-policy-symm-binding.xml | 73 ++
.../rahas/policy/sts-policy-transport-binding.xml | 63 ++
.../src/test/resources/rahas/rahas-sec.properties | 5 +
.../src/test/resources/rahas/rahas-sts.jks | Bin 0 -> 6377 bytes
.../src/test/resources/rahas/s1-services.xml | 74 ++
.../src/test/resources/rahas/s3-services.xml | 70 ++
.../src/test/resources/rahas/saml.s1.properties | 9 +
.../src/test/resources/rahas/samlIssuer.properties | 4 +
.../src/test/resources/rahas/sec.jks | Bin 0 -> 6377 bytes
.../src/test/resources/rampart/issuer.properties | 4 +
.../src/test/resources/rampart/policy/1.xml | 52 ++
.../src/test/resources/rampart/policy/10.xml | 69 ++
.../src/test/resources/rampart/policy/11.xml | 106 +++
.../src/test/resources/rampart/policy/2.xml | 69 ++
.../src/test/resources/rampart/policy/3.xml | 73 ++
.../src/test/resources/rampart/policy/4.xml | 74 ++
.../src/test/resources/rampart/policy/5.xml | 75 ++
.../src/test/resources/rampart/policy/6.xml | 72 ++
.../src/test/resources/rampart/policy/7.xml | 74 ++
.../src/test/resources/rampart/policy/8.xml | 74 ++
.../src/test/resources/rampart/policy/9.xml | 73 ++
.../src/test/resources/rampart/policy/sc-1.xml | 123 +++
.../src/test/resources/rampart/policy/sc-2.xml | 131 +++
.../src/test/resources/rampart/services-1.xml | 51 ++
.../src/test/resources/rampart/services-10.xml | 76 ++
.../src/test/resources/rampart/services-11.xml | 119 +++
.../src/test/resources/rampart/services-2.xml | 76 ++
.../src/test/resources/rampart/services-3.xml | 88 ++
.../src/test/resources/rampart/services-4.xml | 89 ++
.../src/test/resources/rampart/services-5.xml | 89 ++
.../src/test/resources/rampart/services-6.xml | 86 ++
.../src/test/resources/rampart/services-7.xml | 89 ++
.../src/test/resources/rampart/services-8.xml | 89 ++
.../src/test/resources/rampart/services-9.xml | 87 ++
.../src/test/resources/rampart/services-sc-1.xml | 176 ++++
.../src/test/resources/rampart/services-sc-2.xml | 186 ++++
.../src/test/resources/rampart/store.jks | Bin 0 -> 6377 bytes
.../src/test/resources/rampart/sts.jks | Bin 0 -> 6377 bytes
.../src/test/resources/sctIssuer.properties | 4 +
.../rampart-integration/src/test/resources/sec.jks | Bin 0 -> 5467 bytes
.../src/test/resources/sec.properties | 5 +
.../resources/security/complete.client.axis2.xml | 133 +++
.../resources/security/complete.service.axis2.xml | 148 ++++
.../test/resources/security/complete.service.xml | 31 +
.../test/resources/security/s1.client.axis2.xml | 110 +++
.../test/resources/security/s1.service.axis2.xml | 139 +++
.../src/test/resources/security/s1.service.xml | 15 +
.../test/resources/security/s2.client.axis2.xml | 118 +++
.../test/resources/security/s2.service.axis2.xml | 140 ++++
.../src/test/resources/security/s2.service.xml | 16 +
.../test/resources/security/s2a.client.axis2.xml | 116 +++
.../test/resources/security/s2a.service.axis2.xml | 138 +++
.../src/test/resources/security/s2a.service.xml | 16 +
.../test/resources/security/s3.client.axis2.xml | 127 +++
.../test/resources/security/s3.service.axis2.xml | 138 +++
.../src/test/resources/security/s3.service.xml | 31 +
.../test/resources/security/s4.client.axis2.xml | 124 +++
.../test/resources/security/s4.service.axis2.xml | 139 +++
.../src/test/resources/security/s4.service.xml | 30 +
.../test/resources/security/s5.client.axis2.xml | 122 +++
.../test/resources/security/s5.service.axis2.xml | 140 ++++
.../src/test/resources/security/s5.service.xml | 16 +
.../test/resources/security/s6.client.axis2.xml | 125 +++
.../test/resources/security/s6.service.axis2.xml | 140 ++++
.../src/test/resources/security/s6.service.xml | 29 +
.../test/resources/security/s7.client.axis2.xml | 126 +++
.../test/resources/security/s7.service.axis2.xml | 140 ++++
.../src/test/resources/security/s7.service.xml | 31 +
.../test/resources/security/sST1.client.axis2.xml | 108 +++
.../test/resources/security/sST1.service.axis2.xml | 139 +++
.../src/test/resources/security/sST1.service.xml | 14 +
.../src/test/resources/security/sc/s1-services.xml | 84 ++
.../src/test/resources/security/sc/s2-services.xml | 64 ++
.../src/test/resources/security/sc/s3-services.xml | 66 ++
.../src/test/resources/security/sc/s4-services.xml | 67 ++
.../resources/security/sc/sctIssuer.properties | 4 +
.../src/test/resources/security/sc/sec.jks | Bin 0 -> 5467 bytes
.../src/test/resources/security/sc/sec.properties | 5 +
.../src/test/resources/security/sc/sts.jks | Bin 0 -> 4759 bytes
.../resources/security/secMtom.client.axis2.xml | 126 +++
.../resources/security/secMtom.service.axis2.xml | 141 ++++
.../test/resources/security/secMtom.service.xml | 31 +
.../rampart-integration/src/test/resources/sts.jks | Bin 0 -> 4759 bytes
modules/rampart-mar/module.xml | 29 +
modules/rampart-mar/pom.xml | 105 +++
modules/rampart-policy/pom.xml | 50 ++
.../org.apache.neethi.builders.AssertionBuilder | 22 +
.../java/org/apache/ws/secpolicy/Constants.java | 435 ++++++++++
.../apache/ws/secpolicy/WSSPolicyException.java | 31 +
.../secpolicy/builders/AlgorithmSuiteBuilder.java | 48 ++
.../builders/AsymmetricBindingBuilder.java | 104 +++
.../builders/EncryptedElementsBuilder.java | 65 ++
.../secpolicy/builders/EncryptedPartsBuilder.java | 73 ++
.../secpolicy/builders/InitiatorTokenBuilder.java | 67 ++
.../ws/secpolicy/builders/IssuedTokenBuilder.java | 91 ++
.../ws/secpolicy/builders/LayoutBuilder.java | 72 ++
.../secpolicy/builders/ProtectionTokenBuilder.java | 60 ++
.../secpolicy/builders/RecipientTokenBuilder.java | 71 ++
.../builders/SecureConversationTokenBuilder.java | 93 ++
.../builders/SecurityContextTokenBuilder.java | 83 ++
.../secpolicy/builders/SignedElementsBuilder.java | 61 ++
.../ws/secpolicy/builders/SignedPartsBuilder.java | 72 ++
.../builders/SupportingTokensBuilder.java | 109 +++
.../builders/SymmetricBindingBuilder.java | 91 ++
.../builders/TransportBindingBuilder.java | 87 ++
.../secpolicy/builders/TransportTokenBuilder.java | 73 ++
.../ws/secpolicy/builders/Trust10Builder.java | 70 ++
.../secpolicy/builders/UsernameTokenBuilder.java | 94 +++
.../apache/ws/secpolicy/builders/WSS10Builder.java | 80 ++
.../apache/ws/secpolicy/builders/WSS11Builder.java | 88 ++
.../ws/secpolicy/builders/X509TokenBuilder.java | 123 +++
.../AbstractConfigurableSecurityAssertion.java | 44 +
.../secpolicy/model/AbstractSecurityAssertion.java | 59 ++
.../apache/ws/secpolicy/model/AlgorithmSuite.java | 452 ++++++++++
.../ws/secpolicy/model/AlgorithmWrapper.java | 23 +
.../ws/secpolicy/model/AsymmetricBinding.java | 216 +++++
.../org/apache/ws/secpolicy/model/Binding.java | 85 ++
.../apache/ws/secpolicy/model/EncryptionToken.java | 108 +++
.../java/org/apache/ws/secpolicy/model/Header.java | 49 ++
.../org/apache/ws/secpolicy/model/HttpsToken.java | 73 ++
.../apache/ws/secpolicy/model/InitiatorToken.java | 91 ++
.../org/apache/ws/secpolicy/model/IssuedToken.java | 195 +++++
.../java/org/apache/ws/secpolicy/model/Layout.java | 102 +++
.../apache/ws/secpolicy/model/ProtectionToken.java | 117 +++
.../apache/ws/secpolicy/model/RecipientToken.java | 94 +++
.../secpolicy/model/SecureConversationToken.java | 173 ++++
.../ws/secpolicy/model/SecurityContextToken.java | 86 ++
.../apache/ws/secpolicy/model/SignatureToken.java | 110 +++
.../secpolicy/model/SignedEncryptedElements.java | 133 +++
.../ws/secpolicy/model/SignedEncryptedParts.java | 129 +++
.../apache/ws/secpolicy/model/SupportingToken.java | 265 ++++++
.../model/SymmetricAsymmetricBindingBase.java | 96 +++
.../ws/secpolicy/model/SymmetricBinding.java | 239 ++++++
.../java/org/apache/ws/secpolicy/model/Token.java | 68 ++
.../apache/ws/secpolicy/model/TokenWrapper.java | 22 +
.../ws/secpolicy/model/TransportBinding.java | 184 ++++
.../apache/ws/secpolicy/model/TransportToken.java | 95 +++
.../org/apache/ws/secpolicy/model/Trust10.java | 197 +++++
.../apache/ws/secpolicy/model/UsernameToken.java | 117 +++
.../java/org/apache/ws/secpolicy/model/Wss10.java | 147 ++++
.../java/org/apache/ws/secpolicy/model/Wss11.java | 138 +++
.../org/apache/ws/secpolicy/model/X509Token.java | 192 +++++
modules/rampart-samples/README.txt | 15 +
modules/rampart-samples/basic/README.txt | 44 +
modules/rampart-samples/basic/build.xml | 259 ++++++
modules/rampart-samples/basic/sample01/README.txt | 6 +
.../basic/sample01/client.axis2.xml | 221 +++++
.../rampart-samples/basic/sample01/services.xml | 27 +
.../apache/rampart/samples/sample01/Client.java | 62 ++
.../rampart/samples/sample01/SimpleService.java | 24 +
modules/rampart-samples/basic/sample02/README.txt | 10 +
.../basic/sample02/client.axis2.xml | 228 +++++
.../rampart-samples/basic/sample02/services.xml | 33 +
.../apache/rampart/samples/sample02/Client.java | 62 ++
.../rampart/samples/sample02/PWCBHandler.java | 40 +
.../rampart/samples/sample02/SimpleService.java | 25 +
modules/rampart-samples/basic/sample03/README.txt | 12 +
.../basic/sample03/client.axis2.xml | 229 +++++
.../rampart-samples/basic/sample03/services.xml | 33 +
.../apache/rampart/samples/sample03/Client.java | 62 ++
.../rampart/samples/sample03/PWCBHandler.java | 51 ++
.../rampart/samples/sample03/SimpleService.java | 36 +
modules/rampart-samples/basic/sample04/README.txt | 7 +
.../basic/sample04/client.axis2.xml | 239 ++++++
.../rampart-samples/basic/sample04/services.xml | 44 +
.../apache/rampart/samples/sample04/Client.java | 62 ++
.../rampart/samples/sample04/PWCBHandler.java | 43 +
.../rampart/samples/sample04/SimpleService.java | 25 +
modules/rampart-samples/basic/sample05/README.txt | 7 +
.../basic/sample05/client.axis2.xml | 236 ++++++
.../rampart-samples/basic/sample05/services.xml | 45 +
.../apache/rampart/samples/sample05/Client.java | 62 ++
.../rampart/samples/sample05/PWCBHandler.java | 43 +
.../rampart/samples/sample05/SimpleService.java | 25 +
modules/rampart-samples/basic/sample06/README.txt | 8 +
.../basic/sample06/client.axis2.xml | 242 ++++++
.../rampart-samples/basic/sample06/services.xml | 47 ++
.../apache/rampart/samples/sample06/Client.java | 62 ++
.../rampart/samples/sample06/PWCBHandler.java | 43 +
.../rampart/samples/sample06/SimpleService.java | 25 +
modules/rampart-samples/basic/sample07/README.txt | 8 +
.../basic/sample07/client.axis2.xml | 240 ++++++
.../rampart-samples/basic/sample07/services.xml | 46 +
.../apache/rampart/samples/sample07/Client.java | 62 ++
.../rampart/samples/sample07/PWCBHandler.java | 43 +
.../rampart/samples/sample07/SimpleService.java | 25 +
modules/rampart-samples/basic/sample08/README.txt | 10 +
.../basic/sample08/client.axis2.xml | 241 ++++++
.../rampart-samples/basic/sample08/services.xml | 35 +
.../apache/rampart/samples/sample08/Client.java | 62 ++
.../rampart/samples/sample08/PWCBHandler.java | 43 +
.../rampart/samples/sample08/SimpleService.java | 25 +
modules/rampart-samples/basic/sample09/README.txt | 8 +
.../basic/sample09/client.axis2.xml | 239 ++++++
.../rampart-samples/basic/sample09/services.xml | 46 +
.../apache/rampart/samples/sample09/Client.java | 62 ++
.../rampart/samples/sample09/PWCBHandler.java | 50 ++
.../rampart/samples/sample09/SimpleService.java | 25 +
modules/rampart-samples/basic/sample10/README.txt | 8 +
.../basic/sample10/client.axis2.xml | 245 ++++++
.../rampart-samples/basic/sample10/services.xml | 47 ++
.../apache/rampart/samples/sample10/Client.java | 62 ++
.../rampart/samples/sample10/PWCBHandler.java | 43 +
.../rampart/samples/sample10/SimpleService.java | 25 +
modules/rampart-samples/basic/sample11/README.txt | 8 +
.../basic/sample11/client.axis2.xml | 218 +++++
.../rampart-samples/basic/sample11/services.xml | 46 +
.../apache/rampart/samples/sample11/Client.java | 98 +++
.../rampart/samples/sample11/PWCBHandler.java | 43 +
.../rampart/samples/sample11/SimpleService.java | 25 +
modules/rampart-samples/build.xml | 49 ++
modules/rampart-samples/keys/client.jks | Bin 0 -> 3778 bytes
modules/rampart-samples/keys/client.properties | 4 +
modules/rampart-samples/keys/service.jks | Bin 0 -> 3776 bytes
modules/rampart-samples/keys/service.properties | 4 +
modules/rampart-samples/policy/build.xml | 189 +++++
modules/rampart-samples/policy/sample01/README.txt | 8 +
modules/rampart-samples/policy/sample01/policy.xml | 54 ++
.../rampart-samples/policy/sample01/services.xml | 65 ++
.../rampart/samples/policy/sample01/Client.java | 77 ++
.../samples/policy/sample01/PWCBHandler.java | 49 ++
.../samples/policy/sample01/SimpleService.java | 24 +
modules/rampart-samples/policy/sample02/README.txt | 7 +
modules/rampart-samples/policy/sample02/policy.xml | 81 ++
.../rampart-samples/policy/sample02/services.xml | 92 ++
.../rampart/samples/policy/sample02/Client.java | 77 ++
.../samples/policy/sample02/PWCBHandler.java | 42 +
.../samples/policy/sample02/SimpleService.java | 24 +
modules/rampart-samples/policy/sample03/README.txt | 9 +
modules/rampart-samples/policy/sample03/policy.xml | 92 ++
.../rampart-samples/policy/sample03/services.xml | 103 +++
.../rampart/samples/policy/sample03/Client.java | 77 ++
.../samples/policy/sample03/PWCBHandler.java | 42 +
.../samples/policy/sample03/SimpleService.java | 24 +
modules/rampart-samples/policy/sample04/README.txt | 15 +
modules/rampart-samples/policy/sample04/policy.xml | 150 ++++
.../rampart-samples/policy/sample04/services.xml | 198 +++++
.../rampart/samples/policy/sample04/Client.java | 85 ++
.../samples/policy/sample04/PWCBHandler.java | 42 +
.../samples/policy/sample04/SimpleService.java | 24 +
modules/rampart-tests/pom.xml | 73 ++
.../org/apache/rahas/SimpleTokenStoreTest.java | 150 ++++
.../src/test/java/org/apache/rahas/TempIssuer.java | 58 ++
.../rahas/TokenRequestDispatcherConfigTest.java | 86 ++
.../rampart/AsymmetricBindingBuilderTest.java | 249 ++++++
.../org/apache/rampart/MessageBuilderTestBase.java | 118 +++
.../java/org/apache/rampart/TestCBHandler.java | 174 ++++
.../rampart/TransportBindingBuilderTest.java | 128 +++
.../handler/config/InflowConfigurationTest.java | 73 ++
.../handler/config/OutflowConfigurationTest.java | 194 +++++
.../rampart/policy/model/RampartPolicyTest.java | 87 ++
.../ws/secpolicy/model/SecpolicyModelTest.java | 94 +++
.../rampart-tests/test-resources/PWCallback.java | 185 ++++
modules/rampart-tests/test-resources/axis2.xml | 97 +++
.../rampart-tests/test-resources/keys/interop2.jks | Bin 0 -> 4857 bytes
.../test-resources/policy-asymm-binding.xml | 46 +
.../test-resources/policy-symm-binding.xml | 53 ++
.../test-resources/policy-transport-binding.xml | 43 +
.../policy/SecurityPolicyBindings.xml | 50 ++
.../policy/SecurityPolicyBindingsSymm.xml | 43 +
.../test-resources/policy/SecurityPolicyMsg.xml | 19 +
.../policy/rampart-asymm-binding-1.xml | 75 ++
.../policy/rampart-asymm-binding-2-sig-dk.xml | 76 ++
.../policy/rampart-asymm-binding-3-dk.xml | 77 ++
.../policy/rampart-asymm-binding-4-dk-ebs.xml | 85 ++
.../policy/rampart-asymm-binding-5-ebs.xml | 81 ++
.../policy/rampart-asymm-binding-6-3des-r15.xml | 74 ++
.../policy/rampart-asymm-binding-7-3des-r15-DK.xml | 76 ++
.../test-resources/policy/rampart-policy-1.xml | 15 +
.../policy/rampart-transport-binding-dk.xml | 68 ++
.../policy/rampart-transport-binding-no-bst.xml | 64 ++
.../policy/rampart-transport-binding.xml | 64 ++
.../test-resources/policy/soapmessage.xml | 57 ++
.../trust/dispatcher.config.invalid.1.xml | 6 +
.../trust/dispatcher.config.invalid.2.xml | 6 +
.../test-resources/trust/dispatcher.config.xml | 6 +
.../trust/impl/sct-issuer-config.xml | 4 +
.../test-resources/trust/impl/sctIssuer.properties | 4 +
.../test-resources/trust/impl/sts-services.xml | 29 +
.../test-resources/trust/impl/sts.jks | Bin 0 -> 2989 bytes
.../trust/impl/token-dispatcher-configuration.xml | 6 +
modules/rampart-trust-mar/module.xml | 41 +
modules/rampart-trust-mar/pom.xml | 105 +++
modules/rampart-trust/pom.xml | 63 ++
.../main/java/org/apache/rahas/RahasConstants.java | 112 +++
.../src/main/java/org/apache/rahas/RahasData.java | 455 ++++++++++
.../java/org/apache/rahas/STSMessageReceiver.java | 70 ++
.../java/org/apache/rahas/SimpleTokenStore.java | 165 ++++
.../src/main/java/org/apache/rahas/Token.java | 313 +++++++
.../main/java/org/apache/rahas/TokenCanceler.java | 73 ++
.../main/java/org/apache/rahas/TokenIssuer.java | 79 ++
.../main/java/org/apache/rahas/TokenRenewer.java | 65 ++
.../org/apache/rahas/TokenRequestDispatcher.java | 88 ++
.../apache/rahas/TokenRequestDispatcherConfig.java | 236 ++++++
.../main/java/org/apache/rahas/TokenStorage.java | 87 ++
.../main/java/org/apache/rahas/TokenValidator.java | 65 ++
.../main/java/org/apache/rahas/TrustException.java | 131 +++
.../src/main/java/org/apache/rahas/TrustUtil.java | 519 ++++++++++++
.../java/org/apache/rahas/client/STSClient.java | 618 ++++++++++++++
.../main/java/org/apache/rahas/errors.properties | 84 ++
.../apache/rahas/impl/AbstractIssuerConfig.java | 57 ++
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 568 +++++++++++++
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 207 +++++
.../main/java/org/apache/rahas/impl/SCTIssuer.java | 247 ++++++
.../org/apache/rahas/impl/SCTIssuerConfig.java | 82 ++
.../org/apache/rahas/impl/TokenCancelerConfig.java | 80 ++
.../org/apache/rahas/impl/TokenCancelerImpl.java | 201 +++++
.../org/apache/rahas/impl/TokenIssuerUtil.java | 164 ++++
.../rampart-trust/sts-aar-resources/rahas-sts.jks | Bin 0 -> 6377 bytes
.../sts-aar-resources/saml-issuer-config.xml | 46 +
.../sts-aar-resources/sct-issuer-config.xml | 29 +
.../rampart-trust/sts-aar-resources/services.xml | 89 ++
.../sts-aar-resources/token-canceler-config.xml | 3 +
.../token-dispatcher-configuration.xml | 17 +
pom.xml | 486 +++++++++++
release-docs/LICENSE.txt | 203 +++++
release-docs/NOTICE.txt | 12 +
release-docs/README.txt | 55 ++
release-docs/build.xml | 50 ++
release-docs/release-notes.html | 75 ++
409 files changed, 45333 insertions(+)
diff --git a/build.xml b/build.xml
new file mode 100644
index 0000000..264d290
--- /dev/null
+++ b/build.xml
@@ -0,0 +1,145 @@
+<project name="Apache Rampart release build" default="dist">
+
+ <property name="rampart.version" value="1.2"/>
+ <property name="rampart.bin.dist" value="rampart"/>
+ <property name="rampart.src.dist" value="rampart-src"/>
+ <property name="rampart.docs.dist" value="rampart-docs"/>
+
+ <property name="dir.dist" value="dist"/>
+ <property name="dir.dist.bin" value="${dir.dist}/bin/${rampart.bin.dist}-${rampart.version}"/>
+ <property name="dir.dist.src" value="${dir.dist}/src/${rampart.src.dist}-${rampart.version}"/>
+ <property name="dir.dist.docs" value="${dir.dist}/docs/${rampart.docs.dist}-${rampart.version}"/>
+
+ <property name="dir.mvn2.repo" value="${user.home}/.m2/repository"/>
+
+ <property name="version.bcprov13" value="132"/>
+ <property name="version.xmlsec" value="1.4.0"/>
+ <property name="version.opensaml" value="1.1"/>
+ <property name="version.wss4j" value="1.5.2"/>
+
+ <target name="init">
+ <mkdir dir="${dir.dist}"/>
+ </target>
+
+ <target name="dist" depends="clean, bin-dist, src-dist, docs-dist">
+ <copy todir="${dir.dist}" file="modules/rampart-mar/target/rampart-${rampart.version}.mar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-trust-mar/target/rahas-${rampart.version}.mar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-core/target/rampart-core-${rampart.version}.jar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-policy/target/rampart-policy-${rampart.version}.jar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-trust/target/rampart-trust-${rampart.version}.jar"/>
+ </target>
+
+ <target name="bin-dist" depends="init">
+
+ <mkdir dir="${dir.dist.bin}"/>
+
+ <copy todir="${dir.dist.bin}">
+ <fileset dir="release-docs">
+ </fileset>
+ </copy>
+
+ <!-- Modules -->
+ <echo>Copying mars in to modules</echo>
+ <copy todir="${dir.dist.bin}" file="modules/rampart-mar/target/rampart-${rampart.version}.mar"/>
+ <copy todir="${dir.dist.bin}" file="modules/rampart-trust-mar/target/rahas-${rampart.version}.mar"/>
+
+ <!-- All dep jars -->
+ <echo>Copying dependencies into lib</echo>
+ <mkdir dir="${dir.dist.bin}/lib"/>
+
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-core/target/rampart-core-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-policy/target/rampart-policy-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-trust/target/rampart-trust-${rampart.version}.jar"/>
+
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/bouncycastle/bcprov-jdk13/${version.bcprov13}/bcprov-jdk13-${version.bcprov13}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/apache/santuario/xmlsec/${version.xmlsec}/xmlsec-${version.xmlsec}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/opensaml/opensaml/${version.opensaml}/opensaml-${version.opensaml}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/apache/ws/security/wss4j/${version.wss4j}/wss4j-${version.wss4j}.jar"/>
+
+ <echo>Copying samples</echo>
+ <!-- copy samples -->
+ <mkdir dir="${dir.dist.bin}/samples"/>
+
+ <copy todir="${dir.dist.bin}/samples">
+ <fileset dir="modules/rampart-samples/">
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.bin.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.bin}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.bin}/../"/>
+
+ </target>
+
+ <target name="src-dist" depends="init">
+
+ <mkdir dir="${dir.dist.src}"/>
+
+ <copy todir="${dir.dist.src}">
+ <fileset dir="release-docs">
+ <exclude name="build.xml"/>
+ <exclude name="README.txt"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.src}">
+ <fileset dir="modules">
+ <include name="rampart-core/**/*"/>
+ <include name="rampart-policy/**/*"/>
+ <include name="rampart-trust/**/*"/>
+ <include name="rampart-samples/**/*"/>
+ <exclude name=".svn"/>
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.src.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.src}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.src}/../"/>
+ </target>
+
+ <target name="docs-dist">
+
+ <mkdir dir="${dir.dist.docs}"/>
+
+ <copy todir="${dir.dist.docs}">
+ <fileset dir="release-docs">
+ <exclude name="build.xml"/>
+ <exclude name="README.txt"/>
+ </fileset>
+ </copy>
+
+ <mkdir dir="${dir.dist.docs}/core"/>
+ <mkdir dir="${dir.dist.docs}/policy"/>
+ <mkdir dir="${dir.dist.docs}/trust"/>
+
+ <copy todir="${dir.dist.docs}/core">
+ <fileset dir="modules/rampart-core/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.docs}/policy">
+ <fileset dir="modules/rampart-policy/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.docs}/trust">
+ <fileset dir="modules/rampart-trust/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.docs.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.docs}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.docs}/../"/>
+ </target>
+
+ <target name="clean">
+ <delete dir="${dir.dist}"/>
+ </target>
+
+</project>
diff --git a/modules/rampart-core/pom.xml b/modules/rampart-core/pom.xml
new file mode 100644
index 0000000..58c8c59
--- /dev/null
+++ b/modules/rampart-core/pom.xml
@@ -0,0 +1,62 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.21</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-core</artifactId>
+ <packaging>jar</packaging>
+ <version>1.21</version>
+ <name>Rampart - Core</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
diff --git a/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder b/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
new file mode 100644
index 0000000..92c67c0
--- /dev/null
+++ b/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
@@ -0,0 +1,2 @@
+org.apache.rampart.policy.builders.CryptoConfigBuilder
+org.apache.rampart.policy.builders.RampartConfigBuilder
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
new file mode 100644
index 0000000..6c2a543
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.AddressingConstants.Final;
+import org.apache.axis2.addressing.AddressingConstants.Submission;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.util.XMLUtils;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.builder.AsymmetricBindingBuilder;
+import org.apache.rampart.builder.SymmetricBindingBuilder;
+import org.apache.rampart.builder.TransportBindingBuilder;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.MessageOptimizer;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import javax.xml.namespace.QName;
+
+public class MessageBuilder {
+
+ private static Log log = LogFactory.getLog(MessageBuilder.class);
+
+ public void build(MessageContext msgCtx) throws WSSPolicyException,
+ RampartException, WSSecurityException, AxisFault {
+
+ Axis2Util.useDOOM(true);
+
+ RampartMessageData rmd = new RampartMessageData(msgCtx, true);
+
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd == null) {
+ return;
+ }
+
+ //Copy the RECV_RESULTS if available
+ if(!rmd.isInitiator()) {
+ OperationContext opCtx = msgCtx.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgCtx.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
+ }
+
+
+ String isCancelreq = (String)msgCtx.getProperty(RampartMessageData.CANCEL_REQUEST);
+ if(isCancelreq != null && Constants.VALUE_TRUE.equals(isCancelreq)) {
+ try {
+
+ String cancelAction = TrustUtil.getWSTNamespace(rmd.getWstVersion()) + RahasConstants.RST_ACTION_CANCEL_SCT;
+ //Set action
+ msgCtx.getOptions().setAction(cancelAction);
+
+ //Change the wsa:Action header
+ String wsaNs = Final.WSA_NAMESPACE;
+ Object addressingVersionFromCurrentMsgCtxt = msgCtx.getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+ if (Submission.WSA_NAMESPACE.equals(addressingVersionFromCurrentMsgCtxt)) {
+ wsaNs = Submission.WSA_NAMESPACE;
+ }
+ OMElement header = msgCtx.getEnvelope().getHeader();
+ if(header != null) {
+ OMElement actionElem = header.getFirstChildWithName(new QName(wsaNs, AddressingConstants.WSA_ACTION));
+ if(actionElem != null) {
+ actionElem.setText(cancelAction);
+ }
+ }
+
+ //set payload to a cancel request
+ String ctxIdKey = RampartUtil.getContextIdentifierKey(msgCtx);
+ String tokenId = (String)RampartUtil.getContextMap(msgCtx).get(ctxIdKey);
+
+ if(tokenId != null && RampartUtil.isTokenValid(rmd, tokenId)) {
+ OMElement bodyElem = msgCtx.getEnvelope().getBody();
+ OMElement child = bodyElem.getFirstElement();
+ OMElement newChild = TrustUtil.createCancelRequest(tokenId, rmd.getWstVersion());
+ Element newDomChild = XMLUtils.toDOM(newChild);
+ Node importedNode = rmd.getDocument().importNode((Element) newDomChild, true);
+ ((Element) bodyElem).replaceChild(importedNode, (Element) child);
+ } else {
+ throw new RampartException("tokenToBeCancelledInvalid");
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RampartException("errorInTokenCancellation");
+ }
+ }
+
+ if(rpd.isTransportBinding()) {
+ log.debug("Building transport binding");
+ TransportBindingBuilder building = new TransportBindingBuilder();
+ building.build(rmd);
+ } else if(rpd.isSymmetricBinding()) {
+ log.debug("Building SymmetricBinding");
+ SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
+ builder.build(rmd);
+ } else {
+ AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
+ builder.build(rmd);
+ }
+
+ /*
+ * Checking wether MTOMSerializable is there. If so set optimizeElement.
+ * */
+ if(rpd.isMTOMSerialize()){
+ String optimizeElement = rpd.getOptimizeParts();
+ if(optimizeElement == null){
+ optimizeElement = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
+ }
+ msgCtx.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ MessageOptimizer.optimize(msgCtx.getEnvelope(),optimizeElement);
+ }
+
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
new file mode 100644
index 0000000..53533b3
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -0,0 +1,607 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
+
+public class PolicyBasedResultsValidator {
+
+ private static Log log = LogFactory.getLog(PolicyBasedResultsValidator.class);
+
+ public void validate(ValidatorData data, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //If there's Security policy present and no results
+ //then we should throw an error
+ if(rpd != null && results == null) {
+ throw new RampartException("noSecurityResults");
+ }
+
+ //Check presence of timestamp
+ WSSecurityEngineResult tsResult = null;
+ if(rpd.isIncludeTimestamp()) {
+ tsResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+ if(tsResult == null) {
+ throw new RampartException("timestampMissing");
+ }
+
+ }
+
+ //sig/encr
+ Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
+ if(rpd.isSignatureProtection() && isSignatureRequired(rpd)) {
+ encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
+ WSConstants.SIG_NS, "Element"));
+ }
+
+ Vector signatureParts = RampartUtil.getSignedParts(rmd);
+
+ //Add the timestamp result
+ if(rpd.isIncludeTimestamp() && !rpd.isTransportBinding()) {
+ signatureParts.add(new WSEncryptionPart(tsResult.getTimestamp().getID()));
+ }
+
+ validateEncrSig(encryptedParts, signatureParts, results);
+
+ validateProtectionOrder(data, results);
+
+ validateEncryptedParts(data, encryptedParts, results);
+
+ validateSignedPartsHeaders(data, signatureParts, results);
+
+ //Supporting tokens
+ if(!rmd.isInitiator()) {
+ validateSupportingTokens(data, results);
+ }
+
+ /*
+ * Now we can check the certificate used to sign the message. In the
+ * following implementation the certificate is only trusted if either it
+ * itself or the certificate of the issuer is installed in the keystore.
+ *
+ * Note: the method verifyTrust(X509Certificate) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the signature action result from the action vector
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ results, WSConstants.SIGN);
+
+ if (actionResult != null) {
+ X509Certificate returnCert = actionResult.getCertificate();
+
+ if (returnCert != null) {
+ if (!verifyTrust(returnCert, rmd)) {
+ throw new RampartException ("trustVerificationError");
+ }
+ }
+ }
+
+ /*
+ * Perform further checks on the timestamp that was transmitted in the
+ * header.
+ * In the following implementation the timestamp is valid if :
+ * Timestamp->Created < 'now' < Timestamp->Expires (Last test already handled by WSS4J)
+ *
+ * Note: the method verifyTimestamp(Timestamp) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the timestamp action result from the action vector
+ actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+
+ if (actionResult != null) {
+ Timestamp timestamp = actionResult.getTimestamp();
+
+ if (timestamp != null) {
+ if (!verifyTimestamp(timestamp, rmd)) {
+ throw new RampartException("cannotValidateTimestamp");
+ }
+ }
+ }
+ }
+
+ /**
+ * @param encryptedParts
+ * @param signatureParts
+ */
+ private void validateEncrSig(Vector encryptedParts, Vector signatureParts, Vector results)
+ throws RampartException {
+ ArrayList actions = getSigEncrActions(results);
+ boolean sig = false;
+ boolean encr = false;
+ for (Iterator iter = actions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN) {
+ sig = true;
+ } else if(act.intValue() == WSConstants.ENCR) {
+ encr = true;
+ }
+ }
+
+ if(sig && signatureParts.size() == 0) {
+
+ //Unexpected signature
+ throw new RampartException("unexprectedSignature");
+ } else if(!sig && signatureParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("signatureMissing");
+ }
+
+ if(encr && encryptedParts.size() == 0) {
+
+ //Check whether its just an encrypted key
+ ArrayList list = this.getResults(results, WSConstants.ENCR);
+ boolean encrDataFound = false;
+ for (Iterator iter = list.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult result = (WSSecurityEngineResult) iter.next();
+ if(result.getDataRefUris() != null) {
+ encrDataFound = true;
+ }
+ }
+ if(encrDataFound) {
+ //Unexpected encryption
+ throw new RampartException("unexprectedEncryptedPart");
+ }
+ } else if(!encr && encryptedParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("encryptionMissing");
+ }
+ }
+
+ /**
+ * @param data
+ * @param results
+ */
+ private void validateSupportingTokens(ValidatorData data, Vector results)
+ throws RampartException {
+
+ //Check for UsernameToken
+ RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
+ SupportingToken suppTok = rpd.getSupportingTokens();
+ handleSupportingTokens(results, suppTok);
+ SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
+ handleSupportingTokens(results, signedSuppToken);
+ SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
+ handleSupportingTokens(results, signedEndSuppToken);
+ SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
+ handleSupportingTokens(results, endSuppToken);
+ }
+
+ /**
+ * @param results
+ * @param suppTok
+ * @throws RampartException
+ */
+ private void handleSupportingTokens(Vector results, SupportingToken suppTok) throws RampartException {
+
+ if(suppTok == null) {
+ return;
+ }
+
+ ArrayList tokens = suppTok.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ //Check presence of a UsernameToken
+ WSSecurityEngineResult utResult = WSSecurityUtil.fetchActionResult(results, WSConstants.UT);
+ if(utResult == null) {
+ throw new RampartException("usernameTokenMissing");
+ }
+
+ }
+ }
+ }
+
+
+
+
+ /**
+ * @param data
+ * @param results
+ */
+ private void validateProtectionOrder(ValidatorData data, Vector results)
+ throws RampartException {
+
+ String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
+ ArrayList sigEncrActions = this.getSigEncrActions(results);
+
+ if(sigEncrActions.size() < 2) {
+ //There are no results to COMPARE
+ return;
+ }
+ boolean done = false;
+ if(Constants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+ boolean sigFound = false;
+ for (Iterator iter = sigEncrActions.iterator();
+ iter.hasNext() || !done;) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.ENCR && ! sigFound ) {
+ // We found ENCR and SIGN has not been found - break and fail
+ break;
+ }
+ if(act.intValue() == WSConstants.SIGN) {
+ sigFound = true;
+ } else if(sigFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+
+ } else {
+ boolean encrFound = false;
+ for (Iterator iter = sigEncrActions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN && ! encrFound ) {
+ // We found SIGN and ENCR has not been found - break and fail
+ break;
+ }
+ if(act.intValue() == WSConstants.ENCR) {
+ encrFound = true;
+ } else if(encrFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+ }
+
+ if(!done) {
+ throw new RampartException("protectionOrderMismatch");
+ }
+ }
+
+
+ private ArrayList getSigEncrActions(Vector results) {
+ ArrayList sigEncrActions = new ArrayList();
+ for (Iterator iter = results.iterator(); iter.hasNext();) {
+ int action = ((WSSecurityEngineResult) iter.next()).getAction();
+ if(WSConstants.SIGN == action || WSConstants.ENCR == action) {
+ sigEncrActions.add(new Integer(action));
+ }
+
+ }
+ return sigEncrActions;
+ }
+
+ private void validateEncryptedParts(ValidatorData data, Vector encryptedParts, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ ArrayList encrRefs = getEncryptedReferences(results);
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //Check for encrypted body
+ if(rpd.isEncryptBody()) {
+
+ if(!encrRefs.contains(data.getBodyEncrDataId())){
+ throw new RampartException("encryptedPartMissing",
+ new String[]{data.getBodyEncrDataId()});
+ }
+ }
+
+ int refCount = 0;
+
+ refCount += encryptedParts.size();
+
+ if(encrRefs.size() != refCount) {
+ throw new RampartException("invalidNumberOfEncryptedParts",
+ new String[]{Integer.toString(refCount)});
+ }
+
+ }
+
+ private void validateSignedPartsHeaders(ValidatorData data, Vector signatureParts, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ Node envelope = rmd.getDocument().getFirstChild();
+
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ results, WSConstants.SIGN);
+
+ // Find elements that are signed
+ Vector actuallySigned = new Vector();
+ if( actionResult != null ) {
+ Set signedIDs = actionResult.getSignedElements();
+ for (Iterator i = signedIDs.iterator(); i.hasNext();) {
+ String e = (String) i.next();
+
+ Element element = WSSecurityUtil.findElementById(envelope, e, WSConstants.WSU_NS);
+ actuallySigned.add( element );
+ }
+ }
+
+ for(int i=0; i<signatureParts.size(); i++) {
+ WSEncryptionPart wsep = (WSEncryptionPart) signatureParts.get( i );
+
+ Element headerElement = (Element) WSSecurityUtil.findElement(
+ envelope, wsep.getName(), wsep.getNamespace() );
+ if( headerElement == null ) {
+ // The signedpart header we are checking is not present in Soap header - this is allowed
+ continue;
+ }
+
+ // header elemement present - verify that it is part of signature
+ if( actuallySigned.contains( headerElement) ) {
+ continue;
+ }
+
+ // header defined in policy is present but not signed
+ throw new RampartException("signedPartHeaderNotSigned", new String[] { wsep.getName() });
+ }
+ }
+
+
+ private boolean isSignatureRequired(RampartPolicyData rpd) {
+ return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
+ (!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
+ rpd.getInitiatorToken() != null);
+ }
+
+
+ /*
+ * Verify that ts->Created is before 'now'
+ * - testing that timestamp has not expired ('now' is before ts->Expires) is handled earlier by WSS4J
+ */
+ private boolean verifyTimestamp(Timestamp timestamp, RampartMessageData rmd) throws RampartException {
+
+ Calendar cre = timestamp.getCreated();
+ if (cre != null) {
+ long now = Calendar.getInstance().getTimeInMillis();
+
+ // ajust 'now' with allowed timeskew
+ long maxSkew = RampartUtil.getTimestampMaxSkew( rmd );
+ if( maxSkew > 0 ) {
+ now += (maxSkew * 1000);
+ }
+
+ // fail if ts->Created is after 'now'
+ if( cre.getTimeInMillis() > now ) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Evaluate whether a given certificate should be trusted.
+ * Hook to allow subclasses to implement custom validation methods however they see fit.
+ * <p/>
+ * Policy used in this implementation:
+ * 1. Search the keystore for the transmitted certificate
+ * 2. Search the keystore for a connection to the transmitted certificate
+ * (that is, search for certificate(s) of the issuer of the transmitted certificate
+ * 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)
+ *
+ * @param cert the certificate that should be validated against the keystore
+ * @return true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)
+ * @throws WSSecurityException
+ */
+ protected boolean verifyTrust(X509Certificate cert, RampartMessageData rmd) throws RampartException {
+
+ // If no certificate was transmitted, do not trust the signature
+ if (cert == null) {
+ return false;
+ }
+
+ String[] aliases = null;
+ String alias = null;
+ X509Certificate[] certs;
+
+ String subjectString = cert.getSubjectDN().getName();
+ String issuerString = cert.getIssuerDN().getName();
+ BigInteger issuerSerial = cert.getSerialNumber();
+
+ boolean doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("WSHandler: Transmitted certificate has subject " +
+ subjectString);
+ log.debug("WSHandler: Transmitted certificate has issuer " +
+ issuerString + " (serial " + issuerSerial + ")");
+ }
+
+ // FIRST step
+ // Search the keystore for the transmitted certificate
+
+ // Search the keystore for the alias of the transmitted certificate
+ try {
+ alias = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getAliasForX509Cert(
+ issuerString, issuerSerial);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("cannotFindAliasForCert", new String[]{subjectString}, ex);
+ }
+
+ if (alias != null) {
+ // Retrieve the certificate for the alias from the keystore
+ try {
+ certs = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getCertificates(alias);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("noCertForAlias", new String[] {alias}, ex);
+ }
+
+ // If certificates have been found, the certificates must be compared
+ // to ensure againgst phony DNs (compare encoded form including signature)
+ if (certs != null && certs.length > 0 && cert.equals(certs[0])) {
+ if (doDebug) {
+ log.debug("Direct trust for certificate with " + subjectString);
+ }
+ return true;
+ }
+ } else {
+ if (doDebug) {
+ log.debug("No alias found for subject from issuer with " + issuerString + " (serial " + issuerSerial + ")");
+ }
+ }
+
+ // SECOND step
+ // Search for the issuer of the transmitted certificate in the keystore
+
+ // Search the keystore for the alias of the transmitted certificates issuer
+ try {
+ aliases = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getAliasesForDN(issuerString);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("cannotFindAliasForCert", new String[]{issuerString}, ex);
+ }
+
+ // If the alias has not been found, the issuer is not in the keystore
+ // As a direct result, do not trust the transmitted certificate
+ if (aliases == null || aliases.length < 1) {
+ if (doDebug) {
+ log.debug("No aliases found in keystore for issuer " + issuerString + " of certificate for " + subjectString);
+ }
+ return false;
+ }
+
+ // THIRD step
+ // Check the certificate trust path for every alias of the issuer found in the keystore
+ for (int i = 0; i < aliases.length; i++) {
+ alias = aliases[i];
+
+ if (doDebug) {
+ log.debug("Preparing to validate certificate path with alias " + alias + " for issuer " + issuerString);
+ }
+
+ // Retrieve the certificate(s) for the alias from the keystore
+ try {
+ certs = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getCertificates(alias);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("noCertForAlias", new String[] {alias}, ex);
+ }
+
+ // If no certificates have been found, there has to be an error:
+ // The keystore can find an alias but no certificate(s)
+ if (certs == null | certs.length < 1) {
+ throw new RampartException("noCertForAlias", new String[] {alias});
+ }
+
+ // Form a certificate chain from the transmitted certificate
+ // and the certificate(s) of the issuer from the keystore
+ // First, create new array
+ X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
+ // Then add the first certificate ...
+ x509certs[0] = cert;
+ // ... and the other certificates
+ for (int j = 0; j < certs.length; j++) {
+ cert = certs[i];
+ x509certs[certs.length + j] = cert;
+ }
+ certs = x509certs;
+
+ // Use the validation method from the crypto to check whether the subjects certificate was really signed by the issuer stated in the certificate
+ try {
+ if (RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).validateCertPath(certs)) {
+ if (doDebug) {
+ log.debug("WSHandler: Certificate path has been verified for certificate with subject " + subjectString);
+ }
+ return true;
+ }
+ } catch (WSSecurityException ex) {
+ throw new RampartException("certPathVerificationFailed", new String[]{subjectString}, ex);
+ }
+ }
+
+ log.debug("WSHandler: Certificate path could not be verified for certificate with subject " + subjectString);
+ return false;
+ }
+
+
+ private ArrayList getEncryptedReferences(Vector results) {
+
+ //there can be multiple ref lists
+ ArrayList encrResults = getResults(results, WSConstants.ENCR);
+
+ ArrayList refs = new ArrayList();
+
+ for (Iterator iter = encrResults.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult engineResult = (WSSecurityEngineResult) iter.next();
+ ArrayList dataRefUris = engineResult.getDataRefUris();
+
+ //take only the ref list processing results
+ if(dataRefUris != null) {
+ for (Iterator iterator = dataRefUris.iterator(); iterator
+ .hasNext();) {
+ String uri = (String) iterator.next();
+ refs.add(uri);
+ }
+ }
+ }
+
+ return refs;
+ }
+
+
+
+ private ArrayList getResults(Vector results, int action) {
+
+ ArrayList list = new ArrayList();
+
+ for (int i = 0; i < results.size(); i++) {
+ // Check the result of every action whether it matches the given
+ // action
+ if (((WSSecurityEngineResult) results.get(i)).getAction() == action) {
+ list.add((WSSecurityEngineResult) results.get(i));
+ }
+ }
+
+ return list;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
new file mode 100644
index 0000000..b6f53f4
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.description.AxisDescription;
+import org.apache.axis2.description.AxisModule;
+import org.apache.axis2.modules.Module;
+import org.apache.axis2.modules.ModulePolicyExtension;
+import org.apache.axis2.modules.PolicyExtension;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+
+public class Rampart implements Module, ModulePolicyExtension {
+
+ public void init(ConfigurationContext configContext, AxisModule module)
+ throws AxisFault {
+ }
+
+ public void engageNotify(AxisDescription axisDescription) throws AxisFault {
+ //Nothing to do here, since RampartMessageData will pick up the
+ //effective policy from the message context
+ }
+
+ public void shutdown(ConfigurationContext configurationContext) throws AxisFault {
+ // at the moment, nothing needs to be done ..
+ }
+
+ public PolicyExtension getPolicyExtension() {
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void applyPolicy(Policy policy, AxisDescription axisDescription) throws AxisFault {
+ // TODO Ruchith
+ }
+
+ public boolean canSupportAssertion(Assertion assertion) {
+ // TODO Ruchith
+ return true;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
new file mode 100644
index 0000000..77472d7
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.util.WSSecurityUtil;
+
+import java.util.Vector;
+
+public class RampartEngine {
+
+
+ public Vector process(MessageContext msgCtx) throws WSSPolicyException,
+ RampartException, WSSecurityException, AxisFault {
+
+ RampartMessageData rmd = new RampartMessageData(msgCtx, false);
+
+
+ //If there is no policy information or if the message is a fault
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd == null ||
+ WSSecurityUtil.findElement(rmd.getDocument().getDocumentElement(),
+ "Fault",
+ rmd.getSoapConstants().getEnvelopeURI()) != null) {
+ SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
+
+ //Convert back to llom since the inflow cannot use llom
+ msgCtx.setEnvelope(env);
+ Axis2Util.useDOOM(false);
+ return null;
+ }
+
+ Vector results = null;
+
+ WSSecurityEngine engine = new WSSecurityEngine();
+
+ ValidatorData data = new ValidatorData(rmd);
+
+ if(rpd.isSymmetricBinding()) {
+ //Here we have to create the CB handler to get the tokens from the
+ //token storage
+
+ results = engine.processSecurityHeader(rmd.getDocument(),
+ null,
+ new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd)),
+ RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()));
+ } else {
+ results = engine.processSecurityHeader(rmd.getDocument(),
+ null,
+ new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd)),
+ RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()),
+ RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()));
+ }
+
+
+ SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
+
+ //Convert back to llom since the inflow cannot use DOOM
+ msgCtx.setEnvelope(env);
+ Axis2Util.useDOOM(false);
+
+ PolicyBasedResultsValidator validator = new PolicyBasedResultsValidator();
+ validator.validate(data, results);
+
+ return results;
+ }
+
+
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
new file mode 100644
index 0000000..f76de9c
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+public class RampartException extends Exception {
+
+ private static final long serialVersionUID = 8674795537585339704L;
+
+ private static ResourceBundle resources;
+
+ private String faultCode;
+ private String faultString;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rampart.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ public RampartException(String faultCode, Object[] args) {
+ super(getMessage(faultCode, args));
+ this.faultCode = getFaultCode(faultCode);
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ /**
+ * Construct the fault properly code for the standard faults
+ * @param faultCode2
+ * @return
+ */
+ private String getFaultCode(String code) {
+ //TODO check for spec specific error codes
+ return code;
+ }
+
+ public RampartException(String faultCode) {
+ this(faultCode, (Object[])null);
+ }
+
+ public RampartException(String faultCode, Object[] args, Throwable e) {
+ super(getMessage(faultCode, args),e);
+ this.faultCode = faultCode;
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ public RampartException(String faultCode, Throwable e) {
+ this(faultCode, null, e);
+ }
+
+ /**
+ * get the message from resource bundle.
+ * <p/>
+ *
+ * @return the message translated from the property (message) file.
+ */
+ protected static String getMessage(String faultCode, Object[] args) {
+ String msg = null;
+ try {
+ msg = MessageFormat.format(resources.getString(faultCode), args);
+ } catch (MissingResourceException e) {
+ throw new RuntimeException("Undefined '" + faultCode + "' resource property");
+ }
+ return msg;
+ }
+
+ /**
+ * @return Returns the faultCode.
+ */
+ protected String getFaultCode() {
+ return faultCode;
+ }
+
+ /**
+ * @return Returns the faultString.
+ */
+ protected String getFaultString() {
+ return faultString;
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
new file mode 100644
index 0000000..2c09fdc
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -0,0 +1,651 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.SimpleTokenStore;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.policy.RampartPolicyBuilder;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.util.Loader;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import javax.xml.namespace.QName;
+
+import java.util.List;
+import java.util.Vector;
+
+public class RampartMessageData {
+
+ /**
+ * Axis2 parameter name to be used in the client's axis2 xml
+ */
+ public final static String KEY_RAMPART_POLICY = "rampartPolicy";
+
+ /**
+ * Key to hold the address of the issuer in the msg ctx.
+ */
+ public final static String KEY_ISSUER_ADDRESS = "issuerAddress";
+
+ /**
+ * Key to hold the WS-Trust version
+ */
+ public final static String KEY_WST_VERSION = "wstVersion";
+
+ private final String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+
+ /**
+ * Key to hold the WS-SecConv version
+ */
+ public final static String KEY_WSSC_VERSION = "wscVersion";
+
+ public static final String KEY_SCT_ISSUER_POLICY = "sct-issuer-policy";
+
+ public final static String CANCEL_REQUEST = "cancelrequest";
+
+ public final static String SCT_ID = "sctID";
+
+ private MessageContext msgContext = null;
+
+ private RampartPolicyData policyData = null;
+
+ private WSSecHeader secHeader = null;
+
+ private WSSConfig config = null;
+
+ private int timeToLive = 300;
+
+ private int timestampMaxSkew = 0;
+
+ private String timestampId;
+
+ private Document document;
+
+ private TokenStorage tokenStorage;
+
+ /**
+ * WS-Trust version to use.
+ *
+ * Pissible values:
+ * RahasConstants.VERSION_05_02
+ * RahasConstants.VERSION_05_12
+ */
+
+ private int wstVersion = RahasConstants.VERSION_05_02;
+
+ private int secConvVersion = ConversationConstants.DEFAULT_VERSION;
+
+ /*
+ * IssuedTokens or SecurityContextTokens can be used
+ * as the encryption token, signature token,
+ */
+ private String issuedEncryptionTokenId;
+
+ private String issuedSignatureTokenId;
+
+ /**
+ * The service policy extracted from the message context.
+ * If policy is specified in the RampartConfig <b>this</b> will take precedence
+ */
+ private Policy servicePolicy;
+
+ private boolean isInitiator;
+
+ private boolean sender;
+
+ private ClassLoader customClassLoader;
+
+ private SOAPConstants soapConstants;
+
+ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartException {
+
+ this.msgContext = msgCtx;
+
+ try {
+
+ /*
+ * First get the SOAP envelope as document, then create a security
+ * header and insert into the document (Envelope)
+ */
+ this.document = Axis2Util.getDocumentFromSOAPEnvelope(msgCtx.getEnvelope(), true);
+ msgCtx.setEnvelope((SOAPEnvelope)this.document.getDocumentElement());
+
+ this.soapConstants = WSSecurityUtil.getSOAPConstants(this.document.getDocumentElement());
+
+ //Extract known properties from the msgCtx
+
+ if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
+ this.wstVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
+ }
+
+ if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
+ this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
+ }
+
+ Parameter clientSideParam = msgCtx.getAxisService().getParameter(PARAM_CLIENT_SIDE);
+ if(clientSideParam != null) {
+ this.isInitiator = true;
+ } else {
+ this.isInitiator = !msgCtx.isServerSide();
+ if(this.isInitiator) {
+ clientSideParam = new Parameter();
+ clientSideParam.setName(PARAM_CLIENT_SIDE);
+ clientSideParam.setLocked(true);
+ msgCtx.getAxisService().addParameter(clientSideParam);
+ }
+ }
+
+ if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
+ this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
+ }
+
+ /*
+ * Init policy:
+ * When creating the RampartMessageData instance we
+ * extract the service policy is set in the msgCtx.
+ * If it is missing then try to obtain from the configuration files.
+ */
+
+ if(this.servicePolicy == null) {
+ this.servicePolicy = msgCtx.getEffectivePolicy();
+ }
+
+ if(this.servicePolicy == null) {
+ Parameter param = msgCtx.getParameter(RampartMessageData.KEY_RAMPART_POLICY);
+ if(param != null) {
+ OMElement policyElem = param.getParameterElement().getFirstElement();
+ this.servicePolicy = PolicyEngine.getPolicy(policyElem);
+ }
+ }
+
+ if(this.servicePolicy != null){
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
+
+
+ if(isInitiator && this.policyData != null && this.policyData.getRampartConfig() == null) {
+ //We'r missing the extra info rampart needs
+ throw new RampartException("rampartConigMissing");
+ }
+
+ if(this.policyData != null) {
+
+ //Check for RST and RSTR for an SCT
+ if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
+ this.policyData.getIssuerPolicy() != null) {
+
+ this.servicePolicy = this.policyData.getIssuerPolicy();
+
+ RampartConfig rampartConfig = policyData.getRampartConfig();
+ /*
+ * Copy crypto info from the into the new issuer policy
+ */
+ RampartConfig rc = new RampartConfig();
+ rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
+ rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
+ rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
+ rc.setUser(rampartConfig.getUser());
+ rc.setEncryptionUser(rampartConfig.getEncryptionUser());
+ rc.setPwCbClass(rampartConfig.getPwCbClass());
+
+ this.servicePolicy.addAssertion(rc);
+
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
+ }
+
+
+ this.sender = sender;
+
+ OperationContext opCtx = this.msgContext.getOperationContext();
+
+ if(!this.isInitiator && this.sender) {
+ //Get hold of the incoming msg ctx
+ MessageContext inMsgCtx;
+ if (opCtx != null
+ && (inMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null
+ && msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+
+ //If someone set the sct_id externally use it at the receiver
+ msgContext.setProperty(SCT_ID, inMsgCtx.getProperty(SCT_ID));
+ }
+ }
+
+ if(this.isInitiator && !this.sender) {
+ MessageContext outMsgCtx;
+ if (opCtx != null
+ && (outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE)) != null) {
+
+ //If someone set the sct_id externally use it at the receiver
+ msgContext.setProperty(SCT_ID, outMsgCtx.getProperty(SCT_ID));
+ }
+ }
+
+ this.config = WSSConfig.getDefaultWSConfig();
+
+ this.customClassLoader = msgCtx.getAxisService().getClassLoader();
+
+ if(this.sender && this.policyData != null) {
+ this.secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(this.document);
+ }
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (AxisFault e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (WSSPolicyException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ }
+
+ }
+
+ /**
+ * @return Returns the document.
+ */
+ public Document getDocument() {
+ return document;
+ }
+
+ /**
+ * @param document The document to set.
+ */
+ public void setDocument(Document document) {
+ this.document = document;
+ }
+
+ /**
+ * @return Returns the timeToLive.
+ */
+ public int getTimeToLive() {
+ return timeToLive;
+ }
+
+ /**
+ * @param timeToLive The timeToLive to set.
+ */
+ public void setTimeToLive(int timeToLive) {
+ this.timeToLive = timeToLive;
+ }
+
+ /**
+ * @return Returns the timestampMaxSkew.
+ */
+ public int getTimestampMaxSkew() {
+ return timestampMaxSkew;
+ }
+
+ /**
+ * @param timestampMaxSkew The timestampMaxSkew to set.
+ */
+ public void setTimestampMaxSkew(int timestampMaxSkew) {
+ this.timestampMaxSkew = timestampMaxSkew;
+ }
+
+ /**
+ * @return Returns the config.
+ */
+ public WSSConfig getConfig() {
+ return config;
+ }
+
+ /**
+ * @param config
+ * The config to set.
+ */
+ public void setConfig(WSSConfig config) {
+ this.config = config;
+ }
+
+ /**
+ * @return Returns the msgContext.
+ */
+ public MessageContext getMsgContext() {
+ return msgContext;
+ }
+
+ /**
+ * @param msgContext
+ * The msgContext to set.
+ */
+ public void setMsgContext(MessageContext msgContext) {
+ this.msgContext = msgContext;
+ }
+
+ /**
+ * @return Returns the policyData.
+ */
+ public RampartPolicyData getPolicyData() {
+ return policyData;
+ }
+
+ /**
+ * @param policyData
+ * The policyData to set.
+ */
+ public void setPolicyData(RampartPolicyData policyData) throws RampartException {
+ this.policyData = policyData;
+
+ try {
+ //if client side then check whether sig conf enabled
+ //and get hold of the stored signature values
+ if(this.isInitiator && !this.sender && policyData.isSignatureConfirmation()) {
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV, outMsgCtx
+ .getProperty(WSHandlerConstants.SEND_SIGV));
+ }
+ } catch (AxisFault e) {
+ throw new RampartException("errorGettingSignatureValuesForSigconf", e);
+ }
+ }
+
+ /**
+ * @return Returns the secHeader.
+ */
+ public WSSecHeader getSecHeader() {
+ return secHeader;
+ }
+
+ /**
+ * @param secHeader
+ * The secHeader to set.
+ */
+ public void setSecHeader(WSSecHeader secHeader) {
+ this.secHeader = secHeader;
+ }
+
+ /**
+ * @return Returns the issuedEncryptionTokenId.
+ */
+ public String getIssuedEncryptionTokenId() {
+ return issuedEncryptionTokenId;
+ }
+
+ /**
+ * @param issuedEncryptionTokenId The issuedEncryptionTokenId to set.
+ */
+ public void setIssuedEncryptionTokenId(String issuedEncryptionTokenId) {
+ this.issuedEncryptionTokenId = issuedEncryptionTokenId;
+ }
+
+ /**
+ * @return Returns the issuedSignatureTokenId.
+ */
+ public String getIssuedSignatureTokenId() {
+ return issuedSignatureTokenId;
+ }
+
+ /**
+ * @param issuedSignatureTokenId The issuedSignatureTokenId to set.
+ */
+ public void setIssuedSignatureTokenId(String issuedSignatureTokenId) {
+ this.issuedSignatureTokenId = issuedSignatureTokenId;
+ }
+
+ /**
+ * @return Returns the secConvTokenId.
+ */
+ public String getSecConvTokenId() {
+ String id = null;
+
+ if(this.isInitiator) {
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(this.msgContext);
+ id = (String) RampartUtil.getContextMap(this.msgContext).get(contextIdentifierKey);
+ } else {
+ //get the sec context id from the req msg ctx
+ Vector results = (Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ if(WSConstants.SCT == wser.getAction()) {
+ id = wser.getSecurityContextToken().getID();
+ }
+
+ }
+ }
+ }
+
+ if(id == null || id.length() == 0) {
+ //If we can't find the sec conv token id up to this point then
+ //check if someone has specified which one to use
+ id = (String)this.msgContext.getProperty(SCT_ID);
+ }
+
+ return id;
+ }
+
+ /**
+ * @param secConvTokenId The secConvTokenId to set.
+ */
+ public void setSecConvTokenId(String secConvTokenId) {
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(this.msgContext);
+ RampartUtil.getContextMap(this.msgContext).put(
+ contextIdentifierKey,
+ secConvTokenId);
+ }
+
+
+
+ /**
+ * @return Returns the tokenStorage.
+ */
+ public TokenStorage getTokenStorage() throws RampartException {
+
+ if(this.tokenStorage != null) {
+ return this.tokenStorage;
+ }
+
+ TokenStorage storage = (TokenStorage) this.msgContext.getProperty(
+ TokenStorage.TOKEN_STORAGE_KEY);
+
+ if (storage != null) {
+ this.tokenStorage = storage;
+ } else {
+
+ String storageClass = this.policyData.getRampartConfig()
+ .getTokenStoreClass();
+
+ if (storageClass != null) {
+ Class stClass = null;
+ try {
+ stClass = Loader.loadClass(msgContext.getAxisService()
+ .getClassLoader(), storageClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException(
+ "WSHandler: cannot load token storage class: "
+ + storageClass, e);
+ }
+ try {
+ this.tokenStorage = (TokenStorage) stClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException(
+ "Cannot create instance of token storage: "
+ + storageClass, e);
+ }
+ } else {
+ this.tokenStorage = new SimpleTokenStore();
+
+ }
+
+ //Set the storage instance
+ this.msgContext.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStorage);
+ }
+
+
+ return tokenStorage;
+ }
+
+ /**
+ * @param tokenStorage The tokenStorage to set.
+ */
+ public void setTokenStorage(TokenStorage tokenStorage) {
+ this.tokenStorage = tokenStorage;
+ }
+
+ /**
+ * @return Returns the wstVerion.
+ */
+ public int getWstVersion() {
+ return wstVersion;
+ }
+
+ /**
+ * @param wstVerion The wstVerion to set.
+ */
+ public void setWstVersion(int wstVerion) {
+ this.wstVersion = wstVerion;
+ }
+
+ /**
+ * @return Returns the secConvVersion.
+ */
+ public int getSecConvVersion() {
+ return secConvVersion;
+ }
+
+ /**
+ * @return Returns the servicePolicy.
+ */
+ public Policy getServicePolicy() {
+ return servicePolicy;
+ }
+
+ /**
+ * @param servicePolicy The servicePolicy to set.
+ */
+ public void setServicePolicy(Policy servicePolicy) {
+ this.servicePolicy = servicePolicy;
+ }
+
+
+ public static String getMessagePolicyKey(MessageContext msgCtx) {
+ if(msgCtx.getAxisOperation() != null) {
+ return createPolicyKey(msgCtx.getAxisService().getName(),
+ msgCtx.getAxisOperation().getName(),
+ msgCtx.getAxisMessage().getName());
+ }
+ return null;
+ }
+
+ /**
+ * @param msgCtx
+ * @return The key to store/pickup policy of an operation
+ */
+ public static String getOperationPolicyKey(MessageContext msgCtx) {
+ if(msgCtx.getAxisOperation() != null) {
+ return createPolicyKey(msgCtx.getAxisService().getName(),
+ msgCtx.getAxisOperation().getName(), null);
+
+ }
+ return null;
+ }
+
+ public static String getServicePolicyKey(MessageContext msgCtx) {
+ return createPolicyKey(msgCtx.getAxisService().getName(), null, null);
+ }
+
+ public static String createPolicyKey(String service, QName operation, String msg) {
+ if(operation != null) {
+ if(msg != null) {
+ return RampartMessageData.KEY_RAMPART_POLICY + service
+ + "{" + operation.getNamespaceURI() + "}"
+ + operation.getLocalPart() + ":" + msg;
+ } else {
+ return RampartMessageData.KEY_RAMPART_POLICY + service
+ + "{" + operation.getNamespaceURI() + "}"
+ + operation.getLocalPart();
+ }
+ } else {
+ return RampartMessageData.KEY_RAMPART_POLICY + service;
+ }
+ }
+
+ /**
+ * @return Returns the timestampId.
+ */
+ public String getTimestampId() {
+ return timestampId;
+ }
+
+ /**
+ * @param timestampId The timestampId to set.
+ */
+ public void setTimestampId(String timestampId) {
+ this.timestampId = timestampId;
+ }
+
+ /**
+ * @return Returns the isClientSide.
+ */
+ public boolean isInitiator() {
+ return isInitiator;
+ }
+
+ public ClassLoader getCustomClassLoader() {
+ return customClassLoader;
+ }
+
+ public SOAPConstants getSoapConstants() {
+ return soapConstants;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
new file mode 100644
index 0000000..c1ea6f1
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+
+public class TokenCallbackHandler implements CallbackHandler {
+
+ private TokenStorage store;
+ private CallbackHandler handler;
+
+ public TokenCallbackHandler(TokenStorage store, CallbackHandler handler) {
+ this.store = store;
+ this.handler = handler;
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if(pc.getUsage() == WSPasswordCallback.SECURITY_CONTEXT_TOKEN &&
+ this.store != null) {
+ String id = pc.getIdentifer();
+ Token tok;
+ try {
+ //Pick up the token from the token store
+ tok = this.store.getToken(id);
+ if(tok != null) {
+ //Get the secret and set it in the callback object
+ pc.setKey(tok.getSecret());
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new IOException(e.getMessage());
+ }
+ } else {
+ //Handle other types of callbacks with the usual handler
+ if(this.handler != null) {
+ handler.handle(new Callback[]{pc});
+ }
+ }
+
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i],
+ "Unrecognized Callback");
+ }
+ }
+ }
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java b/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java
new file mode 100644
index 0000000..57b096a
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import java.util.ArrayList;
+
+public class ValidatorData {
+
+ private RampartMessageData rmd;
+ ArrayList encryptedDataRefIds = new ArrayList();
+ private String bodyEncrDataId;
+
+ public ValidatorData(RampartMessageData rmd) {
+ this.rmd = rmd;
+ this.extractEncryptedPartInformation();
+ }
+
+ private void extractEncryptedPartInformation() {
+ Node start = rmd.getDocument().getDocumentElement();
+ while(start != null) {
+ Element elem = (Element) WSSecurityUtil.findElement(start,
+ EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
+ if(elem != null) {
+ Element parentElem = (Element)elem.getParentNode();
+ if(parentElem != null && parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
+ parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
+ this.bodyEncrDataId = elem.getAttribute("Id");
+ } else {
+ encryptedDataRefIds.add(elem.getAttribute("Id"));
+ }
+
+ if(elem.getNextSibling() != null) {
+ start = elem.getNextSibling();
+ } else {
+ start = elem.getParentNode().getNextSibling();
+ }
+ } else {
+ if(start.getNextSibling() != null) {
+ start = start.getNextSibling();
+ } else {
+ start = start.getParentNode().getNextSibling();
+ }
+ }
+
+ }
+
+ }
+
+ public ArrayList getEncryptedDataRefIds() {
+ return encryptedDataRefIds;
+ }
+
+ public RampartMessageData getRampartMessageData() {
+ return rmd;
+ }
+
+ public String getBodyEncrDataId() {
+ return bodyEncrDataId;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
new file mode 100644
index 0000000..54c54c7
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -0,0 +1,606 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class AsymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
+
+ private Token sigToken;
+
+ private WSSecSignature sig;
+
+ private WSSecEncryptedKey encrKey;
+
+ private String encryptedKeyId;
+
+ private byte[] encryptedKeyValue;
+
+ private Vector signatureValues = new Vector();
+
+ private Element encrTokenElement;
+
+ private Element sigDKTElement;
+
+ private Element encrDKTElement;
+
+ private Vector sigParts = new Vector();
+
+ private Element signatureElement;
+
+ public void build(RampartMessageData rmd) throws RampartException {
+ log.debug("AsymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if (rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if (Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+ log.debug("AsymmetricBindingBuilder build invoked : DONE");
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd)
+ throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+ RampartConfig config = rpd.getRampartConfig();
+
+ /*
+ * We need to hold on to these two element to use them as refence in the
+ * case of encypting the signature
+ */
+ Element encrDKTokenElem = null;
+ WSSecEncrypt encr = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+
+ /*
+ * We MUST use keys derived from the same token
+ */
+ Token encryptionToken = rpd.getRecipientToken();
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if (encryptionToken != null && encrParts.size() > 0) {
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+ this.setupEncryptedKey(rmd, encryptionToken);
+ // Create the DK encryption builder
+ dkEncr = new WSSecDKEncrypt();
+ dkEncr.setParts(encrParts);
+ dkEncr.setExternalKey(this.encryptedKeyValue,
+ this.encryptedKeyId);
+ dkEncr.prepare(doc);
+
+ // Get and add the DKT element
+ this.encrDKTElement = dkEncr.getdktElement();
+ encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr", e);
+ }
+ } else {
+ try {
+ encr = new WSSecEncrypt();
+ encr.setParts(encrParts);
+ encr.setWsConfig(rmd.getConfig());
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
+
+ Element bstElem = encr.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ this.encrTokenElement = encr.getEncryptedKeyElement();
+ this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ this.setInsertionLocation(encrTokenElement);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ this.sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if (rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd
+ .getSignedSupportingTokens();
+
+ sigSuppTokMap = this
+ .handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd
+ .getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd
+ .getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd,
+ sgndEndSuppTokens);
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+
+ // Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if(rpd.getInitiatorToken() != null) {
+ this.doSignature(rmd);
+ }
+
+ if (rmd.isInitiator()) {
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ // Check for signature protection
+ if (rpd.isSignatureProtection() && this.mainSigId != null) {
+
+ Vector secondEncrParts = new Vector();
+
+ // Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
+ "Element"));
+
+ Element secondRefList = null;
+
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
+ secondRefList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey",
+ e);
+ }
+ } else {
+ try {
+ // Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+
+ // Insert the ref list after the encrypted key elem
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfter(rmd, encrTokenElement,
+ secondRefList));
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+ }
+
+ }
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd)
+ throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ sigParts = RampartUtil.getSignedParts(rmd);
+
+ //Add timestamp
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if (rmd.isInitiator()) {
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd
+ .getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd,
+ sgndEndSuppTokens);
+
+ // Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if(rpd.getInitiatorToken() != null) {
+ // Do signature
+ this.doSignature(rmd);
+ }
+
+ //Do endorsed signature
+
+ if (rmd.isInitiator()) {
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+
+
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ encrParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement)this.signatureElement), "Element"));
+ }
+
+ //Do encryption
+ Token encrToken = rpd.getRecipientToken();
+ if(encrToken != null && encrParts.size() > 0) {
+ Element refList = null;
+ if(encrToken.isDerivedKeys()) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ if(this.encrKey == null) {
+ this.setupEncryptedKey(rmd, encrToken);
+ }
+
+ dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ dkEncr.prepare(doc);
+
+
+ if(this.encrTokenElement != null) {
+ this.encrDKTElement = RampartUtil.insertSiblingAfter(
+ rmd, this.encrTokenElement, dkEncr.getdktElement());
+ } else {
+ this.encrDKTElement = RampartUtil.insertSiblingBefore(
+ rmd, this.sigDKTElement, dkEncr.getdktElement());
+ }
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ this.encrDKTElement,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+
+ if(encrToken.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ if(rpd.getWss10() != null && rpd.getWss10().isMustSupportRefKeyIdentifier()) {
+ encr.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if(rpd.getWss11() != null && rpd.getWss11().isMustSupportRefThumbprint()) {
+ encr.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ } else {
+ encr.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+ if(this.timestampElement != null){
+ this.setInsertionLocation(this.timestampElement);
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if(encr.getBSTTokenId() != null) {
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfterOrPrepend(rmd,
+ this.getInsertionLocation(),
+ encr.getBinarySecurityTokenElement()));
+ }
+
+
+ Element encryptedKeyElement = encr.getEncryptedKeyElement();
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfterOrPrepend(rmd,
+ this.getInsertionLocation(),
+ encryptedKeyElement));
+
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForInternalRef(null, encrParts);
+
+ //Add internal refs
+ encryptedKeyElement.appendChild(refList);
+// RampartUtil.insertSiblingAfter(rmd,
+// this.getInsertionLocation(),
+// refList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ }
+
+ private void doSignature(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ sigToken = rpd.getInitiatorToken();
+
+ if (sigToken.isDerivedKeys()) {
+ // Set up the encrypted key to use
+ if(this.encrKey == null) {
+ setupEncryptedKey(rmd, sigToken);
+ }
+
+ WSSecDKSign dkSign = new WSSecDKSign();
+ dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+
+ // Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
+ .getSymmetricSignature());
+ dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()
+ .getMinimumSymmetricKeyLength() / 8);
+
+ try {
+ dkSign.prepare(doc, rmd.getSecHeader());
+
+ if (rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getId()));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ // Do signature
+ dkSign.computeSignature();
+
+ ;
+ // Add elements to header
+ this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign.getdktElement());
+ this.setInsertionLocation(this.sigDKTElement);
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign
+ .getSignatureElement()));
+
+ this.mainSigId = RampartUtil
+ .addWsuIdToElement((OMElement) dkSign
+ .getSignatureElement());
+
+ signatureValues.add(dkSign.getSignatureValue());
+
+ signatureElement = dkSign.getSignatureElement();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ sig = this.getSignatureBuider(rmd, sigToken);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd, this
+ .getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+
+ if (rmd.getPolicyData().isTokenProtection()
+ && sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ signatureElement = sig.getSignatureElement();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd, this.getInsertionLocation(), signatureElement));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ signatureValues.add(sig.getSignatureValue());
+ }
+
+ }
+
+ /**
+ * @param rmd
+ * @throws RampartException
+ */
+ private void setupEncryptedKey(RampartMessageData rmd, Token token)
+ throws RampartException {
+ if(!rmd.isInitiator() && token.isDerivedKeys()) {
+
+ //If we already have them, simply return
+ if(this.encryptedKeyId != null && this.encryptedKeyValue != null) {
+ return;
+ }
+
+ //Use the secret from the incoming EncryptedKey element
+ Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ if(resultsObj != null) {
+ encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector)resultsObj);
+ encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector)resultsObj);
+
+ //In the case where we don't have the EncryptedKey in the
+ //request, for the control to have reached this state,
+ //the scenario MUST be a case where this is the response
+ //message by a listener created for an async client
+ //Therefor we will create a new EncryptedKey
+ if(encryptedKeyId == null && encryptedKeyValue == null) {
+ createEncryptedKey(rmd, token);
+ }
+ } else {
+ throw new RampartException("noSecurityResults");
+ }
+ } else {
+ createEncryptedKey(rmd, token);
+ }
+ }
+
+ /**
+ * Create an encrypted key element
+ * @param rmd
+ * @param token
+ * @throws RampartException
+ */
+ private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException {
+ //Set up the encrypted key to use
+ encrKey = this.getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ // If a BST is available then use it
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ // Add the EncryptedKey
+ encrTokenElement = encrKey.getEncryptedKeyElement();
+ this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+ encryptedKeyValue = encrKey.getEphemeralKey();
+ encryptedKeyId = encrKey.getId();
+
+ //Store the token for client - response verification
+ // and server - response creation
+ try {
+ org.apache.rahas.Token tok = new org.apache.rahas.Token(
+ encryptedKeyId, (OMElement)encrTokenElement , null, null);
+ tok.setSecret(encryptedKeyValue);
+ rmd.getTokenStorage().add(tok);
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore", e);
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
new file mode 100644
index 0000000..7850e87
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -0,0 +1,631 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
+import java.util.Map.Entry;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecSignatureConfirmation;
+import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public abstract class BindingBuilder {
+ private static Log log = LogFactory.getLog(BindingBuilder.class);
+
+ private Element insertionLocation;
+
+ protected String mainSigId = null;
+
+ protected Element timestampElement;
+
+ /**
+ * @param rmd
+ */
+ protected void addTimestamp(RampartMessageData rmd) {
+ log.debug("Adding timestamp");
+
+ WSSecTimestamp timestampBuilder = new WSSecTimestamp();
+ timestampBuilder.setWsConfig(rmd.getConfig());
+
+ timestampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
+
+ // add the Timestamp to the SOAP Enevelope
+
+ timestampBuilder.build(rmd.getDocument(), rmd
+ .getSecHeader());
+
+ log.debug("Timestamp id: " + timestampBuilder.getId());
+
+ rmd.setTimestampId(timestampBuilder.getId());
+
+ this.timestampElement = timestampBuilder.getElement();
+ log.debug("Adding timestamp: DONE");
+ }
+
+ /**
+ * Add a UsernameToken to the security header
+ * @param rmd
+ * @return The <code>WSSecUsernameToken</code> instance
+ * @throws RampartException
+ */
+ protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd) throws RampartException {
+
+ log.debug("Adding a UsernameToken");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //Get the user
+ String user = rpd.getRampartConfig().getUser();
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ //Get the password
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.USERNAME_TOKEN) };
+
+ try {
+ handler.handle(cb);
+
+ //get the password
+ String password = cb[0].getPassword();
+
+ log.debug("Password : " + password);
+
+ if(password != null && !"".equals(password)) {
+ //If the password is available then build the token
+
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+
+ //TODO Get the UT type, only WS-SX spec supports this
+ utBuilder.setUserInfo(user, password);
+
+ return utBuilder;
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ }
+
+
+ /**
+ * @param rmd
+ * @param token
+ * @return
+ * @throws WSSecurityException
+ * @throws RampartException
+ */
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ if(token.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ if(rpd.getWss11() != null) {
+ //Use thumbprint
+ encrKey.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ } else {
+ //Use SKI
+ encrKey.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ }
+ } else {
+ encrKey.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+ try {
+ RampartUtil.setEncryptionUser(rmd, encrKey);
+ encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
+ encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+
+ encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
+
+ return encrKey;
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ }
+ }
+
+
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ WSSecSignature sig = new WSSecSignature();
+ sig.setWsConfig(rmd.getConfig());
+
+ log.debug("Token inclusion: " + token.getInclusion());
+ if(token.getInclusion().equals(Constants.INCLUDE_NEVER) ||
+ (!rmd.isInitiator() && token.getInclusion().equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT))) {
+ if(rpd.getWss11() != null) {
+ //Use thumbprint
+ sig.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ } else {
+ //Use SKI
+ sig.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ }
+ } else {
+ sig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+
+ //Get the user
+ String user = rpd.getRampartConfig().getUser();
+ String password = null;
+
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ //Get the password
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.SIGNATURE) };
+
+ try {
+ handler.handle(cb);
+ if(cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {
+ password = cb[0].getPassword();
+ log.debug("Password : " + password);
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ sig.setUserInfo(user, password);
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+
+ try {
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+ return sig;
+ }
+
+ /**
+ * @param rmd
+ * @param suppTokens
+ * @throws RampartException
+ */
+ protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens)
+ throws RampartException {
+
+ //Create the list to hold the tokens
+ HashMap endSuppTokMap = new HashMap();
+
+ if(suppTokens != null && suppTokens.getTokens() != null &&
+ suppTokens.getTokens().size() > 0) {
+ log.debug("Processing supporting tokens");
+
+ ArrayList tokens = suppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ org.apache.rahas.Token endSuppTok = null;
+ if(token instanceof IssuedToken && rmd.isInitiator()){
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+ try {
+ endSuppTok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{id}, e);
+ }
+
+ if(endSuppTok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{id});
+ }
+
+ //Add the token to the header
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd, this.getInsertionLocation(),
+ (Element) endSuppTok.getToken());
+ this.setInsertionLocation(siblingElem);
+
+ //Add the extracted token
+ endSuppTokMap.put(token, endSuppTok);
+
+ } else if(token instanceof X509Token) {
+ //Get the to be added
+ if(token.isDerivedKeys()) {
+ //We have to use an EncryptedKey
+ try {
+ WSSecEncryptedKey encrKey = this
+ .getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd, this.getInsertionLocation(),
+ bstElem);
+ this.setInsertionLocation(siblingElem);
+ }
+
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd,
+ this.getInsertionLocation(),
+ encrKey.getEncryptedKeyElement());
+
+ this.setInsertionLocation(siblingElem);
+
+ Date now = new Date();
+ endSuppTok =
+ new org.apache.rahas.Token(encrKey.getId(),
+ (OMElement)encrKey.getEncryptedKeyElement(),
+ now, new Date(now.getTime() + 300000));
+
+ endSuppTokMap.put(token, endSuppTok);
+
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRahasToken", e);
+ }
+ } else {
+ //We have to use a cert
+ //Prepare X509 signature
+ WSSecSignature sig = this.getSignatureBuider(rmd, token);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+ endSuppTokMap.put(token, sig);
+ }
+ } else if(token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd);
+
+ utBuilder.prepare(rmd.getDocument());
+
+ //Add the UT
+ Element elem = utBuilder.getUsernameTokenElement();
+ RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), elem);
+
+ //Move the insert location to th enext element
+ this.setInsertionLocation(elem);
+ Date now = new Date();
+ try {
+ org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+ utBuilder.getId(), (OMElement) elem, now,
+ new Date(now.getTime() + 300000));
+ endSuppTokMap.put(token, tempTok);
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRahasToken", e);
+ }
+ }
+ }
+ }
+
+ return endSuppTokMap;
+ }
+ /**
+ * @param tokenMap
+ * @param sigParts
+ * @throws RampartException
+ */
+ protected Vector addSignatureParts(HashMap tokenMap, Vector sigParts) throws RampartException {
+
+ Set entrySet = tokenMap.entrySet();
+
+ for (Iterator iter = entrySet.iterator(); iter.hasNext();) {
+ Object tempTok = ((Entry)iter.next()).getValue();
+ WSEncryptionPart part = null;
+
+ if(tempTok instanceof org.apache.rahas.Token) {
+
+ part = new WSEncryptionPart(
+ ((org.apache.rahas.Token) tempTok).getId());
+
+ } else if(tempTok instanceof WSSecSignature) {
+ WSSecSignature tempSig = (WSSecSignature) tempTok;
+ if(tempSig.getBSTTokenId() != null) {
+ part = new WSEncryptionPart(tempSig.getBSTTokenId());
+ }
+ } else {
+
+ throw new RampartException("UnsupportedTokenInSupportingToken");
+ }
+ sigParts.add(part);
+ }
+
+ return sigParts;
+ }
+
+
+ public Element getInsertionLocation() {
+ return insertionLocation;
+ }
+
+ public void setInsertionLocation(Element insertionLocation) {
+ this.insertionLocation = insertionLocation;
+ }
+
+
+ protected Vector doEndorsedSignatures(RampartMessageData rmd, HashMap tokenMap) throws RampartException {
+
+ Set tokenSet = tokenMap.keySet();
+
+ Vector sigValues = new Vector();
+
+ for (Iterator iter = tokenSet.iterator(); iter.hasNext();) {
+
+ Token token = (Token)iter.next();
+
+ Object tempTok = tokenMap.get(token);
+
+ Vector sigParts = new Vector();
+ sigParts.add(new WSEncryptionPart(this.mainSigId));
+
+ if (tempTok instanceof org.apache.rahas.Token) {
+ org.apache.rahas.Token tok = (org.apache.rahas.Token)tempTok;
+ if(rmd.getPolicyData().isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(tok.getId()));
+ }
+
+ this.doSymmSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
+
+ } else if (tempTok instanceof WSSecSignature) {
+ WSSecSignature sig = (WSSecSignature)tempTok;
+ if(rmd.getPolicyData().isTokenProtection() &&
+ sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ sigValues.add(sig.getSignatureValue());
+ }
+ }
+
+ return sigValues;
+
+ }
+
+
+ protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
+
+ Document doc = rmd.getDocument();
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if(policyToken.isDerivedKeys() || policyToken instanceof SecureConversationToken) {
+ try {
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ OMElement ref = tok.getAttachedReference();
+ if(ref == null) {
+ ref = tok.getUnattachedReference();
+ }
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);
+
+ dkSign.prepare(doc, rmd.getSecHeader());
+
+ if(rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(tok.getId()));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ //Add elements to header
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfter(rmd,
+ this.getInsertionLocation(),
+ dkSign.getdktElement()));
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ dkSign.getSignatureElement()));
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+ } else {
+ //TODO : Example SAMLTOken Signature
+ throw new UnsupportedOperationException("TODO");
+ }
+ }
+
+ /**
+ * Get hold of the token from the token storage
+ * @param rmd
+ * @param tokenId
+ * @return token from the token storage
+ * @throws RampartException
+ */
+ protected org.apache.rahas.Token getToken(RampartMessageData rmd,
+ String tokenId) throws RampartException {
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(tokenId);
+ } catch (TrustException e) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{tokenId}, e);
+ }
+
+ if(tok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{tokenId});
+ }
+ return tok;
+ }
+
+
+ protected void addSignatureConfirmation(RampartMessageData rmd, Vector sigParts) {
+
+ if(!rmd.getPolicyData().isSignatureConfirmation()) {
+
+ //If we don't require sig confirmation simply go back :-)
+ return;
+ }
+
+ Document doc = rmd.getDocument();
+
+ Vector results = (Vector)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ /*
+ * loop over all results gathered by all handlers in the chain. For each
+ * handler result get the various actions. After that loop we have all
+ * signature results in the signatureActions vector
+ */
+ Vector signatureActions = new Vector();
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
+
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.SIGN, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.ST_SIGNED, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.UT_SIGN, signatureActions);
+ }
+
+ // prepare a SignatureConfirmation token
+ WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+ if (signatureActions.size() > 0) {
+ if (log.isDebugEnabled()) {
+ log.debug("Signature Confirmation: number of Signature results: "
+ + signatureActions.size());
+ }
+ for (int i = 0; i < signatureActions.size(); i++) {
+ WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
+ .get(i);
+ byte[] sigVal = wsr.getSignatureValue();
+ wsc.setSignatureValue(sigVal);
+ wsc.prepare(doc);
+ RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
+ if(sigParts != null) {
+ sigParts.add(new WSEncryptionPart(wsc.getId()));
+ }
+ }
+ } else {
+ //No Sig value
+ wsc.prepare(doc);
+ RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
+ if(sigParts != null) {
+ sigParts.add(new WSEncryptionPart(wsc.getId()));
+ }
+ }
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
new file mode 100644
index 0000000..c62b846
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -0,0 +1,657 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+
+public class SymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(SymmetricBindingBuilder.class);
+
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("SymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if(rmd.isInitiator()) {
+ //Setup required tokens
+ initializeTokens(rmd);
+ }
+
+
+ if(Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+
+ log.debug("SymmetricBindingBuilder build invoked : DONE");
+
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ Vector signatureValues = new Vector();
+
+ Token encryptionToken = rpd.getEncryptionToken();
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if(encryptionToken != null && encrParts.size() > 0) {
+ //The encryption token can be an IssuedToken or a
+ //SecureConversationToken
+ String tokenId = null;
+ org.apache.rahas.Token tok = null;
+
+ if(encryptionToken instanceof IssuedToken) {
+ tokenId = rmd.getIssuedEncryptionTokenId();
+ log.debug("Issued EncryptionToken Id : " + tokenId);
+ } else if(encryptionToken instanceof SecureConversationToken) {
+ tokenId = rmd.getSecConvTokenId();
+ log.debug("SCT Id : " + tokenId);
+ } else if (encryptionToken instanceof X509Token) {
+ tokenId = setupEncryptedKey(rmd, encryptionToken);
+ } //TODO SAMLToken
+
+ if(tokenId == null || tokenId.length() == 0) {
+ throw new RampartException("noSecurityToken");
+ }
+
+ /*
+ * Get hold of the token from the token storage
+ */
+ tok = this.getToken(rmd, tokenId);
+
+ /*
+ * Attach the token into the message based on token inclusion
+ * values
+ */
+ boolean attached = false;
+ Element encrTokenElement = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+ WSSecEncrypt encr = null;
+ Element encrDKTokenElem = null;
+
+ if(Constants.INCLUDE_ALWAYS.equals(encryptionToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(encryptionToken.getInclusion()) ||
+ (rmd.isInitiator() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(encryptionToken.getInclusion()))) {
+ encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ attached = true;
+ }
+
+ //In the X509 case we MUST add the EncryptedKey
+ if(encryptionToken instanceof X509Token) {
+ RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ }
+ Document doc = rmd.getDocument();
+
+ if(encryptionToken.isDerivedKeys()) {
+ log.debug("Use drived keys");
+
+ dkEncr = new WSSecDKEncrypt();
+
+ if(attached && tok.getAttachedReference() != null) {
+
+ dkEncr.setExternalKey(tok.getSecret(), (Element) doc
+ .importNode((Element) tok.getAttachedReference(),
+ true));
+
+ } else if(tok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(tok.getSecret(), (Element) doc
+ .importNode((Element) tok.getUnattachedReference(),
+ true));
+ } else {
+ dkEncr.setExternalKey(tok.getSecret(), tok.getId());
+ }
+ try {
+ dkEncr.prepare(doc);
+ encrDKTokenElem = dkEncr.getdktElement();
+ RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ log.debug("NO derived keys, use the shared secret");
+ encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setEphemeralKey(tok.getSecret());
+ encr.setDocument(doc);
+
+ try {
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ this.setInsertionLocation(encrTokenElement);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ Vector sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if(rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ //Sign the message
+ //We should use the same key in the case of EncryptBeforeSig
+ signatureValues.add(this.doSymmSignature(rmd, encryptionToken, tok, sigParts));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+
+
+ if(rmd.isInitiator()) {
+ //Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ //Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+
+ Vector secondEncrParts = new Vector();
+
+ //Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+
+ Element secondRefList = null;
+
+ if(encryptionToken.isDerivedKeys()) {
+ try {
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrDKTokenElem,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+ //Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrTokenElement,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ } else {
+ throw new RampartException("encryptionTokenMissing");
+ }
+ }
+
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ Token sigToken = rpd.getSignatureToken();
+
+ String encrTokId = null;
+ String sigTokId = null;
+
+ org.apache.rahas.Token encrTok = null;
+ org.apache.rahas.Token sigTok = null;
+
+ Element sigTokElem = null;
+
+ Vector signatureValues = new Vector();
+
+ if(sigToken != null) {
+ if(sigToken instanceof SecureConversationToken) {
+ sigTokId = rmd.getSecConvTokenId();
+ } else if(sigToken instanceof IssuedToken) {
+ sigTokId = rmd.getIssuedSignatureTokenId();
+ } else if(sigToken instanceof X509Token) {
+ sigTokId = setupEncryptedKey(rmd, sigToken);
+ }
+ } else {
+ throw new RampartException("signatureTokenMissing");
+ }
+
+ if(sigTokId == null || sigTokId.length() == 0) {
+ throw new RampartException("noSecurityToken");
+ }
+
+ sigTok = this.getToken(rmd, sigTokId);
+
+ if(Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(sigToken.getInclusion()) ||
+ (rmd.isInitiator() &&
+ Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(
+ sigToken.getInclusion()))) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd,
+ sigTok.getToken());
+ this.setInsertionLocation(sigTokElem);
+ }
+
+
+
+ //In the X509 case we MUST add the EncryptedKey
+ if(sigToken instanceof X509Token) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
+
+ //Set the insertion location
+ this.setInsertionLocation(sigTokElem);
+ }
+
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ Vector sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if(rmd.isInitiator()) {
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+ //Sign the message
+ signatureValues.add(this.doSymmSignature(rmd, sigToken, sigTok, sigParts));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+
+ if(rmd.isInitiator()) {
+ //Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ //Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ //Encryption
+ Token encrToken = rpd.getEncryptionToken();
+ Element encrTokElem = null;
+ if(sigToken.equals(encrToken)) {
+ //Use the same token
+ encrTokId = sigTokId;
+ encrTok = sigTok;
+ encrTokElem = sigTokElem;
+ } else {
+ encrTokId = rmd.getIssuedEncryptionTokenId();
+ encrTok = this.getToken(rmd, encrTokId);
+
+ if(Constants.INCLUDE_ALWAYS.equals(encrToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(encrToken.getInclusion()) ||
+ (rmd.isInitiator() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(encrToken.getInclusion()))) {
+ encrTokElem = (Element)encrTok.getToken();
+
+ //Add the encrToken element before the sigToken element
+ RampartUtil.insertSiblingBefore(rmd, sigTokElem, encrTokElem);
+ }
+
+ }
+
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ //Now encrypt the signature using the above token
+ encrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+ }
+ Element refList = null;
+
+ if(encrToken.isDerivedKeys() || encrToken instanceof SecureConversationToken) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ if(encrTokElem != null && encrTok.getAttachedReference() != null) {
+
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
+ .importNode((Element) encrTok.getAttachedReference(),
+ true));
+
+ } else if(encrTok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
+ .importNode((Element) encrTok.getUnattachedReference(),
+ true));
+ } else {
+ dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
+ }
+
+ dkEncr.prepare(doc);
+ Element encrDKTokenElem = null;
+ encrDKTokenElem = dkEncr.getdktElement();
+ if(encrTokElem != null) {
+ RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);
+ } else {
+ RampartUtil.insertSiblingAfter(rmd, this.timestampElement, encrDKTokenElem);
+ }
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ encrDKTokenElem,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setEphemeralKey(encrTok.getSecret());
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setDocument(doc);
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ encrTokElem,
+ refList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ /**
+ * @param rmd
+ * @param sigToken
+ * @return
+ * @throws RampartException
+ */
+ private String setupEncryptedKey(RampartMessageData rmd, Token sigToken)
+ throws RampartException {
+ try {
+ WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd,
+ sigToken);
+ String id = encrKey.getId();
+ //Create a rahas token from this info and store it so we can use
+ //it in the next steps
+
+ Date created = new Date();
+ Date expires = new Date();
+ //TODO make this lifetime configurable ???
+ expires.setTime(System.currentTimeMillis() + 300000);
+ org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+ id,
+ (OMElement) encrKey.getEncryptedKeyElement(),
+ created,
+ expires);
+ tempTok.setSecret(encrKey.getEphemeralKey());
+
+ rmd.getTokenStorage().add(tempTok);
+
+ String bstTokenId = encrKey.getBSTTokenId();
+ //If direct ref is used to refer to the cert
+ //then add the cert to the sec header now
+ if(bstTokenId != null && bstTokenId.length() > 0) {
+ RampartUtil.appendChildToSecHeader(rmd,
+ encrKey.getBinarySecurityTokenElement());
+ }
+
+ return id;
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore");
+ }
+ }
+
+ /**
+ * Setup the required tokens
+ * @param rmd
+ * @param rpd
+ * @throws RampartException
+ */
+ private void initializeTokens(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ MessageContext msgContext = rmd.getMsgContext();
+ if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
+ log.debug("Procesing symmentric binding: " +
+ "Setting up encryption token and signature token");
+ //Setting up encryption token and signature token
+
+ Token sigTok = rpd.getSignatureToken();
+ Token encrTok = rpd.getEncryptionToken();
+ if(sigTok instanceof IssuedToken) {
+
+ log.debug("SignatureToken is an IssuedToken");
+
+ if(rmd.getIssuedSignatureTokenId() == null) {
+ log.debug("No Issuedtoken found, requesting a new token");
+
+ IssuedToken issuedToken = (IssuedToken)sigTok;
+
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedSignatureTokenId(id);
+
+
+ }
+
+ } else if(sigTok instanceof SecureConversationToken) {
+
+ log.debug("SignatureToken is a SecureConversationToken");
+
+ //TODO check for an existing token and use it
+
+ String secConvTokenId = rmd.getSecConvTokenId();
+
+ //The RSTR has to be secured with the cancelled token
+ String action = msgContext.getOptions().getAction();
+ boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
+
+ //In the case of the cancel req or resp we should mark the token as cancelled
+ if(secConvTokenId != null && cancelReqResp) {
+ try {
+ rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
+ msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
+
+ //remove from the local map of contexts
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
+ RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken");
+ }
+ }
+
+ if (secConvTokenId == null
+ || (secConvTokenId != null &&
+ (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
+
+ log.debug("No SecureConversationToken found, " +
+ "requesting a new token");
+
+ SecureConversationToken secConvTok =
+ (SecureConversationToken) sigTok;
+
+ try {
+
+ String id = RampartUtil.getSecConvToken(rmd, secConvTok);
+ rmd.setSecConvTokenId(id);
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingSct", e);
+ }
+ }
+ }
+
+ //If it was the ProtectionToken assertion then sigTok is the
+ //same as encrTok
+ if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
+
+ log.debug("Symmetric binding uses a ProtectionToken, both" +
+ " SignatureToken and EncryptionToken are the same");
+
+ rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
+ } else {
+ //Now we'll have to obtain the encryption token as well :-)
+ //ASSUMPTION: SecureConversationToken is used as a
+ //ProtectionToken therefore we only have to process a issued
+ //token here
+
+ log.debug("Obtaining the Encryption Token");
+ if(rmd.getIssuedEncryptionTokenId() != null) {
+
+ log.debug("EncrytionToken not alredy set");
+
+ IssuedToken issuedToken = (IssuedToken)encrTok;
+
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedEncryptionTokenId(id);
+
+ }
+
+ }
+ }
+
+ //TODO : Support processing IssuedToken and SecConvToken assertoins
+ //in supporting tokens, right now we only support UsernameTokens and
+ //X.509 Tokens
+ }
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
new file mode 100644
index 0000000..535b5ac
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -0,0 +1,344 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class TransportBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(TransportBindingBuilder.class);
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("TransportBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (rpd.isIncludeTimestamp()) {
+ addTimestamp(rmd);
+ }
+
+ /*
+ * Process Supporting tokens
+ */
+ if(rmd.isInitiator()) {
+ Vector signatureValues = new Vector();
+
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null &&
+ sgndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing signed supporting tokens");
+
+ ArrayList tokens = sgndSuppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd);
+ utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
+
+ utBuilder.prepare(rmd.getDocument());
+
+ //Add the UT
+ utBuilder.appendToHeader(rmd.getSecHeader());
+
+ } else {
+ throw new RampartException("unsupportedSignedSupportingToken",
+ new String[]{"{" +token.getName().getNamespaceURI()
+ + "}" + token.getName().getLocalPart()});
+ }
+ }
+ }
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ if(sgndEndSuppTokens != null && sgndEndSuppTokens.getTokens() != null &&
+ sgndEndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing endorsing signed supporting tokens");
+
+ ArrayList tokens = sgndEndSuppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken && rmd.isInitiator()) {
+ signatureValues.add(doIssuedTokenSignature(rmd, token));
+ } else if(token instanceof X509Token) {
+ signatureValues.add(doX509TokenSignature(rmd, token));
+ }
+ }
+ }
+
+ SupportingToken endSupptokens = rpd.getEndorsingSupportingTokens();
+ if(endSupptokens != null && endSupptokens.getTokens() != null &&
+ endSupptokens.getTokens().size() > 0) {
+ log.debug("Processing endorsing supporting tokens");
+ ArrayList tokens = endSupptokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken && rmd.isInitiator()){
+ signatureValues.add(doIssuedTokenSignature(rmd, token));
+ } else if(token instanceof X509Token) {
+ signatureValues.add(doX509TokenSignature(rmd, token));
+ }
+ }
+ }
+
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+
+ //Store the signature values vector
+ rmd.getMsgContext().setProperty(WSHandlerConstants.SEND_SIGV, signatureValues);
+ } else {
+ addSignatureConfirmation(rmd, null);
+ }
+ }
+
+
+
+ /**
+ * X.509 signature
+ * @param rmd
+ * @param token
+ */
+ private byte[] doX509TokenSignature(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ if(token.isDerivedKeys()) {
+ //In this case we will have to encrypt the ephmeral key with the
+ //other party's key and then use it as the parent key of the
+ // derived keys
+ try {
+
+ WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ encrKey.appendToHeader(rmd.getSecHeader());
+
+ WSSecDKSign dkSig = new WSSecDKSign();
+
+ dkSig.setWsConfig(rmd.getConfig());
+
+ dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+ dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);
+
+ dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+
+ dkSig.prepare(doc, rmd.getSecHeader());
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if(rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getBSTTokenId()));
+ }
+
+ dkSig.setParts(sigParts);
+
+ dkSig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSig.computeSignature();
+
+ dkSig.appendDKElementToHeader(rmd.getSecHeader());
+
+ dkSig.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+
+ try {
+ WSSecSignature sig = this.getSignatureBuider(rmd, token);
+
+
+ sig.appendBSTElementToHeader(rmd.getSecHeader());
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null ){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if (rpd.isTokenProtection()
+ && !Constants.INCLUDE_NEVER
+ .equals(token.getInclusion())) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ sig.appendToHeader(rmd.getSecHeader());
+
+ sig.computeSignature();
+
+ return sig.getSignatureValue();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+
+ }
+
+ }
+
+
+ /**
+ * IssuedToken signature
+ * @param rmd
+ * @param token
+ * @throws RampartException
+ */
+ private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc= rmd.getDocument();
+
+ //Get the issued token
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+
+ String inclusion = token.getInclusion();
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken",
+ new String[]{id} ,e);
+ }
+
+ boolean tokenIncluded = false;
+
+ if(inclusion.equals(Constants.INCLUDE_ALWAYS) ||
+ ((inclusion.equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT)
+ || inclusion.equals(Constants.INCLUDE_ONCE))
+ && rmd.isInitiator())) {
+
+ //Add the token
+ rmd.getSecHeader().getSecurityHeader().appendChild(
+ doc.importNode((Element) tok.getToken(), true));
+
+ tokenIncluded = true;
+ }
+
+ //check for dirived keys
+ if(token.isDerivedKeys()) {
+ //Create a derived key and add
+ try {
+
+ //Do Signature with derived keys
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ OMElement ref = tok.getAttachedReference();
+ if(ref == null) {
+ ref = tok.getUnattachedReference();
+ }
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+
+
+ dkSign.prepare(doc);
+
+ dkSign.appendDKElementToHeader(rmd.getSecHeader());
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if(rpd.isTokenProtection() && tokenIncluded) {
+ sigParts.add(new WSEncryptionPart(id));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ dkSign.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ //TODO: Do signature withtout derived keys with the Issuedtoken ??
+ return null;
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationCallbackHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationCallbackHandler.java
new file mode 100644
index 0000000..4b43b48
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationCallbackHandler.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.conversation;
+
+import org.apache.rahas.Token;
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+/**
+ * This is ths callback handler used to extract he secure conversation
+ * session key for a given context identifier
+ * @deprecated
+ */
+public class ConversationCallbackHandler implements CallbackHandler {
+
+ private ConversationConfiguration config;
+
+ public ConversationCallbackHandler(ConversationConfiguration config) {
+ this.config = config;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ String id = pc.getIdentifer();
+ Token tok;
+ try {
+ //Pick up the token from the token store
+ tok = this.config.getTokenStore().getToken(id);
+ //Get the secret and set it in the callback object
+ pc.setKey(tok.getSecret());
+ //Register the security context in the current configuration
+ Util.resgisterContext(id, config);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new IOException(e.getMessage());
+ }
+
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i],
+ "Unrecognized Callback");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationConfiguration.java
new file mode 100644
index 0000000..210bc5b
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationConfiguration.java
@@ -0,0 +1,688 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.conversation;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.SimpleTokenStore;
+import org.apache.rahas.TokenStorage;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * Configuration manager for Ramapart-SecConv
+ * @deprecated
+ */
+public class ConversationConfiguration {
+
+ public final static String SC_CONFIG = "sc-configuration";
+
+ public final static String SCOPE_SERVICE = "service";
+
+ public final static String SCOPE_OPERATION = "operation";
+
+ public final static QName SCOPE = new QName("scope");
+
+ public final static QName STS_EPR_ADDRESS = new QName("stsEprAddress");
+
+ public final static QName DERIVED_KEY_LENGTH = new QName("derivedKeyLength");
+
+ public final static QName KEY_DERIVATION_ALGORITHM_CLASS =
+ new QName("keyDerivationAlgorithmClass");
+
+ public final static QName TOKEN_STORE_CLASS = new QName("tokenStoreClass");
+
+ public final static QName CRYPTO_PROPERTIES_FILE = new QName(
+ "cryptoProperties");
+
+ public final static QName ENCRYPTION_USER = new QName("encryptionUser");
+
+ public final static QName PW_CALLBACK_CLASS = new QName(
+ WSHandlerConstants.PW_CALLBACK_CLASS);
+
+ private static final QName PROVIDE_ENTROPY = new QName("provideEntropy");
+
+ private String scope = SCOPE_SERVICE;
+
+ private String stsEPRAddress;
+
+ private String derivedKeyLength;
+
+ private String keyDerivationAlgorithmClass;
+
+ private Hashtable contextMap;
+
+ private String tokenStoreClass;
+
+ private TokenStorage tokenStore;
+
+ private MessageContext msgCtx;
+
+ private String contextIdentifier;
+
+ /**
+ * This is the properties of a particular <code>Crypto</code> impl
+ *
+ * @see org.apache.ws.security.components.crypto.Crypto
+ */
+ private Properties cryptoProperties;
+
+ /**
+ * This is the <code>Crypto</code> impl class name.
+ *
+ * This will ONLY be set via the message context as a property using
+ * <code>org.apache.rampart.WSSHandlerConstants#CRYPTO_PROPERTIES_KEY<code>.
+ *
+ * @see org.apache.ws.security.components.crypto.Crypto
+ * @see org.apache.ws.security.components.crypto.Merlin
+ */
+ private String cryptoClassName;
+
+ /**
+ * This is the crypto properties file to be used
+ * In this case the <code>Crypto</code> impl and its properties
+ * MUST be listed in this
+ * @see org.apache.ws.security.components.crypto.CryptoFactory#getInstance(String)
+ */
+ private String cryptoPropertiesFile;
+
+ private String passwordCallbackClass;
+
+ /**
+ * WSPasswordCallback handler reference
+ */
+ private CallbackHandler passwordCallbackRef;
+
+ /**
+ * Whether this configuration instance is created/used by the sender
+ * handler or not
+ */
+ private boolean sender;
+
+ private Document doc;
+
+ private Crypto crypto;
+
+ private ClassLoader classLoader;
+
+ private SecurityContextToken sct;
+
+ private String encryptionUser;
+
+ private boolean provideEntropy;
+
+ /**
+ * WS-Trust version to use
+ * Default is RahasConstants.VERSION_05_02
+ */
+ private int wstVersion = RahasConstants.VERSION_05_02;
+
+ /**
+ * Builds the configuration from an Axis2 parameter.
+ * @param msgCtx
+ * @param sender
+ * @return If there is an Axis2 parameter available in the context
+ * hierarchy or the configuration hierarchy then return the populated
+ * <code>ConversationConfiguration</code> instance. If the parameter is not
+ * found then
+ * @throws Exception
+ */
+ public static ConversationConfiguration load(MessageContext msgCtx, boolean sender)
+ throws Exception {
+ Parameter param = getParameter(msgCtx);
+ if(param != null) {
+ OMElement elem = param.getParameterElement();
+ if (elem != null
+ && elem.getFirstElement() != null
+ && elem.getFirstElement().getLocalName().equals(
+ SC_CONFIG)) {
+
+ OMElement confElem = elem.getFirstElement();
+
+ ConversationConfiguration config = new ConversationConfiguration();
+
+ config.msgCtx = msgCtx;
+ msgCtx.setProperty(SC_CONFIG, config);
+
+ config.scope = getStringValue(confElem.getFirstChildWithName(SCOPE));
+
+ config.stsEPRAddress = getStringValue(confElem
+ .getFirstChildWithName(STS_EPR_ADDRESS));
+
+ config.keyDerivationAlgorithmClass = getStringValue(confElem
+ .getFirstChildWithName(KEY_DERIVATION_ALGORITHM_CLASS));
+
+ config.tokenStoreClass = getStringValue(confElem
+ .getFirstChildWithName(TOKEN_STORE_CLASS));
+
+ config.cryptoPropertiesFile = getStringValue(confElem
+ .getFirstChildWithName(CRYPTO_PROPERTIES_FILE));
+
+ config.passwordCallbackClass = getStringValue(confElem
+ .getFirstChildWithName(PW_CALLBACK_CLASS));
+
+ config.encryptionUser = getStringValue(confElem
+ .getFirstChildWithName(ENCRYPTION_USER));
+
+ config.provideEntropy = confElem
+ .getFirstChildWithName(PROVIDE_ENTROPY) != null;
+
+ //Get the action<->ctx-identifier map
+ config.contextMap = (Hashtable) msgCtx
+ .getProperty(WSSHandlerConstants.CONTEXT_MAP_KEY);
+
+ //Convert the Envelop to DOOM
+ config.doc = Axis2Util.getDocumentFromSOAPEnvelope(msgCtx
+ .getEnvelope(), true);
+
+ //Token store
+ config.tokenStore = (TokenStorage) msgCtx
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY);
+
+ // Context identifier
+ if(sender) {
+ if(!msgCtx.isServerSide()) {
+ //Client side sender
+ if (config.scope.equals(ConversationConfiguration.SCOPE_OPERATION)) {
+ // Operation scope
+ String action = msgCtx.getSoapAction();
+ config.contextIdentifier = (String) config.getContextMap()
+ .get(action);
+ } else {
+ // Service scope
+ String serviceAddress = msgCtx.getTo().getAddress();
+ config.contextIdentifier = (String) config.getContextMap()
+ .get(serviceAddress);
+ }
+ if(config.sct == null && config.contextIdentifier != null) {
+ OMElement tokElem = config.getTokenStore().getToken(config.contextIdentifier).getToken();
+ config.sct = new SecurityContextToken((Element)config.doc.importNode((Element)tokElem, true));
+ }
+
+ } else {
+ //Server side sender
+ OperationContext opCtx = msgCtx.getOperationContext();
+ MessageContext inMsgCtx;
+ ConversationConfiguration inConfig = null;
+ if(opCtx != null && (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ inConfig = (ConversationConfiguration)inMsgCtx.getProperty(SC_CONFIG);
+ }
+ if(inConfig != null && inConfig.contextIdentifier != null) {
+ config.contextIdentifier = inConfig.contextIdentifier;
+ config.tokenStore = inConfig.tokenStore;
+ OMElement token = config.tokenStore.getToken(config.contextIdentifier).getToken();
+ config.sct = new SecurityContextToken((Element)config.doc.importNode((Element)token, true));
+ } else {
+ throw new RampartException("canotFindContextIdentifier");
+ }
+
+ config.setClassLoader(msgCtx.getAxisService().getClassLoader());
+ }
+ }
+
+ //Crypto properties
+ config.cryptoProperties = (Properties)msgCtx
+ .getProperty(WSSHandlerConstants.CRYPTO_PROPERTIES_KEY);
+
+ config.cryptoClassName = (String) msgCtx
+ .getProperty(WSSHandlerConstants.CRYPTO_CLASS_KEY);
+
+ config.passwordCallbackRef = (CallbackHandler)msgCtx
+ .getProperty(WSHandlerConstants.PW_CALLBACK_REF);
+
+ config.sender = sender;
+
+ return config;
+ } else {
+ throw new RampartException("missingConfiguration",
+ new String[] { SC_CONFIG });
+ }
+ } else {
+ //If there's no configuration return null
+ return null;
+ }
+
+ }
+
+ /**
+ * @param msgCtx
+ * @return The configuration parameter from the given message context
+ */
+ public static Parameter getParameter(MessageContext msgCtx) {
+ Parameter param = msgCtx.getParameter(SC_CONFIG);
+ if(param == null) {
+ param = (Parameter)msgCtx.getProperty(SC_CONFIG);
+ }
+ return param;
+ }
+
+ /**
+ * @param elem
+ * @throws RampartException
+ */
+ private static String getStringValue(OMElement elem) throws RampartException {
+ if(elem != null) {
+ return elem.getText();
+ }
+ return null;
+ }
+
+ /**
+ * Generate the Axis2 parameter representing ConversationConfiguration
+ * @return The Axis2 parameter representing ConversationConfiguration
+ */
+ public Parameter getParameter() {
+ Parameter param = new Parameter();
+ OMElement element = this.getOMElement();
+ OMElement paramElem = element.getOMFactory().createOMElement("parameter", null);
+ paramElem.addAttribute("name", ConversationConfiguration.SC_CONFIG, null);
+ paramElem.addChild(element);
+ param.setParameterElement(paramElem);
+ return param;
+ }
+
+ private OMElement getOMElement() {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SC_CONFIG, null);
+ if (this.scope != null) {
+ OMElement tempElem = factory.createOMElement(SCOPE, elem);
+ tempElem.setText(this.scope);
+ elem.addChild(tempElem);
+ }
+ if (this.stsEPRAddress != null) {
+ OMElement tempElem = factory.createOMElement(STS_EPR_ADDRESS, elem);
+ tempElem.setText(this.stsEPRAddress);
+ elem.addChild(tempElem);
+ }
+ if (this.derivedKeyLength != null) {
+ OMElement tempElem = factory.createOMElement(DERIVED_KEY_LENGTH, elem);
+ tempElem.setText(this.derivedKeyLength);
+ elem.addChild(tempElem);
+ }
+ if (this.keyDerivationAlgorithmClass != null) {
+ OMElement tempElem = factory.createOMElement(KEY_DERIVATION_ALGORITHM_CLASS, elem);
+ tempElem.setText(this.keyDerivationAlgorithmClass);
+ elem.addChild(tempElem);
+ }
+ if (this.passwordCallbackClass != null) {
+ OMElement tempElem = factory.createOMElement(PW_CALLBACK_CLASS, elem);
+ tempElem.setText(this.passwordCallbackClass);
+ elem.addChild(tempElem);
+ }
+ if(this.cryptoPropertiesFile != null) {
+ OMElement tempElem = factory.createOMElement(CRYPTO_PROPERTIES_FILE, elem);
+ tempElem.setText(this.cryptoPropertiesFile);
+ elem.addChild(tempElem);
+ }
+ if(this.encryptionUser != null) {
+ OMElement tempElem = factory.createOMElement(ENCRYPTION_USER, elem);
+ tempElem.setText(this.encryptionUser);
+ elem.addChild(tempElem);
+ }
+ if(this.provideEntropy) {
+ factory.createOMElement(PROVIDE_ENTROPY, elem);
+ }
+ return elem;
+ }
+
+// /**
+// * This registers the security context mapping ?e context identifier to
+// * the wsa:Action/soapAction or the service address, depending on the scope.
+// *
+// * @param identifier The security context identifier
+// * @throws RampartException
+// * If scope is "operation" and the wsa:Action is not available.
+// * If scope is "service" and the wsa:To is missing.
+// */
+// protected void resgisterContext(String identifier) throws RampartException {
+// this.contextIdentifier = identifier;
+//
+// if(this.scope.equals(SCOPE_OPERATION)) {
+// String action = msgCtx.getSoapAction();
+// if(action != null) {
+// this.getContextMap().put(action, identifier);
+// } else {
+// throw new RampartException("missingWSAAction");
+// }
+// } else {
+// String to = msgCtx.getTo().getAddress();
+// if(to != null) {
+// this.getContextMap().put(to, identifier);
+// } else {
+// throw new RampartException("missingWSATo");
+// }
+// }
+// //TODO
+// //this.contextMap
+// }
+
+ /**
+ * @return Returns the scope.
+ */
+ public String getScope() {
+ return scope;
+ }
+
+ /**
+ * @return Returns the stsEPR.
+ */
+ public String getStsEPRAddress() {
+ return stsEPRAddress;
+ }
+
+ /**
+ * @return Returns the derivedKeyLength.
+ */
+ public String getDerivedKeyLength() {
+ return derivedKeyLength;
+ }
+
+ /**
+ * @return Returns the keyDerivationAlgorithmClass.
+ */
+ public String getKeyDerivationAlgorithmClass() {
+ return keyDerivationAlgorithmClass;
+ }
+
+ /**
+ * @param derivedKeyLength The derivedKeyLength to set.
+ */
+ public void setDerivedKeyLength(String derivedKeyLength) {
+ this.derivedKeyLength = derivedKeyLength;
+ }
+
+ /**
+ * @param keyDerivationAlgorithmClass The keyDerivationAlgorithmClass to set.
+ */
+ public void setKeyDerivationAlgorithmClass(String keyDerivationAlgorithmClass) {
+ this.keyDerivationAlgorithmClass = keyDerivationAlgorithmClass;
+ }
+
+ /**
+ * @param scope The scope to set.
+ */
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+
+ /**
+ * @param stsEPRAddress The stsEPRAddress to set.
+ */
+ public void setStsEPRAddress(String stsEPRAddress) {
+ this.stsEPRAddress = stsEPRAddress;
+ }
+
+ /**
+ * @return Returns the contextMap.
+ */
+ protected Hashtable getContextMap() {
+ if(contextMap == null) {
+ contextMap = new Hashtable();
+
+ //Context map should be global
+ this.msgCtx.getConfigurationContext().setProperty(
+ WSSHandlerConstants.CONTEXT_MAP_KEY, contextMap);
+ }
+
+ return contextMap;
+ }
+
+ /**
+ * @return Returns the tokenStore.
+ */
+ public TokenStorage getTokenStore() throws Exception {
+ if(this.tokenStore == null) {
+
+ //First check the context hierarchy
+ this.tokenStore = (TokenStorage) this.msgCtx
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY
+ + msgCtx.getWSAAction());
+ if(this.tokenStore == null) {
+ this.tokenStore = (TokenStorage) this.msgCtx
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY
+ + msgCtx.getAxisService().getName());
+ }
+
+ //Create a new store
+ if(this.tokenStore == null) {
+ if(this.tokenStoreClass != null) {
+ this.tokenStore = (TokenStorage) Class
+ .forName(this.tokenStoreClass).newInstance();
+ } else {
+ this.tokenStore = new SimpleTokenStore();
+ }
+ }
+
+ if(SCOPE_SERVICE.equals(this.scope)) {
+ this.msgCtx.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStore);
+ } else {
+ this.msgCtx.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStore);
+ }
+ }
+ return tokenStore;
+ }
+
+ /**
+ * @return Returns the tokenStoreClass.
+ */
+ public String getTokenStoreClass() {
+ return tokenStoreClass;
+ }
+
+
+ /**
+ * @return Returns the cryptoProperties.
+ */
+ public Properties getCryptoProperties() {
+ return cryptoProperties;
+ }
+
+ /**
+ * @param cryptoProperties The cryptoProperties to set.
+ */
+ public void setCryptoProperties(Properties cryptoProperties) {
+ this.cryptoProperties = cryptoProperties;
+ }
+
+ /**
+ * @param tokenStoreClass The tokenStoreClass to set.
+ */
+ public void setTokenStoreClass(String tokenStoreClass) {
+ this.tokenStoreClass = tokenStoreClass;
+ }
+
+ /**
+ * @return Returns the cryptoPropertiesFile.
+ */
+ public String getCryptoPropertiesFile() {
+ return cryptoPropertiesFile;
+ }
+
+ /**
+ * @param cryptoPropertiesFile The cryptoPropertiesFile to set.
+ */
+ public void setCryptoPropertiesFile(String cryptoPropertiesFile) {
+ this.cryptoPropertiesFile = cryptoPropertiesFile;
+ }
+
+ /**
+ * @return Returns the cryptoClassName.
+ */
+ public String getCryptoClassName() {
+ return cryptoClassName;
+ }
+
+ /**
+ * @param cryptoClassName The cryptoClassName to set.
+ */
+ public void setCryptoClassName(String cryptoClassName) {
+ this.cryptoClassName = cryptoClassName;
+ }
+
+ /**
+ * @return Returns the sender.
+ */
+ protected boolean isSender() {
+ return sender;
+ }
+
+ /**
+ * @return Returns the doc.
+ */
+ public Document getDocument() {
+ return doc;
+ }
+
+ /**
+ * @param doc The doc to set.
+ */
+ protected void setDocument(Document doc) {
+ this.doc = doc;
+ }
+
+ /**
+ * @return Returns the passwordCallbackClass.
+ */
+ public String getPasswordCallbackClass() {
+ return passwordCallbackClass;
+ }
+
+ /**
+ * @return Returns the passwordCallbackRef.
+ */
+ public CallbackHandler getPasswordCallbackRef() {
+ return passwordCallbackRef;
+ }
+
+ /**
+ * @param passwordCallbackClass The passwordCallbackClass to set.
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.passwordCallbackClass = passwordCallbackClass;
+ }
+
+ /**
+ * @return Returns the encryptionUser.
+ */
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ /**
+ * @param encryptionUser The encryptionUser to set.
+ */
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
+ /**
+ * @return Returns the provideEntropy.
+ */
+ public boolean isProvideEntropy() {
+ return provideEntropy;
+ }
+
+ /**
+ * @param provideEntropy The provideEntropy to set.
+ */
+ public void setProvideEntropy(boolean provideEntropy) {
+ this.provideEntropy = provideEntropy;
+ }
+
+ /**
+ * @return Returns the crypto.
+ */
+ public Crypto getCrypto() {
+ return crypto;
+ }
+
+ /**
+ * @param crypto The crypto to set.
+ */
+ protected void setCrypto(Crypto crypto) {
+ this.crypto = crypto;
+ }
+
+ /**
+ * @return Returns the classLoader.
+ */
+ protected ClassLoader getClassLoader() {
+ return classLoader;
+ }
+
+ /**
+ * @param classLoader The classLoader to set.
+ */
+ protected void setClassLoader(ClassLoader classLoader) {
+ this.classLoader = classLoader;
+ }
+
+ /**
+ * @return Returns the msgCtx.
+ */
+ public MessageContext getMsgCtx() {
+ return msgCtx;
+ }
+
+ /**
+ * @return Returns the contextIdentifier.
+ */
+ public String getContextIdentifier() {
+ return contextIdentifier;
+ }
+
+ /**
+ * @param contextIdentifier The contextIdentifier to set.
+ */
+ protected void setContextIdentifier(String contextIdentifier) {
+ this.contextIdentifier = contextIdentifier;
+ }
+
+ /**
+ * @return Returns the wstVersion.
+ */
+ public int getWstVersion() {
+ return wstVersion;
+ }
+
+ /**
+ * @param wstVersion The wstVersion to set.
+ */
+ public void setWstVersion(int wstVersion) {
+ this.wstVersion = wstVersion;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/conversation/STSRequester.java b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/STSRequester.java
new file mode 100644
index 0000000..2c7ea8f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/STSRequester.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.conversation;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axis2.description.Parameter;
+import org.apache.axiom.om.util.Base64;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+
+/**
+ * @deprecated
+ */
+public class STSRequester {
+
+
+ //TODO: Remove when policy support is completed
+ public static void issueRequest(ConversationConfiguration config) throws RampartException, AxisFault, TrustException {
+ MessageContext msgCtx = config.getMsgCtx();
+ AxisService axisService = new AxisService("SecurityTokenService");
+ QName rstQn = new QName("requestSecurityToken");
+ OutInAxisOperation operation = new OutInAxisOperation(rstQn);
+ axisService.addOperation(operation);
+ ServiceClient client = new ServiceClient(msgCtx
+ .getConfigurationContext(), axisService);
+
+ Options options = new Options();
+ options.setTo(new EndpointReference(config.getStsEPRAddress()));
+
+ options.setAction(TrustUtil.getActionValue(config.getWstVersion(), RahasConstants.RST_ACTION_SCT));
+
+ //Get the security configurations
+ Parameter outFlowParam = msgCtx
+ .getParameter(WSSHandlerConstants.STS_OUTFLOW_SECURITY);
+ Parameter inFlowParam = msgCtx
+ .getParameter(WSSHandlerConstants.STS_INFLOW_SECURITY);
+
+ if(outFlowParam == null) {
+ outFlowParam = (Parameter) msgCtx
+ .getProperty(WSSHandlerConstants.STS_OUTFLOW_SECURITY);
+ }
+ if(inFlowParam == null) {
+ inFlowParam = (Parameter) msgCtx
+ .getProperty(WSSHandlerConstants.STS_INFLOW_SECURITY);
+ }
+
+
+ //Set the STS specific config config
+ options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, outFlowParam);
+ options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, inFlowParam);
+
+ client.engageModule(new QName(WSSHandlerConstants.SECURITY_MODULE_NAME));
+
+ client.setOptions(options);
+
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(config.getWstVersion());
+ TrustUtil.createRequestTypeElement(config.getWstVersion(), rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(config.getWstVersion(), rstElem);
+ tokenTypeElem.setText(ConversationConstants.getWSCNs(ConversationConstants.DEFAULT_VERSION) + ConversationConstants.TOKEN_TYPE_SECURITY_CONTEXT_TOKEN);
+
+ if(config.isProvideEntropy()) {
+ //TODO Option to get the nonce lenght and
+ //keysize from the the configuration
+
+ // Length of nonce in bytes
+ int nonceLength = 16;
+
+ OMElement entropyElem = TrustUtil.createEntropyElement(config.getWstVersion(), rstElem);
+
+ byte[] nonce = WSSecurityUtil.generateNonce(nonceLength);
+ OMElement elem = TrustUtil.createBinarySecretElement(config.getWstVersion(), entropyElem, RahasConstants.BIN_SEC_TYPE_NONCE);
+
+ elem.setText(Base64.encode(nonce));
+
+ TrustUtil.createKeySizeElement(config.getWstVersion(), rstElem, nonceLength * 8);
+ }
+
+ OMElement tempResult = client.sendReceive(rstQn, rstElem);
+ Axis2Util.useDOOM(true);
+ OMElement tempelem = Axis2Util.toDOOM(DOOMAbstractFactory.getOMFactory(), tempResult);
+ OMElement elem = (OMElement)config.getDocument().importNode((Element)tempelem, true);
+ Util.processRSTR(elem, config);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RampartException("errorInObtainingSct",
+ new String[] { config.getStsEPRAddress() }, e);
+ }
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/conversation/Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/Util.java
new file mode 100644
index 0000000..1bcfbbf
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/Util.java
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.conversation;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.Base64;
+import org.apache.axis2.util.Loader;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+import java.util.Vector;
+
+public class Util {
+
+ /**
+ * Returns the crypto instance of this configuration. If one is not
+ * availabale then it will try to create a <code>Crypto</code> instance
+ * using available configuration information and will set it as the
+ * <code>Crypto</code> instance of the configuration.
+ *
+ * @param config
+ * @return The crypto instance of this configuration
+ * @throws RahasException
+ */
+ public static Crypto getCryptoInstace(ConversationConfiguration config)
+ throws RampartException {
+ if (config.getCrypto() != null) {
+ return config.getCrypto();
+ } else {
+ Crypto crypto = null;
+ if (config.getCryptoClassName() != null
+ && config.getCryptoProperties() != null) {
+ crypto = CryptoFactory.getInstance(config.getCryptoClassName(),
+ config.getCryptoProperties());
+ } else if (config.getCryptoPropertiesFile() != null) {
+ if (config.getClassLoader() != null) {
+ crypto = CryptoFactory
+ .getInstance(config.getCryptoPropertiesFile(),
+ config.getClassLoader());
+ } else {
+ crypto = CryptoFactory.getInstance(config
+ .getCryptoPropertiesFile());
+ }
+ } else {
+ throw new RampartException("cannotCrateCryptoInstance");
+ }
+ config.setCrypto(crypto);
+ return crypto;
+ }
+ }
+
+ public static void processRSTR(OMElement rstr, ConversationConfiguration config)
+ throws Exception {
+ // Extract the SecurityContextToken
+
+ String ns = null;
+
+ OMElement rstElem =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ if (rstElem != null) {
+ ns = RahasConstants.WST_NS_05_02;
+ } else {
+ //At this point we certainthe version is the WS-SX version
+ rstElem =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ ns = RahasConstants.WST_NS_05_12;
+ }
+ Token token = null;
+ if (rstElem != null) {
+ OMElement sctElem = rstElem.getFirstElement();
+ if (sctElem != null) {
+ SecurityContextToken sct = new SecurityContextToken(
+ (Element) sctElem);
+ token = new Token(sct.getIdentifier(), sctElem, rstr
+ .getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ LIFETIME)));
+ resgisterContext(sct.getIdentifier(), config);
+ } else {
+ throw new RampartException("sctMissingInResponse");
+ }
+ } else {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ // Process RequestedProofToken and extract the secret
+ byte[] secret = null;
+ OMElement rpt = rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.LocalNames.
+ REQUESTED_PROOF_TOKEN));
+ if (rpt != null) {
+ OMElement elem = rpt.getFirstElement();
+
+ if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
+ && WSConstants.ENC_NS.equals(elem.getNamespace().getNamespaceURI())) {
+ // Handle the xenc:EncryptedKey case
+ EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+ processor.handleToken((Element) elem, null, Util
+ .getCryptoInstace(config),
+ getCallbackHandlerInstance(config), null, new Vector(),
+ null);
+ secret = processor.getDecryptedBytes();
+ } else if (RahasConstants.LocalNames.BINARY_SECRET.equals(elem.getLocalName()) &&
+ RahasConstants.WST_NS_05_02.equals(elem.getNamespace().getNamespaceURI()))
+ {
+ // Handle the wst:BinarySecret case
+ secret = Base64.decode(elem.getText());
+ } else {
+ throw new TrustException("notSupported", new String[]{"{"
+ + elem.getNamespace().getNamespaceURI() + "}"
+ + elem.getLocalName()});
+ }
+ } else {
+ throw new TrustException("rptMissing");
+ }
+
+ // Check for attached ref
+ OMElement reqAttElem =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_ATTACHED_REFERENCE));
+ OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
+ .getFirstElement();
+
+ OMElement reqUnattElem =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_UNATTACHED_REFERENCE));
+ OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
+ .getFirstElement();
+
+ token.setAttachedReference(reqAttRef);
+ token.setUnattachedReference(reqUnattRef);
+ token.setSecret(secret);
+ config.getTokenStore().add(token);
+ }
+
+ private static CallbackHandler getCallbackHandlerInstance(
+ ConversationConfiguration config) throws Exception {
+ if (config.getPasswordCallbackRef() != null) {
+ return config.getPasswordCallbackRef();
+ } else if (config.getPasswordCallbackClass() != null) {
+ if (config.getClassLoader() != null) {
+ Class clazz = Loader.loadClass(config.getClassLoader(), config
+ .getPasswordCallbackClass());
+ return (CallbackHandler) clazz.newInstance();
+ } else {
+ Class clazz = Loader.loadClass(config
+ .getPasswordCallbackClass());
+ return (CallbackHandler) clazz.newInstance();
+ }
+ } else {
+ throw new RampartException("noInfoForCBhandler");
+ }
+ }
+
+ /**
+ * This registers the security context mapping ?e context identifier to
+ * the wsa:Action/soapAction or the service address, depending on the scope.
+ *
+ * @param identifier The security context identifier
+ * @param config The ConversationConfiguration instance
+ * @throws RampartException If scope is "operation" and the wsa:Action is not available.
+ * If scope is "service" and the wsa:To is missing.
+ */
+ public static void resgisterContext(String identifier, ConversationConfiguration config) throws RampartException {
+ config.setContextIdentifier(identifier);
+
+ if (config.getScope().equals(ConversationConfiguration.SCOPE_OPERATION)) {
+ String action = config.getMsgCtx().getSoapAction();
+ if (action != null) {
+ config.getContextMap().put(action, identifier);
+ } else {
+ throw new RampartException("missingWSAAction");
+ }
+ } else {
+ String to = config.getMsgCtx().getTo().getAddress();
+ if (to != null) {
+ config.getContextMap().put(to, identifier);
+ } else {
+ throw new RampartException("missingWSATo");
+ }
+ }
+ //TODO
+ //this.contextMap
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
new file mode 100644
index 0000000..47467d1
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -0,0 +1,84 @@
+# -------------------------------------------------------------------
+# Copyright 2001-2004 The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------
+
+
+missingConfiguration = Missing or malformed configuration: \"{0}\"
+expectedParameterMissing = Expected parameter missing : \"{0}\"
+missingScopeValue = Missing or incorrect scope value
+canotFindContextIdentifier = Cannot find context identifier
+missingWSAAction = wsa:Action value missing
+missingWSATo = wsa:To address value missing
+cannotCrateCryptoInstance = Cannot create Crypto instace
+noInfoForCBhandler = Cannot obtain a callback handler with available configuration information
+missingEncryptionUser=Encryption user not specified (The context is created by the initiating party)
+
+missingSignatureCrypto=Signature crypto information not available
+missingEncryptionCrypto=Encryption crypto information not available
+missingCallbackHandler=Password callback handler cannot be located
+errorInObtainingSct=Error in obtaining SCT from \"{0}\"
+errorInObtainingToken=Error in obtaining a token
+errorInExtractingMsgProps = Error in extracting message properties
+userMissing = No user value in the rampart configuration policy
+cbHandlerMissing = Password CallbackHandler not speficied in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
+errorInGettingPasswordForUser = Error in getting password for user : \"{0}\"
+noPasswordForUser = No password supplied by the callback handler for the user : \"{0}\"
+unsupportedSignedSupportingToken = Unsupported SignedSupportingToken : \"{0}\"
+errorExtractingToken = Error extracting token : \"{0}\"
+errorInAddingTokenIntoStore = Error in adding token into store
+errorInDerivedKeyTokenSignature = Error in DerivedKeyToken signature
+errorInSignatureWithX509Token = Error in signature with X509Token
+errorCreatingEncryptedKey = Error in creating an encrypted key
+errorGettingSignatureValuesForSigconf = Error in getting signature values for signature confirmation
+cannotLoadPWCBClass = Cannot load password callback class: {0}
+cannotCreatePWCBInstance = Cannot create instance of password callback : {0}
+pwcbFailed = password callback failed
+unknownKeyRefSpeficier = Unknown key reference specifier for X509Token
+errorInRetrievingTokenId = Error in retrieving token : {0}
+errorInEncryption = Error in encryption
+errorInDKEncr = Error in encryption with a derived key
+errorCreatingRahasToken = Error in creating a org.apache.rahas.Token instance
+UnsupportedTokenInSupportingToken = Unsupported token in supporting tokens
+encryptionTokenMissing = Encryption token missing
+signatureTokenMissing = Signature token missging
+errorInEncryption = Error during encryption
+sctIssuerPolicyMissing = sct-issuer-policy parameter missing
+errorInTokenCancellation = Error in cancelling token
+tokenToBeCancelledInvalid = Token to be cancelled is invalid or expired
+errorCreatingRSTTemplateForSCT=Error in creating RST template for SCT
+noSecurityToken = Missing security token
+noSecurityResults= No security processing results from the incoming message
+missingEncryptedKeyInRequest=There was no EncryptedKey in the request message
+rampartConigMissing = Please include configured RampartConfiguration assertion in policy
+
+#Errors in processors
+errorProcessingUT = Error in processing UsernameToken
+
+cannotValidateTimestamp = The timestamp could not be validated
+trustVerificationError = The certificate used for the signature is not trusted
+cannotFindAliasForCert = Could not get alias for certificate with {0}
+noCertForAlias = Could not get certificates for alias {0}
+certPathVerificationFailed = Certificate path verification failed for certificate with subject
+
+#Rampart Results Validation Errors
+timestampMissing = Missing Timestamp
+encryptedPartMissing = Missing encryption result for id : {0}
+invalidNumberOfEncryptedParts = Invalid number of encrypted parts
+protectionOrderMismatch = Protection order mismatch
+usernameTokenMissing = UsernameToken missing in request
+signatureMissing = Message is not signed
+unexprectedEncryptedPart = Unexpected encrypted data found, no encryption required
+encryptionMissing = Expected encrypted part missing
+signedPartHeaderNotSigned = Soap Header must be signed : {0}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
new file mode 100644
index 0000000..14bb6e0
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -0,0 +1,136 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.rampart.RampartEngine;
+import org.apache.rampart.RampartException;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import java.util.Iterator;
+import java.util.Vector;
+
+
+public class RampartReceiver implements Handler {
+
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("deafult Handler");
+
+ private HandlerDescription handlerDesc;
+
+
+ public RampartReceiver() {
+ this.handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public void cleanup() {
+ }
+
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ RampartEngine engine = new RampartEngine();
+ Vector wsResult;
+ try {
+ wsResult = engine.process(msgContext);
+
+ } catch (WSSecurityException e) {
+ e.printStackTrace();
+ throw new AxisFault(e.getMessage(), e);
+ } catch (WSSPolicyException e) {
+ e.printStackTrace();
+ throw new AxisFault(e.getMessage(), e);
+ } catch (RampartException e) {
+ e.printStackTrace();
+ throw new AxisFault(e.getMessage(), e);
+ }
+
+ if(wsResult == null) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ Vector results = null;
+ if ((results = (Vector) msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+ results = new Vector();
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
+ }
+ WSHandlerResult rResult = new WSHandlerResult("", wsResult);
+ results.add(0, rResult);
+
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "RampartReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = header.getChildElements();
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ headerBlock.setProcessed();
+ return InvocationResponse.CONTINUE;
+
+ }
+
+
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ public String getName() {
+ return "Apache Rampart inflow handler";
+ }
+
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
new file mode 100644
index 0000000..28a08d2
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.rampart.MessageBuilder;
+import org.apache.rampart.RampartException;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityException;
+
+
+public class RampartSender implements Handler {
+
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("deafult Handler");
+
+ private HandlerDescription handlerDesc;
+
+
+ public RampartSender() {
+ this.handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public void cleanup() {
+ }
+
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ MessageBuilder builder = new MessageBuilder();
+ try {
+ builder.build(msgContext);
+ } catch (WSSecurityException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (WSSPolicyException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (RampartException e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+ return InvocationResponse.CONTINUE;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ public String getName() {
+ return "Apache Rampart outflow handler";
+ }
+
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java
new file mode 100644
index 0000000..15b6bd1
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.handler.WSHandler;
+
+/**
+ * Class WSDoAllHandler
+ */
+public abstract class WSDoAllHandler extends WSHandler implements Handler {
+
+ /**
+ * Field EMPTY_HANDLER_METADATA
+ */
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("deafult Handler");
+
+ private final static String WSS_PASSWORD = "password";
+
+ private final static String WSS_USERNAME = "username";
+
+ /**
+ * Field handlerDesc
+ */
+ protected HandlerDescription handlerDesc;
+
+ /**
+ * In Axis2, the user cannot set inflow and outflow parameters.
+ * Therefore, we need to map the Axis2 specific inflow and outflow
+ * parameters to WSS4J params,
+ * <p/>
+ * Knowledge of inhandler and out handler is used to get the mapped value.
+ */
+ protected boolean inHandler;
+
+ /**
+ * Constructor AbstractHandler.
+ */
+ public WSDoAllHandler() {
+ handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public abstract void processMessage(MessageContext msgContext) throws AxisFault;
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.engine.Handler#invoke(org.apache.axis2.context.MessageContext)
+ */
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+ //If the security module is not engaged for this service
+ //do not do any processing
+ if (msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ this.processMessage(msgContext);
+ }
+ return InvocationResponse.CONTINUE;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ /**
+ * Method getName.
+ *
+ * @return Returns name.
+ */
+ public String getName() {
+ return handlerDesc.getName();
+ }
+
+ /**
+ * Method cleanup.
+ */
+ public void cleanup() {
+ }
+
+ /**
+ * Method getParameter.
+ *
+ * @param name
+ * @return Returns parameter.
+ */
+ public Parameter getParameter(String name) {
+ return handlerDesc.getParameter(name);
+ }
+
+ /**
+ * Method init.
+ *
+ * @param handlerdesc
+ */
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ /**
+ * Gets the handler description.
+ *
+ * @return Returns handler description.
+ */
+ public HandlerDescription getHandlerDesc() {
+ return handlerDesc;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ String name = this.getName();
+ return (name != null) ? name : null;
+ }
+
+
+ public Object getProperty(Object msgContext, String axisKey) {
+
+ int repetition = getCurrentRepetition(msgContext);
+
+ String key = Axis2Util.getKey(axisKey, inHandler, repetition);
+ Object property = ((MessageContext) msgContext).getProperty(key);
+ if (property == null) {
+ //Try the description hierarchy
+ Parameter parameter = ((MessageContext) msgContext).getParameter(key);
+ if (parameter != null) {
+ property = parameter.getValue();
+ }
+ }
+ return property;
+ }
+
+ /**
+ * Returns the repetition number from the message context
+ *
+ * @param msgContext
+ * @return Returns int.
+ */
+ protected int getCurrentRepetition(Object msgContext) {
+ //get the repetition from the message context
+ int repetition = 0;
+ if (!inHandler) {//We only need to repete the out handler
+ Integer count = (Integer) ((MessageContext) msgContext).getProperty(WSSHandlerConstants.CURRENT_REPETITON);
+ if (count != null) { //When we are repeting the handler
+ repetition = count.intValue();
+ }
+ }
+ return repetition;
+ }
+
+ public String getPassword(Object msgContext) {
+ return (String) ((MessageContext) msgContext).getProperty(WSS_PASSWORD);
+ }
+
+ public void setPassword(Object msgContext, String password) {
+ ((MessageContext) msgContext).setProperty(WSS_PASSWORD, password);
+ }
+
+ public String getUsername(Object msgContext) {
+ return (String) ((MessageContext) msgContext).getProperty(WSS_USERNAME);
+ }
+
+ public void setUsername(Object msgContext, String username) {
+ ((MessageContext) msgContext).setProperty(WSS_USERNAME, username);
+ }
+
+ /**
+ * Gets optoin. Extracts the configuration values from the service.xml
+ * and/or axis2.xml. Values set in the service.xml takes prority over
+ * values of the axis2.xml
+ */
+ public Object getOption(String axisKey) {
+ Parameter parameter = this.handlerDesc.getParameter(axisKey);
+ return (parameter == null) ? null : parameter.getValue();
+ }
+
+ public void setProperty(Object msgContext, String key, Object value) {
+ ((MessageContext) msgContext).setProperty(key, value);
+ }
+
+ /**
+ * Overrides the class loader used to load the PW callback class.
+ *
+ * @param msgCtx MessageContext
+ * @return Returns class loader.
+ */
+ public java.lang.ClassLoader getClassLoader(Object msgCtx) {
+ try {
+ return ((MessageContext) msgCtx).getAxisService().getClassLoader();
+ } catch (Throwable t) {
+ return super.getClassLoader(msgCtx);
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
new file mode 100644
index 0000000..4baa49f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
@@ -0,0 +1,453 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.conversation.ConversationCallbackHandler;
+import org.apache.rampart.conversation.ConversationConfiguration;
+import org.apache.rampart.conversation.Util;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.Vector;
+
+/**
+ * @deprecated
+ */
+public class WSDoAllReceiver extends WSDoAllHandler {
+
+ private static final Log log = LogFactory.getLog(WSDoAllReceiver.class);
+
+ public WSDoAllReceiver() {
+ super();
+ inHandler = true;
+ }
+
+ public void processMessage(MessageContext msgContext) throws AxisFault {
+
+ boolean doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("WSDoAllReceiver: enter invoke() ");
+ }
+
+ String useDoomValue = (String) getProperty(msgContext,
+ WSSHandlerConstants.USE_DOOM);
+ boolean useDoom = useDoomValue != null
+ && Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
+
+ RequestData reqData = new RequestData();
+ try {
+
+ Parameter param = ConversationConfiguration
+ .getParameter(msgContext);
+
+ if (param == null
+ || WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext
+ .getWSAAction())
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext
+ .getWSAAction())) {
+ this.processBasic(msgContext, useDoom, reqData);
+ } else {
+ this.processSecConv(msgContext);
+ }
+ } catch (AxisFault axisFault) {
+ setAddressingInformationOnFault(msgContext);
+ throw axisFault;
+ } catch (Exception e) {
+ setAddressingInformationOnFault(msgContext);
+ throw new AxisFault(e.getMessage(), e);
+ } finally {
+
+ if (reqData != null) {
+ reqData.clear();
+ reqData = null;
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllReceiver: exit invoke()");
+ }
+ }
+
+ }
+
+ /**
+ * Use WS-SecureConversation to secure messages
+ * @param msgContext
+ * @throws Exception
+ */
+ private void processSecConv(MessageContext msgContext) throws Exception {
+ // Parse the configuration
+ ConversationConfiguration config = ConversationConfiguration
+ .load(msgContext, false);
+
+ // check if there's an RSTR in the msg and process it if exists
+ SOAPEnvelope env = (SOAPEnvelope) config.getDocument()
+ .getDocumentElement();
+ SOAPHeader header = env.getHeader();
+ if (header != null
+ && header
+ .getFirstChildWithName(new QName(
+ WSSHandlerConstants.WST_NS,
+ WSSHandlerConstants.REQUEST_SECURITY_TOKEN_RESPONSE_LN)) != null) {
+ OMElement elem = header
+ .getFirstChildWithName(new QName(
+ WSSHandlerConstants.WST_NS,
+ WSSHandlerConstants.REQUEST_SECURITY_TOKEN_RESPONSE_LN));
+ Util.processRSTR(elem, config);
+ }
+
+ secEngine.processSecurityHeader(config.getDocument(), null,
+ new ConversationCallbackHandler(config), config
+ .getCrypto());
+
+
+ // Convert back to llom since the inflow cannot use llom
+ msgContext.setEnvelope(Axis2Util
+ .getSOAPEnvelopeFromDOMDocument(config.getDocument(), true));
+
+ SOAPHeader soapHeader = null;
+ try {
+ soapHeader = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "WSDoAllReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = soapHeader.examineAllHeaderBlocks();
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ headerBlock.setProcessed();
+
+
+ }
+
+ private void processBasic(MessageContext msgContext, boolean useDoom, RequestData reqData)
+ throws Exception {
+
+ // populate the properties
+ try {
+ HandlerParameterDecoder.processParameters(msgContext, true);
+ } catch (Exception e) {
+ throw new AxisFault("Configuration error", e);
+ }
+
+ reqData = new RequestData();
+
+ reqData.setMsgContext(msgContext);
+
+ if (((getOption(WSSHandlerConstants.INFLOW_SECURITY)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY)) == null)) {
+
+ if (msgContext.isServerSide() &&
+ ((getOption(WSSHandlerConstants.INFLOW_SECURITY_SERVER)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY_SERVER)) == null)) {
+
+ return;
+ } else if (((getOption(WSSHandlerConstants.INFLOW_SECURITY_CLIENT)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY_CLIENT)) == null)) {
+
+ return;
+ }
+ }
+
+ Vector actions = new Vector();
+ String action = null;
+ if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
+ action = (String) getProperty(msgContext,
+ WSSHandlerConstants.ACTION_ITEMS);
+ }
+ if (action == null) {
+ throw new AxisFault("WSDoAllReceiver: No action items defined");
+ }
+ int doAction = WSSecurityUtil.decodeAction(action, actions);
+
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ }
+
+ String actor = (String) getOption(WSHandlerConstants.ACTOR);
+
+ Document doc = null;
+
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext
+ .getEnvelope(), useDoom);
+ } catch (WSSecurityException wssEx) {
+ throw new AxisFault(
+ "WSDoAllReceiver: Error in converting to Document", wssEx);
+ }
+
+ // Do not process faults
+ SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
+ .getDocumentElement());
+ if (WSSecurityUtil.findElement(doc.getDocumentElement(), "Fault",
+ soapConstants.getEnvelopeURI()) != null) {
+ return;
+ }
+
+ /*
+ * To check a UsernameToken or to decrypt an encrypted message we need a
+ * password.
+ */
+ CallbackHandler cbHandler = null;
+ if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
+ cbHandler = getPasswordCB(reqData);
+ }
+
+ // Copy the WSHandlerConstants.SEND_SIGV over to the new message
+ // context - if it exists, if signatureConfirmation in the response msg
+ String sigConfEnabled = null;
+ if ((sigConfEnabled = (String) getOption(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION)) == null) {
+ sigConfEnabled = (String) getProperty(msgContext,
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+ // To handle sign confirmation of a sync response
+ // TODO Async response
+ if (!msgContext.isServerSide()
+ && !"false".equalsIgnoreCase(sigConfEnabled)) {
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ if (outMsgCtx != null) {
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV, outMsgCtx
+ .getProperty(WSHandlerConstants.SEND_SIGV));
+ } else {
+ throw new WSSecurityException(
+ "Cannot obtain request message context");
+ }
+ }
+
+ /*
+ * Get and check the Signature specific parameters first because they
+ * may be used for encryption too.
+ */
+
+ doReceiverAction(doAction, reqData);
+
+ Vector wsResult = null;
+ try {
+ wsResult = secEngine.processSecurityHeader(doc, actor, cbHandler,
+ reqData.getSigCrypto(), reqData.getDecCrypto());
+ } catch (WSSecurityException ex) {
+ throw new AxisFault("WSDoAllReceiver: security processing failed",
+ ex);
+ }
+ if (wsResult == null) { // no security header found
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ } else {
+ throw new AxisFault(
+ "WSDoAllReceiver: Incoming message does not contain required Security header");
+ }
+ }
+
+ if (reqData.getWssConfig().isEnableSignatureConfirmation()
+ && !msgContext.isServerSide()) {
+ checkSignatureConfirmation(reqData, wsResult);
+ }
+
+ /**
+ * Set the new SOAPEnvelope
+ */
+
+ msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
+
+ /*
+ * After setting the new current message, probably modified because of
+ * decryption, we need to locate the security header. That is, we force
+ * Axis (with getSOAPEnvelope()) to parse the string, build the new
+ * header. Then we examine, look up the security header and set the
+ * header as processed.
+ *
+ * Please note: find all header elements that contain the same actor
+ * that was given to processSecurityHeader(). Then check if there is a
+ * security header with this actor.
+ */
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "WSDoAllReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = header.examineHeaderBlocks(actor);
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ headerBlock.setProcessed();
+
+ /*
+ * Now we can check the certificate used to sign the message. In the
+ * following implementation the certificate is only trusted if either it
+ * itself or the certificate of the issuer is installed in the keystore.
+ *
+ * Note: the method verifyTrust(X509Certificate) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the signature action result from the action vector
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ wsResult, WSConstants.SIGN);
+
+ if (actionResult != null) {
+ X509Certificate returnCert = actionResult.getCertificate();
+
+ if (returnCert != null) {
+ if (!verifyTrust(returnCert, reqData)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: The certificate used for the signature is not trusted");
+ }
+ }
+ }
+
+ /*
+ * Perform further checks on the timestamp that was transmitted in the
+ * header. In the following implementation the timestamp is valid if it
+ * was created after (now-ttl), where ttl is set on server side, not by
+ * the client.
+ *
+ * Note: the method verifyTimestamp(Timestamp) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the timestamp action result from the action vector
+ actionResult = WSSecurityUtil.fetchActionResult(wsResult,
+ WSConstants.TS);
+
+ if (actionResult != null) {
+ Timestamp timestamp = actionResult.getTimestamp();
+
+ if (timestamp != null) {
+ String ttl = null;
+ if ((ttl = (String) getOption(WSHandlerConstants.TTL_TIMESTAMP)) == null) {
+ ttl = (String) getProperty(msgContext,
+ WSHandlerConstants.TTL_TIMESTAMP);
+ }
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = reqData.getTimeToLive();
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = reqData.getTimeToLive();
+ }
+
+ if (!verifyTimestamp(timestamp, reqData.getTimeToLive())) {
+ throw new AxisFault(
+ "WSDoAllReceiver: The timestamp could not be validated");
+ }
+ }
+ }
+
+ /*
+ * now check the security actions: do they match, in right order?
+ */
+ if (!checkReceiverResults(wsResult, actions)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: security processing failed (actions mismatch)");
+
+ }
+ /*
+ * All ok up to this point. Now construct and setup the security result
+ * structure. The service may fetch this and check it. Also the
+ * DoAllSender will use this in certain situations such as:
+ * USE_REQ_SIG_CERT to encrypt
+ */
+ Vector results = null;
+ if ((results = (Vector) getProperty(msgContext,
+ WSHandlerConstants.RECV_RESULTS)) == null) {
+ results = new Vector();
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
+ }
+ WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
+ results.add(0, rResult);
+ }
+
+ private void setAddressingInformationOnFault(MessageContext msgContext) {
+ SOAPEnvelope env = msgContext.getEnvelope();
+ SOAPHeader header = env.getHeader();
+
+ if (header != null) {
+ OMElement msgIdElem = header.getFirstChildWithName(new QName(
+ AddressingConstants.Final.WSA_NAMESPACE,
+ AddressingConstants.WSA_MESSAGE_ID));
+ if (msgIdElem == null) {
+ msgIdElem = header.getFirstChildWithName(new QName(
+ AddressingConstants.Submission.WSA_NAMESPACE,
+ AddressingConstants.WSA_MESSAGE_ID));
+ }
+ if (msgIdElem != null && msgIdElem.getText() != null) {
+ msgContext.getOptions().setMessageId(msgIdElem.getText());
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
new file mode 100644
index 0000000..ba35ade
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
@@ -0,0 +1,444 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.conversation.ConversationConfiguration;
+import org.apache.rampart.conversation.STSRequester;
+import org.apache.rampart.conversation.Util;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.rampart.util.MessageOptimizer;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Vector;
+
+/**
+ * @deprecated
+ */
+public class WSDoAllSender extends WSDoAllHandler {
+
+ private static final Log log = LogFactory.getLog(WSDoAllSender.class);
+
+
+ public WSDoAllSender() {
+ super();
+ inHandler = false;
+ }
+
+ public void processMessage(MessageContext msgContext) throws AxisFault {
+
+ String useDoomValue = (String) getProperty(msgContext,
+ WSSHandlerConstants.USE_DOOM);
+ boolean useDoom = useDoomValue != null
+ && Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
+
+ RequestData reqData = new RequestData();
+ try {
+ Parameter param = ConversationConfiguration.getParameter(msgContext);
+
+ if(param == null || WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction()) ||
+ WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction()) ||
+ WSSHandlerConstants.RSTR_ACTON_ISSUE.equals(msgContext.getWSAAction())) {
+ //If the msgs are msgs to an STS then use basic WS-Sec
+ processBasic(msgContext, useDoom, reqData);
+ } else {
+ processSecConv(msgContext);
+ }
+
+ } catch (Exception e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+ finally {
+ if(reqData != null) {
+ reqData.clear();
+ reqData = null;
+ }
+ }
+ }
+
+ /**
+ * Use WS-SecureConversation to secure the messages
+ * @param msgContext
+ * @throws Exception
+ */
+ private void processSecConv(MessageContext msgContext) throws Exception {
+ //Parse the Conversation configuration
+ ConversationConfiguration config = ConversationConfiguration.load(msgContext, true);
+ if(config != null)
+ msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
+ .getDocumentElement());
+
+ if(!config.getMsgCtx().isServerSide()) {
+ if(config.getContextIdentifier() == null && !config.getMsgCtx().isServerSide()) {
+
+ String sts = config.getStsEPRAddress();
+ if(sts != null) {
+ //Use a security token service
+ Axis2Util.useDOOM(false);
+ STSRequester.issueRequest(config);
+ Axis2Util.useDOOM(true);
+ } else {
+ //Create an an SCT, include it in an RSTR
+ // and add the RSTR to the header
+ this.createRSTR(config);
+ }
+
+ }
+ }
+ this.constructMessage(config);
+ }
+
+ /**
+ * This will carryout the WS-Security related operations.
+ *
+ * @param msgContext
+ * @param useDoom
+ * @throws WSSecurityException
+ * @throws AxisFault
+ */
+ private void processBasic(MessageContext msgContext, boolean useDoom,
+ RequestData reqData) throws WSSecurityException, AxisFault {
+ boolean doDebug = log.isDebugEnabled();
+
+ try {
+ HandlerParameterDecoder.processParameters(msgContext,false);
+ } catch (Exception e) {
+ throw new AxisFault("Configureation error", e);
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllSender: enter invoke()");
+ }
+
+ /*
+ * Copy the RECV_RESULTS over to the current message context
+ * - IF available
+ */
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
+
+
+
+ reqData.setNoSerialization(false);
+ reqData.setMsgContext(msgContext);
+
+ if (((getOption(WSSHandlerConstants.OUTFLOW_SECURITY)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY)) == null)) {
+
+ if (msgContext.isServerSide() &&
+ ((getOption(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY_SERVER)) == null)) {
+
+ return;
+ } else if (((getOption(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT)) == null)) {
+
+ return;
+ }
+ }
+
+ Vector actions = new Vector();
+ String action = null;
+ if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
+ action = (String) getProperty(msgContext, WSSHandlerConstants.ACTION_ITEMS);
+ }
+ if (action == null) {
+ throw new AxisFault("WSDoAllReceiver: No action items defined");
+ }
+
+ int doAction = WSSecurityUtil.decodeAction(action, actions);
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ }
+
+ /*
+ * For every action we need a username, so get this now. The
+ * username defined in the deployment descriptor takes precedence.
+ */
+ reqData.setUsername((String) getOption(WSHandlerConstants.USER));
+ if (reqData.getUsername() == null || reqData.getUsername().length() == 0) {
+ String username = (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.USER);
+ if (username != null) {
+ reqData.setUsername(username);
+ }
+ }
+
+ /*
+ * Now we perform some set-up for UsernameToken and Signature
+ * functions. No need to do it for encryption only. Check if
+ * username is available and then get a passowrd.
+ */
+ if ((doAction & (WSConstants.SIGN | WSConstants.UT | WSConstants.UT_SIGN)) != 0) {
+ /*
+ * We need a username - if none throw an AxisFault. For
+ * encryption there is a specific parameter to get a username.
+ */
+ if (reqData.getUsername() == null
+ || reqData.getUsername().length() == 0) {
+ throw new AxisFault(
+ "WSDoAllSender: Empty username for specified action");
+ }
+ }
+
+ /*
+ * Now get the SOAPEvelope from the message context and convert it
+ * into a Document
+ *
+ * Now we can perform our security operations on this request.
+ */
+
+
+ Document doc = null;
+ /*
+ * If the message context property conatins a document then this is
+ * a chained handler.
+ */
+ if ((doc = (Document) ((MessageContext)reqData.getMsgContext())
+ .getProperty(WSHandlerConstants.SND_SECURITY)) == null) {
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext.getEnvelope(), useDoom);
+ } catch (WSSecurityException wssEx) {
+ throw new AxisFault("WSDoAllReceiver: Error in converting to Document", wssEx);
+ }
+ }
+
+
+ doSenderAction(doAction, doc, reqData, actions, !msgContext.isServerSide());
+
+ /*
+ * If noSerialization is false, this handler shall be the last (or
+ * only) one in a handler chain. If noSerialization is true, just
+ * set the processed Document in the transfer property. The next
+ * Axis WSS4J handler takes it and performs additional security
+ * processing steps.
+ *
+ */
+ if (reqData.isNoSerialization()) {
+ ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY,
+ doc);
+ } else {
+ if(useDoom) {
+ msgContext.setEnvelope((SOAPEnvelope)doc.getDocumentElement());
+ } else {
+ msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
+ }
+ ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY, null);
+ }
+
+
+ /**
+ * If the optimizeParts parts are set then optimize them
+ */
+ String optimizeParts;
+
+ if((optimizeParts = (String) getOption(WSSHandlerConstants.OPTIMIZE_PARTS)) == null) {
+ optimizeParts = (String)
+ getProperty(reqData.getMsgContext(), WSSHandlerConstants.OPTIMIZE_PARTS);
+ }
+ if(optimizeParts != null) {
+ // Optimize the Envelope
+ MessageOptimizer.optimize(msgContext.getEnvelope(),optimizeParts);
+ }
+
+ //Enable handler repetition
+ Integer repeat;
+ int repeatCount;
+ if ((repeat = (Integer)getOption(WSSHandlerConstants.SENDER_REPEAT_COUNT)) == null) {
+ repeat = (Integer)
+ getProperty(reqData.getMsgContext(), WSSHandlerConstants.SENDER_REPEAT_COUNT);
+ }
+
+ repeatCount = repeat.intValue();
+
+ //Get the current repetition from message context
+ int repetition = this.getCurrentRepetition(msgContext);
+
+ if(repeatCount > 0 && repetition < repeatCount) {
+
+ reqData.clear();
+ reqData = null;
+
+ // Increment the repetition to indicate the next repetition
+ // of the same handler
+ repetition++;
+ msgContext.setProperty(WSSHandlerConstants.CURRENT_REPETITON,
+ new Integer(repetition));
+
+ this.invoke(msgContext);
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllSender: exit invoke()");
+ }
+ }
+
+
+ /**
+ * Create the self created <code>wsc:SecurityContextToken</code> and
+ * add it to a <code>wst:RequestSecurityTokenResponse</code>.
+ *
+ * This is called in the case where the security context establishment
+ * is done by one of the parties with out the use of an STS
+ * and the creted SCT is sent across to the other party in an unsolicited
+ * <code>wst:RequestSecurityTokenResponse</code>
+ *
+ * @param config
+ * @throws Exception
+ */
+ private void createRSTR(ConversationConfiguration config) throws Exception {
+
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ Crypto crypto = org.apache.rampart.conversation.Util.getCryptoInstace(config);
+ String encryptionUser = config.getEncryptionUser();
+ if(encryptionUser == null) {
+ throw new RampartException("missingEncryptionUser");
+ }
+ X509Certificate cert = crypto.getCertificates(encryptionUser)[0];
+
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ try {
+ encrKeyBuilder.setUseThisCert(cert);
+ encrKeyBuilder.prepare(config.getDocument(), crypto);
+ } catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { cert.getSubjectDN().getName()}, e);
+ }
+
+ SecurityContextToken sct = new SecurityContextToken(config.getDocument());
+ Util.resgisterContext(sct.getIdentifier(), config);
+
+ //Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+
+ expirationTime.setTime(creationTime.getTime() + 300000);
+
+ Token token = new Token(sct.getIdentifier(), (OMElement)sct.getElement(), creationTime, expirationTime);
+ token.setSecret(encrKeyBuilder.getEphemeralKey());
+
+ config.getTokenStore().add(token);
+
+ SOAPEnvelope env = config.getMsgCtx().getEnvelope();
+
+ SOAPHeader header = env.getHeader();
+ if(header == null) {
+ header = ((SOAPFactory)env.getOMFactory()).createSOAPHeader(env);
+ }
+
+ OMElement rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(config.getWstVersion(), header);
+
+ OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(config.getWstVersion(), rstrElem);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(config.getWstVersion(), rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ rstElem.addChild((OMElement)sct.getElement());
+
+ TrustUtil.createRequestedAttachedRef(config.getWstVersion(), rstrElem,
+ "#" + sct.getID(), WSSHandlerConstants.TOK_TYPE_SCT);
+
+ TrustUtil
+ .createRequestedUnattachedRef(config.getWstVersion(), rstrElem,
+ sct.getIdentifier(), WSSHandlerConstants.TOK_TYPE_SCT);
+
+ Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+
+ OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
+ config.getWstVersion(), rstrElem);
+
+ if(bstElem != null) {
+ reqProofTok.addChild((OMElement)bstElem);
+ }
+
+ reqProofTok.addChild((OMElement)encryptedKeyElem);
+
+ }
+
+ private void constructMessage(ConversationConfiguration config) throws Exception {
+
+ Document doc = config.getDocument();
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Token tempToken = config.getTokenStore().getToken(
+ config.getContextIdentifier());
+ byte[] tempSecret = tempToken.getSecret();
+
+ SecurityContextToken sct = new SecurityContextToken((Element) doc
+ .importNode((Element) tempToken.getToken(), true));
+
+ // Derived key encryption
+ WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+ OMElement attachedReference = tempToken.getAttachedReference();
+ if(attachedReference != null) {
+ encrBuilder.setExternalKey(tempSecret, (Element) doc.importNode(
+ (Element) attachedReference, true));
+ } else {
+ String tokenId = sct.getID();
+ encrBuilder.setExternalKey(tempSecret, tokenId);
+ }
+ encrBuilder.build(doc, secHeader);
+
+ WSSecurityUtil.prependChildElement(doc, secHeader.getSecurityHeader(),
+ sct.getElement(), false);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
new file mode 100644
index 0000000..b03cc00
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+/**
+ * Constants specific to the Axis2 security module
+ */
+public class WSSHandlerConstants {
+
+ private WSSHandlerConstants() {
+ }
+
+ /**
+ * Name of the .mar file
+ */
+ public final static String SECURITY_MODULE_NAME = "rampart";
+
+ /**
+ * Inflow security parameter
+ */
+ public static final String INFLOW_SECURITY = "InflowSecurity";
+
+ public static final String INFLOW_SECURITY_SERVER = "InflowSecurity-server";
+ public static final String INFLOW_SECURITY_CLIENT = "InflowSecurity-client";
+
+ /**
+ * Outflow security parameter
+ */
+ public static final String OUTFLOW_SECURITY = "OutflowSecurity";
+
+ public static final String OUTFLOW_SECURITY_SERVER = "OutflowSecurity-server";
+ public static final String OUTFLOW_SECURITY_CLIENT = "OutflowSecurity-client";
+
+
+ /**
+ * Inflow security parameter of a client to talk to an STS
+ * when sec conv is used
+ */
+ public final static String STS_INFLOW_SECURITY = "STSInflowSecurity";
+
+ /**
+ * Outflow security parameter of a client to talk to an STS
+ * when sec conv is used
+ */
+ public final static String STS_OUTFLOW_SECURITY = "STSOutflowSecurity";
+
+
+ public static final String ACTION = "action";
+
+ public static final String ACTION_ITEMS = "items";
+
+
+ /**
+ * Repetition count
+ */
+ public static final String SENDER_REPEAT_COUNT = "senderRepeatCount";
+
+ /**
+ * The current repetition
+ */
+ public static final String CURRENT_REPETITON = "currentRepetition";
+
+ /**
+ * This is used to indicate the XPath expression used to indicate the
+ * Elements whose first child (must be a text node) is to be optimized
+ */
+ public static final String OPTIMIZE_PARTS = "optimizeParts";
+
+ public static final String PRESERVE_ORIGINAL_ENV = "preserveOriginalEnvelope";
+
+
+ /*
+ * These are useful in configuring using the OutflowConfiguration
+ * and InflowConfiguration
+ * The set of possible key identifiers
+ */
+
+ public static final String BST_DIRECT_REFERENCE = "DirectReference";
+
+ public static final String ISSUER_SERIAL = "IssuerSerial";
+
+ public static final String X509_KEY_IDENTIFIER = "X509KeyIdentifier";
+
+ public static final String SKI_KEY_IDENTIFIER = "SKIKeyIdentifier";
+
+ public static final String EMBEDDED_KEYNAME = "EmbeddedKeyName";
+
+ public static final String THUMBPRINT_IDENTIFIER = "Thumbprint";
+
+
+ public final static String SIGN_ALL_HEADERS = "signAllHeaders";
+ public final static String SIGN_BODY = "signBody";
+ public final static String ENCRYPT_BODY = "encryptBody";
+
+ /**
+ * Key to be used to set a flag in msg ctx to enable/disable using doom
+ */
+ public final static String USE_DOOM = "useDoom";
+
+
+ ///
+ /// WS-SecureConversation constants
+ ///
+
+
+ /**
+ * Key to hod the map of security context identifiers against the
+ * service epr addresses (service scope) or wsa:Action values (operation
+ * scope).
+ */
+ public final static String CONTEXT_MAP_KEY = "contextMap";
+
+ /**
+ * The <code>java.util.Properties</code> object holding the properties
+ * of a <code>org.apache.ws.security.components.crypto.Crypto</code> impl.
+ *
+ * This should ONLY be used when the CRYPTO_CLASS_KEY is specified.
+ *
+ * @see org.apache.ws.security.components.crypto.Crypto
+ */
+ public final static String CRYPTO_PROPERTIES_KEY = "cryptoPropertiesRef";
+
+ /**
+ * The class that implements
+ * <code>org.apache.ws.security.components.crypto.Crypto</code>.
+ */
+ public final static String CRYPTO_CLASS_KEY = "cryptoClass";
+
+ //TODO: Get these constants from the WS-Trust impl's constants
+ public final static String RST_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";
+ public final static String RSTR_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT";
+ public final static String RSTR_ACTON_ISSUE = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";
+
+ public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
+
+ public final static String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+ public static final String REQUEST_SECURITY_TOKEN_RESPONSE_LN = "RequestSecurityTokenResponse";
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
new file mode 100644
index 0000000..61d8df5
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.HashMap;
+import java.util.Iterator;
+
+/**
+ * This is the representation of the inflow configurations of the security
+ * module.
+ *
+ * @deprecated
+ */
+public class InflowConfiguration {
+
+ private HashMap action = new HashMap();
+
+ /**
+ * Returns the configuration as an OMElement.
+ * @return Returns Parameter.
+ */
+ public Parameter getProperty() {
+
+ if (! action.containsKey("items")) {
+ return null;
+ }
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ //TODO: Find the constants for "Parameter" and "name"
+ OMElement paramElement = fac.createOMElement("Parameter",null);
+ paramElement.addAttribute(fac.createOMAttribute("name", null ,WSSHandlerConstants.INFLOW_SECURITY));
+
+ OMElement actionElem = fac.createOMElement(
+ WSSHandlerConstants.ACTION, null);
+
+ // Get the set of kes of the selected action
+ Iterator keys = action.keySet().iterator();
+
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, null);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
+ }
+
+ paramElement.addChild(actionElem);
+
+ Parameter param = new Parameter();
+ param.setParameterElement(paramElement);
+ param.setValue(paramElement);
+ param.setName(WSSHandlerConstants.INFLOW_SECURITY);
+
+ return param;
+ }
+
+ /**
+ * Returns the action items.
+ * @return Returns String.
+ */
+ public String getActionItems() {
+ return (String)this.action.get(WSSHandlerConstants.ACTION_ITEMS);
+ }
+
+ /**
+ * Sets the action items.
+ * @param actionItems
+ */
+ public void setActionItems(String actionItems) {
+ this.action.put(WSSHandlerConstants.ACTION_ITEMS, actionItems);
+ }
+
+ /**
+ * Returns the decryption property file.
+ * @return Returns String.
+ */
+ public String getDecryptionPropFile() {
+ return (String)this.action.get(WSHandlerConstants.DEC_PROP_FILE);
+ }
+
+ /**
+ * Sets the decryption property file.
+ * @param decryptionPropFile
+ */
+ public void setDecryptionPropFile(String decryptionPropFile) {
+ this.action.put(WSHandlerConstants.DEC_PROP_FILE,decryptionPropFile);
+ }
+
+ /**
+ * Sets the decryption property ref key.
+ * @param decryptionPropRefKey
+ */
+ public void setDecryptionPropRefKey(String decryptionPropRefKey) {
+ this.action.put(WSHandlerConstants.DEC_PROP_REF_ID,decryptionPropRefKey);
+ }
+
+ /**
+ * Returns the password callback class name.
+ * @return Returns String.
+ */
+ public String getPasswordCallbackClass() {
+ return (String)this.action.get(WSHandlerConstants.PW_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the password callback class name.
+ * @param passwordCallbackClass
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.action.put(WSHandlerConstants.PW_CALLBACK_CLASS,passwordCallbackClass);
+ }
+
+ /**
+ * Returns the signature property file.
+ * @return Returns String.
+ */
+ public String getSignaturePropFile() {
+ return (String)this.action.get(WSHandlerConstants.SIG_PROP_FILE);
+ }
+
+ /**
+ * Sets the signature property file.
+ * @param signaturePropFile
+ */
+ public void setSignaturePropFile(String signaturePropFile) {
+ this.action.put(WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
+ }
+
+ /**
+ * Sets the signature property ref key.
+ * @param signaturePropRefId
+ */
+ public void setSignaturePropRefId(String signaturePropRefId) {
+ this.action.put(WSHandlerConstants.SIG_PROP_REF_ID, signaturePropRefId);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not.
+ * @param value
+ */
+ public void setEnableSignatureConfirmation(boolean value) {
+ this.action.put(
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not.
+ * @return Returns String.
+ */
+ public String getEnableSignatureConfirmation() {
+ return (String) this.action
+ .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
new file mode 100644
index 0000000..0fe5212
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
@@ -0,0 +1,600 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.HashMap;
+import java.util.Iterator;
+
+/**
+ * This is the representation of the outflow configurations of the security
+ * module.
+ *
+ * @deprecated
+ */
+public class OutflowConfiguration {
+
+ private HashMap[] actionList;
+
+ private int currentAction = 0;
+
+ /**
+ * Creates a default outflow configuration instance with an action.
+ */
+ public OutflowConfiguration() {
+ this.actionList = new HashMap[1];
+ this.actionList[0] = new HashMap();
+ }
+
+ /**
+ * Creates a new outflow configuration instance with the given number of
+ * actions.
+ *
+ * @param actionCount
+ */
+ public OutflowConfiguration(int actionCount) {
+ this.actionList = new HashMap[actionCount];
+ for (int i = 0; i < actionCount; i++) {
+ this.actionList[i] = new HashMap();
+ }
+ }
+
+ /**
+ * Returns the configuration as an Parameter
+ *
+ * @return Returns Parameter.
+ */
+ public Parameter getProperty() {
+
+
+ for (int i = 0; i < actionList.length; i++) {
+ HashMap action = actionList[i];
+
+ if (! action.keySet().contains("items")) {
+ return null;
+ }
+ }
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ //TODO: Find the constants for "Parameter" and "name"
+ OMElement paramElement = fac.createOMElement("Parameter",null);
+ paramElement.addAttribute(fac.createOMAttribute("name", null ,WSSHandlerConstants.OUTFLOW_SECURITY));
+
+
+ for (int i = 0; i < this.actionList.length; i++) {
+ // Create the action element
+ OMElement actionElem = fac.createOMElement(
+ WSSHandlerConstants.ACTION, null);
+
+ // Get the current action
+ HashMap action = this.actionList[i];
+
+ // Get the set of kes of the selected action
+ Iterator keys = action.keySet().iterator();
+
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, null);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
+ }
+
+ paramElement.addChild(actionElem);
+ }
+
+ Parameter param = new Parameter();
+ param.setParameterElement(paramElement);
+ param.setValue(paramElement);
+ param.setName(WSSHandlerConstants.OUTFLOW_SECURITY);
+ return param;
+ }
+
+ /**
+ * Moves to the next action. If this is called when the current action is the
+ * last action then the current action will not change.
+ *
+ * @throws Exception
+ */
+ public void nextAction() {
+ if (currentAction < this.actionList.length - 1) {
+ this.currentAction++;
+ }
+ }
+
+ /**
+ * Moves to previous action. If this is called when the current action is the
+ * first option then then the current action will not change.
+ *
+ * @throws Exception
+ */
+ public void previousAction() {
+ if (this.currentAction > 0) {
+ this.currentAction--;
+ }
+ }
+
+ /**
+ * Sets the action items.
+ *
+ * @param actionItems
+ */
+ public void setActionItems(String actionItems) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.ACTION_ITEMS, actionItems);
+ }
+
+ /**
+ * Returns the action items.
+ * @return Returns String.
+ */
+ public String getActionItems() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.ACTION_ITEMS);
+ }
+
+ /**
+ * Sets the user of the current action.
+ *
+ * @param user
+ */
+ public void setUser(String user) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.USER, user);
+ }
+
+ /**
+ * Returns the user of the current action.
+ * @return Returns String.
+ */
+ public String getUser() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.USER);
+ }
+
+ /**
+ * Sets the name of the password callback class of the current action.
+ *
+ * @param passwordCallbackClass
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.PW_CALLBACK_CLASS, passwordCallbackClass);
+ }
+
+ /**
+ * Returns the name of the password callback class of the current action.
+ * @return Returns String.
+ */
+ public String getPasswordCallbackClass() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.PW_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the signature property file of the current action.
+ *
+ * @param signaturePropFile
+ */
+ public void setSignaturePropFile(String signaturePropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
+ }
+
+ /**
+ * Sets the signature property ref key of the current action.
+ *
+ * @param signaturePropRefId
+ */
+ public void setSignaturePropRefId(String signaturePropRefId) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIG_PROP_REF_ID, signaturePropRefId);
+ }
+
+ /**
+ * Returns the signature property file of the current action.
+ * @return Returns String.
+ */
+ public String getSignaturePropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_PROP_FILE);
+ }
+
+ /**
+ * Sets the signatue key identifier of the current action.
+ *
+ * @param signatureKeyIdentifier
+ * Valid values:
+ * <ul>
+ * <li>X509KeyIdentifier - {@link WSSHandlerConstants#X509_KEY_IDENTIFIER}</li>
+ * <li>SKIKeyIdentifier - {@link WSSHandlerConstants#SKI_KEY_IDENTIFIER}</li>
+ * <li>IssuerSerial - {@link WSSHandlerConstants#ISSUER_SERIAL}</li>
+ * <li>DirectReference - {@link WSSHandlerConstants#BST_DIRECT_REFERENCE}</li>
+ * <li>Thumbprint - {@link WSSHandlerConstants#THUMBPRINT_IDENTIFIER}</li>
+ * </ul>
+ */
+ public void setSignatureKeyIdentifier(String signatureKeyIdentifier) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.SIG_KEY_ID,
+ signatureKeyIdentifier);
+ }
+
+ /**
+ * Returns the signatue key identifier of the current action.
+ * @return Returns String.
+ */
+ public String getSignatureKeyIdentifier() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_KEY_ID);
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgo) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.SIG_ALGO,
+ signatureAlgo);
+ }
+
+ public String getSignatureAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_ALGO);
+ }
+
+ /**
+ * Sets the encrypted key identifier of the current action.
+ * <br/>
+ * @param encryptionKeyIdentifier
+ * Valid values:
+ * <ul>
+ * <li>X509KeyIdentifier - {@link WSSHandlerConstants#X509_KEY_IDENTIFIER}</li>
+ * <li>SKIKeyIdentifier - {@link WSSHandlerConstants#SKI_KEY_IDENTIFIER}</li>
+ * <li>IssuerSerial - {@link WSSHandlerConstants#ISSUER_SERIAL}</li>
+ * <li>DirectReference - {@link WSSHandlerConstants#BST_DIRECT_REFERENCE}</li>
+ * <li>EmbeddedKeyName - {@link WSSHandlerConstants#EMBEDDED_KEYNAME}</li>
+ * <li>Thumbprint - {@link WSSHandlerConstants#THUMBPRINT_IDENTIFIER}</li>
+ * </ul>
+ */
+ public void setEncryptionKeyIdentifier(String encryptionKeyIdentifier) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.ENC_KEY_ID,
+ encryptionKeyIdentifier);
+ }
+
+ /**
+ * Returns the encrypted key identifier of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionKeyIdentifier() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_ID);
+ }
+
+ /**
+ * Sets the encryption user of the current action.
+ *
+ * @param encryptionUser
+ */
+ public void setEncryptionUser(String encryptionUser) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENCRYPTION_USER, encryptionUser);
+ }
+
+ /**
+ * Returns the encryption user of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionUser() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENCRYPTION_USER);
+ }
+
+ /**
+ * Sets the signature parts of the current action.
+ *
+ * @param signatureParts
+ */
+ public void setSignatureParts(String signatureParts) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIGNATURE_PARTS, signatureParts);
+ }
+
+ /**
+ * Returns the signature parts of the current action.
+ * @return Returns String.
+ */
+ public String getSignatureParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIGNATURE_PARTS);
+ }
+
+ /**
+ * Sets the encryption parts of the current action.
+ *
+ * @param encryptionParts
+ */
+ public void setEncryptionParts(String encryptionParts) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENCRYPTION_PARTS, encryptionParts);
+ }
+
+ /**
+ * Returns the encryption parts of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENCRYPTION_PARTS);
+ }
+
+ /**
+ * Sets the password type of the current action
+ *
+ * @param passwordType
+ */
+ public void setPasswordType(String passwordType) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.PASSWORD_TYPE, passwordType);
+ }
+
+ /**
+ * Returns the password type of the current action.
+ * @return Returns String.
+ */
+ public String getPasswordType() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.PASSWORD_TYPE);
+ }
+
+ /**
+ * Sets the encryption symmetric algorithm of the current action
+ *
+ * @param encryptionSymAlgorithm
+ */
+ public void setEncryptionSymAlgorithm(String encryptionSymAlgorithm) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_SYM_ALGO, encryptionSymAlgorithm);
+ }
+
+ /**
+ * Returns the encryption symmetric algorithm of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionSymAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_SYM_ALGO);
+ }
+
+ /**
+ * Sets the encryption key transport algorithm of the current action
+ *
+ * @param encryptionKeyTransportAlgorithm
+ */
+ public void setEncryptionKeyTransportAlgorithm(
+ String encryptionKeyTransportAlgorithm) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_KEY_TRANSPORT,
+ encryptionKeyTransportAlgorithm);
+ }
+
+ /**
+ * Returns the encryption key transport algorithm of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionKeyTransportAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_TRANSPORT);
+ }
+
+ /**
+ * Sets the embedded key callback class of the current action
+ *
+ * @param embeddedKeyCallbackClass
+ */
+ public void setEmbeddedKeyCallbackClass(String embeddedKeyCallbackClass) {
+ this.actionList[this.currentAction]
+ .put(WSHandlerConstants.ENC_CALLBACK_CLASS,
+ embeddedKeyCallbackClass);
+ }
+
+ /**
+ * Returns the embedded key callback class of the current action.
+ *
+ * @return Returns String.
+ */
+ public String getEmbeddedKeyCallbackClass() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the XPath expression to selecte the elements with content of the
+ * current action to be MTOM optimized.
+ *
+ * @param optimizePartsXPathExpr
+ */
+ public void setOptimizeParts(String optimizePartsXPathExpr) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.OPTIMIZE_PARTS, optimizePartsXPathExpr);
+ }
+
+ /**
+ * Returns the Path expression to selecte the elements with content of the
+ * current action to be MTOM optimized.
+ *
+ * @return Returns String.
+ */
+ public String getOptimizeParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.OPTIMIZE_PARTS);
+ }
+
+ /**
+ * Sets the SAML property file of the current action.
+ * @param samlPropFile
+ */
+ public void setSamlPropFile(String samlPropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SAML_PROP_FILE, samlPropFile);
+ }
+
+ /**
+ * Returns the SAML property file of the current action.
+ * @return Returns String.
+ */
+ public String getSamlPropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SAML_PROP_FILE);
+ }
+
+ /**
+ * Sets the encryption property file.
+ * @param encPropFile
+ */
+ public void setEncryptionPropFile(String encPropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_PROP_FILE, encPropFile);
+ }
+
+ /**
+ * Sets the encryption property ref key of the current action.
+ *
+ * @param encryptionPropRefId
+ */
+ public void setEncryptionPropRefId(String encryptionPropRefId) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_PROP_REF_ID, encryptionPropRefId);
+ }
+
+ /**
+ * Returns the encryption property file.
+ * @return Returns String.
+ */
+ public String getEncryptionPropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_PROP_FILE);
+ }
+
+ /**
+ * Enable/Disable PrecisionInMilliseconds
+ * @param value
+ */
+ public void setPrecisionInMilliseconds(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.TIMESTAMP_PRECISION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether PrecisionInMilliseconds is enabled or not
+ * @return Returns String.
+ */
+ public String getPrecisionInMilliseconds() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.TIMESTAMP_PRECISION);
+ }
+
+ /**
+ * Option to add additional elements in the username token element.
+ * Example: Nonce and Create elements
+ * @param addUTElements
+ */
+ public void setAddUTElements(String addUTElements) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ADD_UT_ELEMENTS, addUTElements);
+ }
+
+ /**
+ * Returns the additional elements to be added to the username token element.
+ */
+ public String getAddUTElements() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ADD_UT_ELEMENTS);
+ }
+
+ /**
+ * Sets the text of the key name that needs to be sent.
+ * @param embeddedKeyName
+ */
+ public void setEmbeddedKeyName(String embeddedKeyName) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_KEY_NAME, embeddedKeyName);
+ }
+
+ /**
+ * Returns the text of the key name that needs to be sent.
+ * @return Returns String.
+ */
+ public String getEmbeddedKeyName() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_NAME);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not.
+ * @param value
+ */
+ public void setEnableSignatureConfirmation(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not
+ * @return Returns String.
+ */
+ public String getEnableSignatureConfirmation() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not
+ * @param value
+ */
+ public void setPreserveOriginalEnvelope(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.PRESERVE_ORIGINAL_ENV, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not.
+ * @return Returns String.
+ */
+ public String getPreserveOriginalEnvelope() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV);
+ }
+
+
+ public void setSignAllHeadersAndBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_ALL_HEADERS, "true");
+ this.setSignBody();
+ }
+
+ public void setSignBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_BODY, "true");
+ }
+
+ public void setEncryptBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.ENCRYPT_BODY, "true");
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
new file mode 100755
index 0000000..2efb731
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
@@ -0,0 +1,323 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy;
+
+import org.apache.axis2.policy.model.MTOMAssertion;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Assertion;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.EncryptionToken;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.RecipientToken;
+import org.apache.ws.secpolicy.model.SignatureToken;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.SymmetricAsymmetricBindingBase;
+import org.apache.ws.secpolicy.model.SymmetricBinding;
+import org.apache.ws.secpolicy.model.TokenWrapper;
+import org.apache.ws.secpolicy.model.TransportBinding;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class RampartPolicyBuilder {
+
+ private static Log log = LogFactory.getLog(RampartPolicyBuilder.class);
+
+ /**
+ * Compile the parsed security data into one Policy data block.
+ *
+ * This methods loops over all top level Policy Engine data elements,
+ * extracts the parsed parameters and sets them into a single data block.
+ * During this processing the method prepares the parameters in a format
+ * that is ready for processing by the WSS4J functions.
+ *
+ * <p/>
+ *
+ * The WSS4J policy enabled handler takes this data block to control the
+ * setup of the security header.
+ *
+ * @param topLevelAssertions
+ * The iterator of the top level policy assertions
+ * @return The compile Poilcy data block.
+ * @throws WSSPolicyException
+ */
+ public static RampartPolicyData build(List topLevelAssertions)
+ throws WSSPolicyException {
+
+ RampartPolicyData rpd = new RampartPolicyData();
+
+ for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) {
+ Assertion assertion = (Assertion) iter.next();
+ if (assertion instanceof Binding) {
+ if (assertion instanceof SymmetricBinding) {
+ processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);
+ } else if(assertion instanceof AsymmetricBinding) {
+ processAsymmetricPolicyBinding((AsymmetricBinding) assertion, rpd);
+ } else {
+ processTransportBinding((TransportBinding) assertion, rpd);
+ }
+
+ /*
+ * Don't change the order of Wss11 / Wss10 instance checks
+ * because Wss11 extends Wss10 - thus first check Wss11.
+ */
+ } else if (assertion instanceof Wss11) {
+ processWSS11((Wss11) assertion, rpd);
+ } else if (assertion instanceof Wss10) {
+ processWSS10((Wss10) assertion, rpd);
+ } else if (assertion instanceof SignedEncryptedElements) {
+ processSignedEncryptedElements((SignedEncryptedElements) assertion,
+ rpd);
+ } else if (assertion instanceof SignedEncryptedParts) {
+ processSignedEncryptedParts((SignedEncryptedParts) assertion, rpd);
+ } else if (assertion instanceof SupportingToken) {
+ processSupportingTokens((SupportingToken) assertion, rpd);
+ } else if (assertion instanceof Trust10) {
+ processTrust10((Trust10)assertion, rpd);
+ } else if (assertion instanceof RampartConfig) {
+ processRampartConfig((RampartConfig)assertion, rpd);
+ } else if (assertion instanceof MTOMAssertion){
+ processMTOMSerialization((MTOMAssertion)assertion, rpd);
+ } else {
+ log.debug("Unknown top level PED found: "
+ + assertion.getClass().getName());
+ }
+ }
+
+ return rpd;
+ }
+
+
+
+ /**
+ * @param binding
+ * @param rpd
+ */
+ private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) {
+ binding(binding, rpd);
+ rpd.setTransportBinding(true);
+ }
+
+ /**
+ * Add TRust10 assertion info into rampart policy data
+ * @param trust10
+ * @param rpd
+ */
+ private static void processTrust10(Trust10 trust10, RampartPolicyData rpd) {
+ rpd.setTrust10(trust10);
+ }
+
+ /**
+ * Add the rampart configuration information into rampart policy data.
+ * @param config
+ * @param rpd
+ */
+ private static void processRampartConfig(RampartConfig config, RampartPolicyData rpd) {
+ rpd.setRampartConfig(config);
+ }
+
+ /**
+ * Evaluate the symmetric policy binding data.
+ *
+ * @param binding
+ * The binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ * @throws WSSPolicyException
+ */
+ private static void processSymmetricPolicyBinding(
+ SymmetricBinding symmBinding, RampartPolicyData rpd)
+ throws WSSPolicyException {
+ rpd.setSymmetricBinding(true);
+ binding(symmBinding, rpd);
+ symmAsymmBinding(symmBinding, rpd);
+ symmetricBinding(symmBinding, rpd);
+ }
+
+ private static void processWSS10(Wss10 wss10, RampartPolicyData rpd) {
+ rpd.setWss10(wss10);
+ }
+
+ /**
+ * Evaluate the asymmetric policy binding data.
+ *
+ * @param binding
+ * The binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ * @throws WSSPolicyException
+ */
+ private static void processAsymmetricPolicyBinding(
+ AsymmetricBinding binding, RampartPolicyData rpd)
+ throws WSSPolicyException {
+ rpd.setSymmetricBinding(false);
+ binding(binding, rpd);
+ symmAsymmBinding(binding, rpd);
+ asymmetricBinding(binding, rpd);
+ }
+
+ private static void processWSS11(Wss11 wss11, RampartPolicyData rpd) {
+ rpd.setSignatureConfirmation(wss11.isRequireSignatureConfirmation());
+ rpd.setWss11(wss11);
+ }
+
+ /**
+ * Populate elements to sign and/or encrypt with the message tokens.
+ *
+ * @param sep
+ * The data describing the elements (XPath)
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void processSignedEncryptedElements(
+ SignedEncryptedElements see, RampartPolicyData rpd) {
+ Iterator it = see.getXPathExpressions().iterator();
+ if (see.isSignedElemets()) {
+ while (it.hasNext()) {
+ rpd.setSignedElements((String) it.next());
+ }
+ } else {
+ while (it.hasNext()) {
+ rpd.setEncryptedElements((String) it.next());
+ }
+ }
+ }
+
+ /**
+ * Populate parts to sign and/or encrypt with the message tokens.
+ *
+ * @param sep
+ * The data describing the parts
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void processSignedEncryptedParts(SignedEncryptedParts sep,
+ RampartPolicyData rpd) {
+ Iterator it = sep.getHeaders().iterator();
+ if (sep.isSignedParts()) {
+ rpd.setSignBody(sep.isBody());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.addSignedPart(header.getNamespace(), header.getName());
+ }
+ } else {
+ rpd.setEncryptBody(sep.isBody());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.setEncryptedParts(header.getNamespace(), header.getName());
+ }
+ }
+ }
+
+ /**
+ * Evaluate policy data that is common to all bindings.
+ *
+ * @param binding
+ * The common binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void binding(Binding binding, RampartPolicyData rpd) {
+ rpd.setLayout(binding.getLayout().getValue());
+ rpd.setIncludeTimestamp(binding.isIncludeTimestamp());
+ rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
+ }
+
+ /**
+ * Evaluate policy data that is common to symmetric and asymmetric bindings.
+ *
+ * @param binding
+ * The symmetric/asymmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void symmAsymmBinding(
+ SymmetricAsymmetricBindingBase binding, RampartPolicyData rpd) {
+ rpd.setEntireHeadersAndBodySignatures(binding
+ .isEntireHeadersAndBodySignatures());
+ rpd.setProtectionOrder(binding.getProtectionOrder());
+ rpd.setSignatureProtection(binding.isSignatureProtection());
+ rpd.setTokenProtection(binding.isTokenProtection());
+ rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
+ }
+
+ /**
+ * Evaluate policy data that is specific to symmetric binding.
+ *
+ * @param binding
+ * The symmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void symmetricBinding(SymmetricBinding binding,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ Assertion token = binding.getProtectionToken();
+
+ if (token != null) {
+ rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken());
+ } else {
+ token = binding.getEncryptionToken();
+ Assertion token1 = binding.getSignatureToken();
+ if (token == null && token1 == null) {
+ // this is an error - throw something
+ }
+ rpd.setEncryptionToken(
+ ((EncryptionToken) token).getEncryptionToken());
+ rpd.setSignatureToken(((SignatureToken) token).getSignatureToken());
+ }
+ }
+
+ /**
+ * Evaluate policy data that is specific to asymmetric binding.
+ *
+ * @param binding
+ * The asymmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void asymmetricBinding(AsymmetricBinding binding,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ TokenWrapper tokWrapper = binding.getRecipientToken();
+ TokenWrapper tokWrapper1 = binding.getInitiatorToken();
+ if (tokWrapper == null && tokWrapper1 == null) {
+ // this is an error - throw something
+ }
+ rpd.setRecipientToken(((RecipientToken) tokWrapper).getReceipientToken());
+ rpd.setInitiatorToken(((InitiatorToken) tokWrapper1).getInitiatorToken());
+ }
+
+ private static void processSupportingTokens(SupportingToken token,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ rpd.setSupportingTokens(token);
+ }
+
+
+ private static void processMTOMSerialization(MTOMAssertion mtomAssertion, RampartPolicyData rpd)
+ {
+ rpd.setMTOMAssertion(mtomAssertion);
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
new file mode 100755
index 0000000..63943f4
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
@@ -0,0 +1,670 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy;
+
+import org.apache.axis2.policy.model.MTOMAssertion;
+import org.apache.neethi.Policy;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+import org.apache.ws.security.WSEncryptionPart;
+
+import java.util.HashMap;
+import java.util.Vector;
+
+public class RampartPolicyData {
+
+ /*
+ * Global settings for overall security processing
+ */
+ private boolean symmetricBinding;
+
+ private boolean transportBinding;
+
+ private String layout;
+
+ private boolean includeTimestamp;
+
+ private boolean entireHeadersAndBodySignatures;
+
+ private String protectionOrder;
+
+ private boolean signatureProtection;
+
+ private boolean tokenProtection;
+
+ private boolean signatureConfirmation;
+
+ /*
+ * Message tokens for symmetrical binding
+ */
+ private Token encryptionToken;
+
+ private Token signatureToken;
+
+ /*
+ * Message tokens for asymmetrical binding
+ */
+ private Token recipientToken; // used to encrypt data to
+
+ // receipient
+
+ private Token initiatorToken; // used to sign data by
+
+ // initiator
+
+ /*
+ * Which parts or elements of the message to sign/encrypt with the messagen
+ * tokens. Parts or elements to sign/encrypt with supporting tokens are
+ * stored together with the tokens (see WSS4JPolicyToken).
+ */
+ private boolean signBody;
+
+ private boolean encryptBody;
+
+ private Vector signedParts = new Vector();
+
+ private Vector signedElements = new Vector();
+
+ private Vector encryptedParts = new Vector();
+
+ private Vector encryptedElements = new Vector();
+
+ /*
+ * Holds the supporting tokens elements
+ */
+ private SupportingToken supportingTokens;
+
+ private SupportingToken signedSupportingTokens;
+
+ private SupportingToken endorsingSupportingTokens;
+
+ private SupportingToken signedEndorsingSupportingTokens;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private RampartConfig rampartConfig;
+
+ private MTOMAssertion mtomAssertion;
+
+ private Trust10 trust10;
+
+ private HashMap supportingTokensIdMap;
+ private HashMap signedSupportingTokensIdMap;
+ private HashMap endorsingSupportingTokensIdMap;
+ private HashMap signedEndorsingSupportingTokensIdMap;
+
+ private Wss10 wss10;
+ private Wss11 wss11;
+
+ private Policy issuerPolicy;
+
+ /**
+ * @return Returns the symmetricBinding.
+ */
+ public boolean isSymmetricBinding() {
+ return symmetricBinding;
+ }
+
+ /**
+ * @param symmetricBinding
+ * The symmetricBinding to set.
+ */
+ public void setSymmetricBinding(boolean symmetricBinding) {
+ this.symmetricBinding = symmetricBinding;
+ }
+
+ /**
+ * @return Returns the entireHeaderAndBodySignatures.
+ */
+ public boolean isEntireHeadersAndBodySignatures() {
+ return entireHeadersAndBodySignatures;
+ }
+
+ /**
+ * @param entireHeaderAndBodySignatures
+ * The entireHeaderAndBodySignatures to set.
+ */
+ public void setEntireHeadersAndBodySignatures(
+ boolean entireHeaderAndBodySignatures) {
+ this.entireHeadersAndBodySignatures = entireHeaderAndBodySignatures;
+ }
+
+ /**
+ * @return Returns the includeTimestamp.
+ */
+ public boolean isIncludeTimestamp() {
+ return includeTimestamp;
+ }
+
+ /**
+ * @param includeTimestamp
+ * The includeTimestamp to set.
+ */
+ public void setIncludeTimestamp(boolean includeTimestamp) {
+ this.includeTimestamp = includeTimestamp;
+ }
+
+ /**
+ * @return Returns the layout.
+ */
+ public String getLayout() {
+ return layout;
+ }
+
+ /**
+ * @param layout
+ * The layout to set.
+ */
+ public void setLayout(String layout) {
+ this.layout = layout;
+ }
+
+ /**
+ * @return Returns the protectionOrder.
+ */
+ public String getProtectionOrder() {
+ return protectionOrder;
+ }
+
+ /**
+ * @param protectionOrder
+ * The protectionOrder to set.
+ */
+ public void setProtectionOrder(String protectionOrder) {
+ this.protectionOrder = protectionOrder;
+ }
+
+ /**
+ * @return Returns the signatureProtection.
+ */
+ public boolean isSignatureProtection() {
+ return signatureProtection;
+ }
+
+ /**
+ * @param signatureProtection
+ * The signatureProtection to set.
+ */
+ public void setSignatureProtection(boolean signatureProtection) {
+ this.signatureProtection = signatureProtection;
+ }
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection
+ * The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
+ /**
+ * @return Returns the signatureConfirmation.
+ */
+ public boolean isSignatureConfirmation() {
+ return signatureConfirmation;
+ }
+
+ /**
+ * @param signatureConfirmation
+ * The signatureConfirmation to set.
+ */
+ public void setSignatureConfirmation(boolean signatureConfirmation) {
+ this.signatureConfirmation = signatureConfirmation;
+ }
+
+ /**
+ * @return Returns the encryptedElements.
+ */
+ public Vector getEncryptedElements() {
+ return encryptedElements;
+ }
+
+ /**
+ * @param encElement
+ * The encrypted Element (XPath) to set.
+ */
+ public void setEncryptedElements(String encElement) {
+
+ encryptedElements.add(encElement);
+ }
+
+ /**
+ * @return Returns the encryptedParts.
+ */
+ public Vector getEncryptedParts() {
+ return encryptedParts;
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ */
+ public void setEncryptedParts(String namespace, String element) {
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ "Element");
+ encryptedParts.add(wep);
+ }
+
+ /**
+ * @return Returns the encryptBody.
+ */
+ public boolean isEncryptBody() {
+ return encryptBody;
+ }
+
+ /**
+ * @param encryptBody
+ * The encryptBody to set.
+ */
+ public void setEncryptBody(boolean encryptBody) {
+ this.encryptBody = encryptBody;
+ }
+
+ /**
+ * @return Returns the signBody.
+ */
+ public boolean isSignBody() {
+ return signBody;
+ }
+
+ /**
+ * @param signBody
+ * The signBody to set.
+ */
+ public void setSignBody(boolean signBody) {
+ this.signBody = signBody;
+ }
+
+ /**
+ * @return Returns the signedElements.
+ */
+ public Vector getSignedElements() {
+ return signedElements;
+ }
+
+ /**
+ * @param sigElement
+ * The signed Element (XPath) to set.
+ */
+ public void setSignedElements(String sigElement) {
+
+ signedElements.add(sigElement);
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public Vector getSignedParts() {
+ return signedParts;
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ */
+ public void addSignedPart(String namespace, String element) {
+
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ "Content");
+ signedParts.add(wep);
+ }
+
+ public void addSignedPart(WSEncryptionPart part) {
+ signedParts.add(part);
+ }
+
+ public void setSignedParts(Vector signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ public void setSupportingTokens(SupportingToken suppTokens)
+ throws WSSPolicyException {
+
+ int tokenType = suppTokens.getTokenType();
+ if (tokenType == Constants.SUPPORTING_TOKEN_SUPPORTING) {
+ supportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_SIGNED) {
+ signedSupportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_ENDORSING) {
+ endorsingSupportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING) {
+ signedEndorsingSupportingTokens = suppTokens;
+ }
+ }
+
+
+
+ /**
+ * @return Returns the rampartConfig.
+ */
+ public RampartConfig getRampartConfig() {
+ return rampartConfig;
+ }
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public Token getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(Token encryptionToken) {
+ this.encryptionToken = encryptionToken;
+ this.extractIssuerPolicy(encryptionToken);
+ }
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public Token getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken The initiatorToken to set.
+ */
+ public void setInitiatorToken(Token initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ /**
+ * @return Returns the recipientToken.
+ */
+ public Token getRecipientToken() {
+ return recipientToken;
+ }
+
+ /**
+ * @param recipientToken The recipientToken to set.
+ */
+ public void setRecipientToken(Token recipientToken) {
+ this.recipientToken = recipientToken;
+ }
+
+ public void setProtectionToken(Token protectionToken) {
+ this.setEncryptionToken(protectionToken);
+ this.setSignatureToken(protectionToken);
+ this.extractIssuerPolicy(protectionToken);
+ }
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public Token getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(Token signatureToken) {
+ this.signatureToken = signatureToken;
+ this.extractIssuerPolicy(signatureToken);
+ }
+
+ /**
+ * @return Returns the signedEndorsingSupportingToken.
+ */
+ public SupportingToken getSignedEndorsingSupportingTokens() {
+ return signedEndorsingSupportingTokens;
+ }
+
+ /**
+ * @param signedEndorsingSupportingTokens The signedEndorsingSupportingToken to set.
+ */
+ public void setSignedEndorsingSupportingTokens(
+ SupportingToken signedEndorsingSupportingTokens) {
+ this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the signedSupportingToken.
+ */
+ public SupportingToken getSignedSupportingTokens() {
+ return signedSupportingTokens;
+ }
+
+ /**
+ * @param signedSupportingTokens The signedSupportingToken to set.
+ */
+ public void setSignedSupportingTokens(SupportingToken signedSupportingTokens) {
+ this.signedSupportingTokens = signedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the supportingToken.
+ */
+ public SupportingToken getSupportingTokens() {
+ return supportingTokens;
+ }
+
+ /**
+ * @param endorsingSupportingTokens The endorsingSupportingToken to set.
+ */
+ public void setEndorsingSupportingTokens(SupportingToken endorsingSupportingTokens) {
+ this.endorsingSupportingTokens = endorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the endorsingSupportingToken.
+ */
+ public SupportingToken getEndorsingSupportingTokens() {
+ return endorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the trust10.
+ */
+ public Trust10 getTrust10() {
+ return trust10;
+ }
+
+ /**
+ * @param trust10 The trust10 to set.
+ */
+ public void setTrust10(Trust10 trust10) {
+ this.trust10 = trust10;
+ }
+
+ /**
+ * @param rampartConfig The rampartConfig to set.
+ */
+ public void setRampartConfig(RampartConfig rampartConfig) {
+ this.rampartConfig = rampartConfig;
+ }
+
+ /**
+ * @return Returns the transportBinding.
+ */
+ public boolean isTransportBinding() {
+ return transportBinding;
+ }
+
+ /**
+ * @param transportBinding The transportBinding to set.
+ */
+ public void setTransportBinding(boolean transportBinding) {
+ this.transportBinding = transportBinding;
+ }
+
+
+ /**
+ * Add the given token and id to the map.
+ * @param token
+ * @param id
+ */
+ public void setSupporttingtokenId(Token token, String id, int type) throws RampartException {
+
+ HashMap tokenMap = null;
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap == null) {
+ this.supportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.supportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap == null) {
+ this.signedSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedSupportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap == null) {
+ this.endorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.endorsingSupportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedEndorsingSupportingTokensIdMap;
+ break;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+
+ tokenMap.put(token, id);
+ }
+
+ public String getSupportingTokenID(Token token, int type)
+ throws RampartException {
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap != null) {
+ return (String)this.supportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap != null) {
+ return (String)this.signedSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap != null) {
+ return (String)this.endorsingSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ return null;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+ }
+
+ public Wss10 getWss10() {
+ return wss10;
+ }
+
+ public void setWss10(Wss10 wss10) {
+ this.wss10 = wss10;
+ }
+
+ public Wss11 getWss11() {
+ return wss11;
+ }
+
+ public void setWss11(Wss11 wss11) {
+ this.wss11 = wss11;
+ }
+
+ private void extractIssuerPolicy(Token token) {
+ if(token instanceof SecureConversationToken && this.issuerPolicy == null) {
+ this.issuerPolicy = ((SecureConversationToken)token).getBootstrapPolicy();
+ }
+ }
+
+ public Policy getIssuerPolicy() {
+ return issuerPolicy;
+ }
+
+ public void setMTOMAssertion(MTOMAssertion mtomAssertion){
+ this.mtomAssertion = mtomAssertion;
+ }
+
+ public MTOMAssertion getMTOMAssertion(){
+ return mtomAssertion;
+ }
+
+ public boolean isMTOMSerialize(){
+ if(mtomAssertion == null){
+ return false;
+ }
+ else if(mtomAssertion.isOptional()==false){
+ return true;
+ }
+ else
+ return false;
+ }
+
+ public String getOptimizeParts(){
+ return rampartConfig.getOptimizeParts();
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
new file mode 100644
index 0000000..dc70b03
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+public class CryptoConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ CryptoConfig cryptoCofig = new CryptoConfig();
+
+ OMAttribute attribute = element.getAttribute(new QName(CryptoConfig.PROVIDER_ATTR));
+ cryptoCofig.setProvider(attribute.getAttributeValue().trim());
+
+ Properties properties = new Properties();
+
+ OMElement childElement;
+ OMAttribute name;
+ String value;
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ /*
+ * In this senario we could have used
+ * element.getChildrenWithQName(USER); Unfortunately we can't do
+ * that due to a bug in this method. TODO Need to get it fixed
+ */
+
+ childElement = (OMElement) iterator.next();
+
+ QName prop = new QName(RampartConfig.NS, CryptoConfig.PROPERTY_LN);
+
+ if (prop.equals(childElement.getQName())) {
+ name = childElement.getAttribute(new QName(CryptoConfig.PROPERTY_NAME_ATTR));
+ value = childElement.getText();
+
+ properties.put(name.getAttributeValue(), value.trim());
+ }
+
+ }
+
+ cryptoCofig.setProp(properties);
+ return cryptoCofig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, CryptoConfig.CRYPTO_LN)};
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
new file mode 100644
index 0000000..ec4601d
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+
+import javax.xml.namespace.QName;
+
+public class RampartConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ RampartConfig rampartConfig = new RampartConfig();
+
+ OMElement childElement;
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.USER_LN));
+ if (childElement != null) {
+ rampartConfig.setUser(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.ENCRYPTION_USER_LN));
+ if (childElement != null) {
+ rampartConfig.setEncryptionUser(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.PW_CB_CLASS_LN));
+ if (childElement != null) {
+ rampartConfig.setPwCbClass(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.SIG_CRYPTO_LN));
+ if (childElement != null) {
+ rampartConfig.setSigCryptoConfig((CryptoConfig) factory
+ .build(childElement.getFirstElement()));
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_TTL_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampTTL(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_MAX_SKEW_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampMaxSkew(childElement.getText().trim());
+ }
+
+ return rampartConfig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, RampartConfig.RAMPART_CONFIG_LN)};
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
new file mode 100644
index 0000000..69e7361
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+/**
+ * Policy model bean to capture crypto information.
+ *
+ * Example:
+<pre>
+<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="keystoreType">JKS</ramp:property>
+ <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ <ramp:property name="keystorePassword">password</ramp:property>
+</ramp:crypto>
+</pre>
+ */
+public class CryptoConfig implements Assertion {
+
+ public final static String CRYPTO_LN = "crypto";
+ public final static String PROVIDER_ATTR = "provider";
+ public final static String PROPERTY_LN = "property";
+ public final static String PROPERTY_NAME_ATTR = "name";
+
+ private String provider;
+ private Properties prop;
+
+ public Properties getProp() {
+ return prop;
+ }
+ public void setProp(Properties prop) {
+ this.prop = prop;
+ }
+ public String getProvider() {
+ return provider;
+ }
+ public void setProvider(String provider) {
+ this.provider = provider;
+ }
+
+ public QName getName() {
+ return new QName(RampartConfig.NS, CRYPTO_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(RampartConfig.NS);
+
+ if (prefix == null) {
+ prefix = RampartConfig.NS;
+ writer.setPrefix(prefix, RampartConfig.NS);
+ }
+
+ writer.writeStartElement(prefix, CRYPTO_LN, RampartConfig.NS);
+
+ if (getProvider() != null) {
+ writer.writeAttribute(PROVIDER_ATTR, getProvider());
+ }
+
+ String key;
+ String value;
+
+ for (Iterator iterator = prop.keySet().iterator(); iterator.hasNext();) {
+ key = (String) iterator.next();
+ value = prop.getProperty(key);
+ writer.writeStartElement(RampartConfig.NS, PROPERTY_LN);
+
+ writer.writeAttribute("name", key);
+
+ writer.writeCharacters(value);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
new file mode 100644
index 0000000..448db4f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -0,0 +1,315 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Rampart policy model bean to capture Rampart configuration assertion info.
+ *
+ * Example:
+ *
+ * <pre>
+ * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ * <ramp:user>alice</ramp:user>
+ * <ramp:encryptionUser>bob</ramp:encryptionUser>
+ * <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+ * <ramp:timestampTTL>300</ramp:timestampTTL>
+ * <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
+ * <ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
+ *
+ * <ramp:signatureCrypto>
+ * <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ * <ramp:property name="keystoreType">JKS</ramp:property>
+ * <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ * <ramp:property name="keystorePassword">password</ramp:property>
+ * </ramp:crypto>
+ * </ramp:signatureCrypto>
+ *
+ * <ramp:tokenIssuerPolicy>
+ * <wsp:Policy>
+ * ....
+ * ....
+ * </wsp:Policy>
+ * </ramp:tokenIssuerPolicy>
+ * </ramp:RampartConfig>
+ *
+ * </pre>
+ *
+ */
+public class RampartConfig implements Assertion {
+
+ public static final int DEFAULT_TIMESTAMP_TTL = 300;
+
+ public static final int DEFAULT_TIMESTAMP_MAX_SKEW = 0;
+
+ public final static String NS = "http://ws.apache.org/rampart/policy";
+
+ public final static String PREFIX = "rampart";
+
+ public final static String RAMPART_CONFIG_LN = "RampartConfig";
+
+ public final static String USER_LN = "user";
+
+ public final static String ENCRYPTION_USER_LN = "encryptionUser";
+
+ public final static String PW_CB_CLASS_LN = "passwordCallbackClass";
+
+ public final static String SIG_CRYPTO_LN = "signatureCrypto";
+
+ public final static String ENCR_CRYPTO_LN = "encryptionCypto";
+
+ public final static String DEC_CRYPTO_LN = "decryptionCrypto";
+
+ public final static String TS_TTL_LN = "timestampTTL";
+
+ public final static String TS_MAX_SKEW_LN = "timestampMaxSkew";
+
+ public final static String TOKEN_STORE_CLASS_LN = "tokenStoreClass";
+
+ public final static String OPTIMISE_PARTS_LN = "OptimizeParts";
+
+ private String user;
+
+ private String encryptionUser;
+
+ private String pwCbClass;
+
+ private CryptoConfig sigCryptoConfig;
+
+ private CryptoConfig encrCryptoConfig;
+
+ private CryptoConfig decCryptoConfig;
+
+ private String timestampTTL = Integer.toString(DEFAULT_TIMESTAMP_TTL);
+
+ private String timestampMaxSkew = Integer.toString(DEFAULT_TIMESTAMP_MAX_SKEW);
+
+ private String optimizeParts;
+
+ private String tokenStoreClass;
+
+ /**
+ * @return Returns the tokenStoreClass.
+ */
+ public String getTokenStoreClass() {
+ return tokenStoreClass;
+ }
+
+ /**
+ * @param tokenStoreClass
+ * The tokenStoreClass to set.
+ */
+ public void setTokenStoreClass(String tokenStoreClass) {
+ this.tokenStoreClass = tokenStoreClass;
+ }
+
+ public CryptoConfig getDecCryptoConfig() {
+ return decCryptoConfig;
+ }
+
+ public void setDecCryptoConfig(CryptoConfig decCrypto) {
+ this.decCryptoConfig = decCrypto;
+ }
+
+ public CryptoConfig getEncrCryptoConfig() {
+ return encrCryptoConfig;
+ }
+
+ public void setEncrCryptoConfig(CryptoConfig encrCrypto) {
+ this.encrCryptoConfig = encrCrypto;
+ }
+
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
+ public String getPwCbClass() {
+ return pwCbClass;
+ }
+
+ public void setPwCbClass(String pwCbClass) {
+ this.pwCbClass = pwCbClass;
+ }
+
+ public CryptoConfig getSigCryptoConfig() {
+ return sigCryptoConfig;
+ }
+
+ public void setSigCryptoConfig(CryptoConfig sigCryptoConfig) {
+ this.sigCryptoConfig = sigCryptoConfig;
+ }
+
+ public String getUser() {
+ return user;
+ }
+
+ public void setUser(String user) {
+ this.user = user;
+ }
+
+ public QName getName() {
+ return new QName(NS, RAMPART_CONFIG_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(NS);
+
+ if (prefix == null) {
+ prefix = PREFIX;
+ writer.setPrefix(PREFIX, NS);
+ }
+
+ writer.writeStartElement(PREFIX, RAMPART_CONFIG_LN, NS);
+ writer.writeNamespace(prefix, NS);
+
+ if (getUser() != null) {
+ writer.writeStartElement(NS, USER_LN);
+ writer.writeCharacters(getUser());
+ writer.writeEndElement();
+ }
+
+ if (getEncryptionUser() != null) {
+ writer.writeStartElement(NS, ENCRYPTION_USER_LN);
+ writer.writeCharacters(getEncryptionUser());
+ writer.writeEndElement();
+ }
+
+ if (getPwCbClass() != null) {
+ writer.writeStartElement(NS, PW_CB_CLASS_LN);
+ writer.writeCharacters(getPwCbClass());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampTTL() != null) {
+ writer.writeStartElement(NS, TS_TTL_LN);
+ writer.writeCharacters(getTimestampTTL());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampMaxSkew() != null) {
+ writer.writeStartElement(NS, TS_MAX_SKEW_LN);
+ writer.writeCharacters(getTimestampMaxSkew());
+ writer.writeEndElement();
+ }
+
+ if (getTokenStoreClass() != null) {
+ writer.writeStartElement(NS, TOKEN_STORE_CLASS_LN);
+ writer.writeCharacters(getTokenStoreClass());
+ writer.writeEndElement();
+ }
+
+ if (encrCryptoConfig != null) {
+ writer.writeStartElement(NS, ENCR_CRYPTO_LN);
+ encrCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+
+ }
+
+ if (decCryptoConfig != null) {
+ writer.writeStartElement(NS, DEC_CRYPTO_LN);
+ decCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ if (sigCryptoConfig != null) {
+ writer.writeStartElement(NS, SIG_CRYPTO_LN);
+ sigCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ /**
+ * @return Returns the timestampTTL.
+ */
+ public String getTimestampTTL() {
+ return timestampTTL;
+ }
+
+ /**
+ * @param timestampTTL
+ * The timestampTTL to set.
+ */
+ public void setTimestampTTL(String timestampTTL) {
+ this.timestampTTL = timestampTTL;
+ }
+
+ /**
+ * @return Returns the timestampMaxSkew.
+ */
+ public String getTimestampMaxSkew() {
+ return timestampMaxSkew;
+ }
+
+ /**
+ * @param timestampMaxSkew
+ * The timestampMaxSkew to set.
+ */
+ public void setTimestampMaxSkew(String timestampMaxSkew) {
+ this.timestampMaxSkew = timestampMaxSkew;
+ }
+
+ /**
+ * @param strOptimizeParts
+ * The xpath of elements that should be optimized
+ */
+ public void setOptimizeParts(String strOptimizeParts){
+ optimizeParts = strOptimizeParts;
+ }
+
+ /**
+ *
+ * @return The Xpath string of indicating elements to be optimized or null.
+ */
+
+ public String getOptimizeParts(){
+ return optimizeParts;
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
new file mode 100644
index 0000000..c54e01b
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.stream.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamReader;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+
+/**
+ * Utility class for the Axis2-WSS4J Module
+ */
+public class Axis2Util {
+
+ private static ThreadLocal doomTacker = new ThreadLocal();
+
+ public static boolean isUseDOOM() {
+ Object value = doomTacker.get();
+ return (value != null);
+ }
+
+ public static void useDOOM(boolean isDOOMRequired) {
+//TODO Enable this when we have DOOM fixed to be able to flow in and out of Axis2
+// if(isDOOMRequired) {
+// if(!isUseDOOM()) {
+// System.setProperty(OMAbstractFactory.SOAP11_FACTORY_NAME_PROPERTY, SOAP11Factory.class.getName());
+// System.setProperty(OMAbstractFactory.SOAP12_FACTORY_NAME_PROPERTY, SOAP12Factory.class.getName());
+// System.setProperty(OMAbstractFactory.OM_FACTORY_NAME_PROPERTY, OMDOMFactory.class.getName());
+// doomTacker.set(new Object());
+// }
+// } else {
+// System.getProperties().remove(OMAbstractFactory.SOAP11_FACTORY_NAME_PROPERTY);
+// System.getProperties().remove(OMAbstractFactory.SOAP12_FACTORY_NAME_PROPERTY);
+// System.getProperties().remove(OMAbstractFactory.OM_FACTORY_NAME_PROPERTY);
+// doomTacker.set(null);
+// }
+ }
+
+
+ /**
+ * Creates a DOM Document using the SOAP Envelope.
+ * @param env An org.apache.axiom.soap.SOAPEnvelope instance
+ * @return Returns the DOM Document of the given SOAP Envelope.
+ * @throws Exception
+ */
+ public static Document getDocumentFromSOAPEnvelope(SOAPEnvelope env, boolean useDoom)
+ throws WSSecurityException {
... 38213 lines suppressed ...