You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by na...@apache.org on 2008/04/03 13:07:32 UTC
svn commit: r644261 - in
/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas:
./ client/ impl/
Author: nandana
Date: Thu Apr 3 04:07:26 2008
New Revision: 644261
URL: http://svn.apache.org/viewvc?rev=644261&view=rev
Log:
Renew and Validation bindings for WS Trust
Added:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
Modified:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java Thu Apr 3 04:07:26 2008
@@ -46,6 +46,8 @@
public static final String
REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION = "RequestSecurityTokenResponseCollection";
public final static String BINARY_SECRET = "BinarySecret";
+ public final static String VALIDATE_TARGET = "ValidateTarget";
+ public final static String RENEW_TARGET = "RenewTarget";
/* <wst:RequestSecurityTokenResponse>
* <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Status</wst:TokenType>
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java Thu Apr 3 04:07:26 2008
@@ -17,14 +17,19 @@
package org.apache.rahas;
import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
import org.apache.axiom.om.util.Base64;
import org.apache.axis2.addressing.AddressingConstants;
import org.apache.axis2.context.MessageContext;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.SecurityTokenReference;
import org.opensaml.SAMLAssertion;
+import org.w3c.dom.Element;
import javax.xml.namespace.QName;
@@ -48,6 +53,8 @@
private String requestType;
private String tokenType;
+
+ private String tokenId;
private int keysize = -1;
@@ -124,6 +131,10 @@
this.processEntropy();
this.processClaims();
+
+ this.processValidateTarget();
+
+ this.processRenewTarget();
}
@@ -304,6 +315,55 @@
}
}
+
+ private void processValidateTarget()throws TrustException{
+
+ OMElement validateTargetElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.VALIDATE_TARGET));
+
+ if (validateTargetElem != null) {
+
+ OMElement strElem = validateTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ "SecurityTokenReference"));
+
+ Element elem = (Element)(new StAXOMBuilder(new OMDOMFactory(),
+ strElem.getXMLStreamReader()).getDocumentElement());
+
+ try {
+ SecurityTokenReference str = new SecurityTokenReference((Element)elem);
+ if (str.containsReference()) {
+ tokenId = str.getReference().getURI();
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorExtractingTokenId",e);
+ }
+ }
+ }
+
+ private void processRenewTarget()throws TrustException{
+
+ OMElement renewTargetElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.RENEW_TARGET));
+ if (renewTargetElem != null) {
+
+ OMElement strElem = renewTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ "SecurityTokenReference"));
+
+ Element elem = (Element)(new StAXOMBuilder(new OMDOMFactory(),
+ strElem.getXMLStreamReader()).getDocumentElement());
+
+ try {
+ SecurityTokenReference str = new SecurityTokenReference((Element)elem);
+ if (str.containsReference()) {
+ tokenId = str.getReference().getURI();
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorExtractingTokenId",e);
+ }
+ }
+ }
/**
* Process wst:Entropy element in the request.
@@ -443,6 +503,13 @@
*/
public String getSoapNs() {
return soapNs;
+ }
+
+ /**
+ * @return Returns the tokenId.
+ */
+ public String getTokenId() {
+ return tokenId;
}
/**
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java Thu Apr 3 04:07:26 2008
@@ -16,6 +16,7 @@
package org.apache.rahas;
+import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
public interface TokenRenewer {
@@ -39,17 +40,17 @@
* @param configFile
*/
public void setConfigurationFile(String configFile);
-
+
/**
- * Set the configuration element of this TokenRenewer.
+ * Set the configuration element of TokenRenewer.
*
* This is the <configuration> element of the
* token-dispatcher-configuration
*
* @param configElement
- * <code>OMElement</code> representing the configuration
+ * <code>OMElement</code> representing the configuration
*/
- public void setConfigurationElement(String configElement);
+ public void setConfigurationElement(OMElement configElement);
/**
* Set the name of the configuration parameter.
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java Thu Apr 3 04:07:26 2008
@@ -101,8 +101,22 @@
} else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_RENEW).equals(reqType) ||
(RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_RENEW).equals(reqType)) {
log.debug("renew");
- throw new UnsupportedOperationException("TODO: handle " +
- "renew requests");
+
+ TokenRenewer renewer;
+ if (tokenType == null || tokenType.trim().length() == 0) {
+ renewer = config.getDefaultRenewerInstance();
+ } else {
+ renewer = config.getRenewer(tokenType);
+ }
+
+ SOAPEnvelope response = renewer.renew(data);
+
+ outMsgCtx.getOptions().setAction(
+ TrustUtil.getActionValue(data.getVersion(),
+ RahasConstants.RSTR_ACTION_RENEW));
+
+ return response;
+
} else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType) ||
(RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType)) {
log.debug("cancel");
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java Thu Apr 3 04:07:26 2008
@@ -35,6 +35,7 @@
private final static QName ISSUER = new QName("issuer");
private final static QName CANCELER = new QName("canceler");
private final static QName VALIDATOR = new QName("validator");
+ private final static QName RENEWER = new QName("renewer");
private final static QName TOKEN_TYPE = new QName("tokenType");
private final static QName CLASS_ATTR = new QName("class");
private final static QName DEFAULT_ATTR = new QName("default");
@@ -42,6 +43,7 @@
private Map issuers;
private Map validators;
+ private Map renewers;
private Map configFiles = new Hashtable();
private Map configElements = new Hashtable();
private Map configParamNames = new Hashtable();
@@ -49,6 +51,7 @@
private String defaultIssuerClassName;
private String defaultCancelerClassName;
private String defaultValidatorClassName;
+ private String defaultRenewerClassName;
public static TokenRequestDispatcherConfig load(OMElement configElem) throws TrustException {
@@ -62,9 +65,14 @@
//Validators
handleValidators(configElem, conf);
-
+
+ //Renewers
+ handleRenewers(configElem, conf);
+
// Cancelers
handleCancelers(configElem, conf);
+
+
//There must be a defulat issuer
if (conf.defaultIssuerClassName == null) {
@@ -138,48 +146,93 @@
private static void handleValidators(OMElement configElem,
TokenRequestDispatcherConfig conf) throws TrustException {
- for (Iterator issuerElems = configElem.getChildrenWithName(VALIDATOR);
- issuerElems.hasNext();) {
+ for (Iterator validatorElems = configElem.getChildrenWithName(VALIDATOR);
+ validatorElems.hasNext();) {
- OMElement element = (OMElement) issuerElems.next();
+ OMElement element = (OMElement) validatorElems.next();
- //get the class attr
- String validatorClass = element.getAttributeValue(CLASS_ATTR);
- if (validatorClass == null) {
- throw new TrustException("missingClassName");
- }
- String isDefault = element.getAttributeValue(DEFAULT_ATTR);
- if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
- //Use the first default issuer as the default isser
- if (conf.defaultValidatorClassName == null) {
- conf.defaultValidatorClassName = validatorClass;
- } else {
- throw new TrustException("badDispatcherConfigMultipleDefaultValidators");
+ //get the class attr
+ String validatorClass = element.getAttributeValue(CLASS_ATTR);
+ if (validatorClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultValidatorClassName == null) {
+ conf.defaultValidatorClassName = validatorClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultValidators");
+ }
}
- }
- processConfiguration(element, conf, validatorClass);
+ processConfiguration(element, conf, validatorClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Validator", validatorClass});
+ }
+ if (conf.validators == null) {
+ conf.validators = new Hashtable();
+ }
+ //If the token type is not already declared then add it to the
+ //table with the validator classname
+ if (!conf.validators.keySet().contains(value)) {
+ conf.validators.put(value, validatorClass);
+ }
+ }
+ }
+ }
+
+ private static void handleRenewers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+
+ for (Iterator renewerElems = configElem.getChildrenWithName(RENEWER);
+ renewerElems.hasNext();) {
+
+ OMElement element = (OMElement) renewerElems.next();
- //Process token types
- for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
- tokenTypes.hasNext();) {
- OMElement type = (OMElement) tokenTypes.next();
- String value = type.getText();
- if (value == null || value.trim().length() == 0) {
- throw new TrustException("invalidTokenTypeDefinition",
- new String[]{"Validator", validatorClass});
+ //get the class attr
+ String renewerClass = element.getAttributeValue(CLASS_ATTR);
+ if (renewerClass == null) {
+ throw new TrustException("missingClassName");
}
- if (conf.validators == null) {
- conf.validators = new Hashtable();
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultRenewerClassName == null) {
+ conf.defaultRenewerClassName = renewerClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultRenewers");
+ }
}
- //If the token type is not already declared then add it to the
- //table with the issuer classname
- if (!conf.validators.keySet().contains(value)) {
- conf.validators.put(value, validatorClass);
+
+ processConfiguration(element, conf, renewerClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Renewer", renewerClass});
+ }
+ if (conf.renewers == null) {
+ conf.renewers = new Hashtable();
+ }
+ //If the token type is not already declared then add it to the
+ //table with the renwer classname
+ if (!conf.renewers.keySet().contains(value)) {
+ conf.renewers.put(value, renewerClass);
+ }
}
- }
- }
-
+ }
}
private static void processConfiguration(OMElement element,
@@ -257,6 +310,19 @@
}
}
+ public TokenRenewer getDefaultRenewerInstance() throws TrustException {
+ if (this.defaultRenewerClassName != null) {
+ try {
+ return createRenewer(this.defaultRenewerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultRenewerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
public String getDefaultIssuerName() {
return this.defaultIssuerClassName;
@@ -277,7 +343,7 @@
return createIssuer(issuerClassName);
} catch (Exception e) {
throw new TrustException("cannotLoadClass",
- new String[]{this.defaultIssuerClassName}, e);
+ new String[]{issuerClassName}, e);
}
}
@@ -287,7 +353,7 @@
if (this.validators != null) {
validatorClassName = (String) this.validators.get(tokenType);
}
- //If a specific validator is not found use the default issuer
+ //If a specific validator is not found use the default validator
if (validatorClassName == null) {
validatorClassName = this.defaultValidatorClassName;
}
@@ -295,7 +361,25 @@
return createValidator(validatorClassName);
} catch (Exception e) {
throw new TrustException("cannotLoadClass",
- new String[]{this.defaultValidatorClassName}, e);
+ new String[]{validatorClassName}, e);
+ }
+ }
+
+ public TokenRenewer getRenewer(String tokenType) throws TrustException {
+ String renewerClassName = null;
+ //try to find the renewer class name from the tokenType<->Renewer map
+ if (this.renewers != null) {
+ renewerClassName = (String) this.renewers.get(tokenType);
+ }
+ //If a specific renewer is not found use the default renewer
+ if (renewerClassName == null) {
+ renewerClassName = this.defaultRenewerClassName;
+ }
+ try {
+ return createRenewer(renewerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{renewerClassName}, e);
}
}
@@ -325,5 +409,13 @@
validator.setConfigurationFile((String) this.configFiles.get(validatorClassName));
validator.setConfigurationParamName((String) this.configParamNames.get(validatorClassName));
return validator;
+ }
+
+ private TokenRenewer createRenewer (String renewerClassName) throws Exception {
+ TokenRenewer renewer = (TokenRenewer) Loader.loadClass(renewerClassName).newInstance();
+ renewer.setConfigurationElement((OMElement) this.configElements.get(renewerClassName));
+ renewer.setConfigurationFile((String) this.configFiles.get(renewerClassName));
+ renewer.setConfigurationParamName((String) this.configParamNames.get(renewerClassName));
+ return renewer;
}
}
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java Thu Apr 3 04:07:26 2008
@@ -157,6 +157,32 @@
RahasConstants.LocalNames.TOKEN_TYPE,
RahasConstants.WST_PREFIX);
}
+
+ public static OMElement createValidateTargetElement(int version, OMElement parent,
+ OMElement str) throws TrustException {
+ OMElement validateTarget = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.VALIDATE_TARGET,
+ RahasConstants.WST_PREFIX);
+ validateTarget.addChild(str);
+
+ return validateTarget;
+
+ }
+
+ public static OMElement createRenewTargetElement(int version, OMElement parent,
+ OMElement str) throws TrustException {
+ OMElement renewTarget = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.RENEW_TARGET,
+ RahasConstants.WST_PREFIX);
+ renewTarget.addChild(str);
+
+ return renewTarget;
+
+}
+
+
public static OMElement createBinarySecretElement(
int version,
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java Thu Apr 3 04:07:26 2008
@@ -38,6 +38,7 @@
import org.apache.neethi.Policy;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
@@ -50,6 +51,7 @@
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
@@ -187,7 +189,7 @@
this.processPolicy(issuerPolicy, null);
OMElement response = client.sendReceive(rstQn,
- createValidateRequest(requestType));
+ createValidateRequest(requestType,tokenId));
System.out.println(response.toString());
@@ -196,7 +198,40 @@
} catch (AxisFault e) {
log.error("errorInValidatingToken", e);
- throw new TrustException("errorInObtainingToken", new String[]{issuerAddress});
+ throw new TrustException("errorInValidatingToken", new String[]{issuerAddress});
+ }
+
+ }
+
+ public boolean renewToken(String tokenId,
+ String issuerAddress,
+ Policy issuerPolicy) throws TrustException {
+
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ if(this.addressingNs != null) {
+ client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ this.processPolicy(issuerPolicy, null);
+
+ String tokenType = RahasConstants.TOK_TYPE_SAML_10;
+
+ OMElement response = client.sendReceive(rstQn,
+ createRenewRequest(tokenType,tokenId));
+
+ return true;
+
+ } catch (AxisFault e) {
+ log.error("errorInRenewingToken", e);
+ throw new TrustException("errorInRenewingToken", new String[]{issuerAddress});
}
}
@@ -548,7 +583,7 @@
}
- private OMElement createValidateRequest(String requestType) throws TrustException {
+ private OMElement createValidateRequest(String requestType, String tokenId) throws TrustException {
log.debug("Creating request with request type: " + requestType);
@@ -563,10 +598,64 @@
tokenTypeElem.setText(tokenType);
- System.out.println(rst.toString());
+ TokenStorage store = TrustUtil.getTokenStore(configCtx);
+
+ Token token = store.getToken(tokenId);
+
+ if ( token != null) {
+
+ OMElement str = token.getUnattachedReference();
+
+ if (str == null) {
+ str = token.getAttachedReference();
+ }
+
+ TrustUtil.createValidateTargetElement(this.version, rst,str);
+
+
+ } else {
+ throw new TrustException("noToken",new String[]{tokenId});
+ }
return rst;
+
+ }
+
+ private OMElement createRenewRequest(String tokenType, String tokenId) throws TrustException {
+
+ String requestType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_RENEW;
+
+ log.debug("Creating request with request type: " + requestType);
+
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
+
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(version, rst);
+ tokenTypeElem.setText(tokenType);
+
+ TokenStorage store = TrustUtil.getTokenStore(configCtx);
+ Token token = store.getToken(tokenId);
+
+ if ( token != null) {
+
+ OMElement str = token.getUnattachedReference();
+
+ if (str == null) {
+ str = token.getAttachedReference();
+ }
+
+ TrustUtil.createRenewTargetElement(this.version, rst,str);
+
+
+ } else {
+ throw new TrustException("noToken",new String[]{tokenId});
+ }
+
+ return rst;
+
}
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties Thu Apr 3 04:07:26 2008
@@ -38,6 +38,7 @@
defaultIssuerMissing = The default issuer must be specified
tokenAlreadyExists = "The token \"{0}\" already exists in the store
noTokenToUpdate = Canot find token : \"{0}\" to update
+noToken = Canot find token : \"{0}\"
errorInBuildingTheEncryptedKey = Error in building a xenc:EncyptedKey , encrypted for \"{0}\"
missingDispatcherConfiguration = Cannot find the token-dispatcher-configuration
missingConfiguration = Missing configuration: \"{0}\"
@@ -82,4 +83,6 @@
cannotDetermineTokenId = Cannot determine token ID from request
tokenNotFound = Token with ID \"{0}\" cannot be found
configurationIsNull = Configuration is null
-errorInCancelingToken = Error occurred while trying to cancel token
\ No newline at end of file
+errorInCancelingToken = Error occurred while trying to cancel token
+
+errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
\ No newline at end of file
Added: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java?rev=644261&view=auto
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java (added)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java Thu Apr 3 04:07:26 2008
@@ -0,0 +1,199 @@
+package org.apache.rahas.impl;
+
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.Date;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenRenewer;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.xml.security.signature.XMLSignature;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+public class SAMLTokenRenewer implements TokenRenewer {
+
+ private String configParamName;
+
+ private OMElement configElement;
+
+ private String configFile;
+
+ public SOAPEnvelope renew(RahasData data) throws TrustException {
+
+ // retrieve the message context
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ SAMLTokenIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = new SAMLTokenIssuerConfig(configElement
+ .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = new SAMLTokenIssuerConfig(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = inMsgCtx.getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = new SAMLTokenIssuerConfig(param
+ .getParameterElement().getFirstChildWithName(
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[] { this.configParamName });
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("configurationIsNull");
+ }
+
+ // retrieve the list of tokens from the message context
+ TokenStorage tkStorage = TrustUtil.getTokenStore(inMsgCtx);
+
+ try {
+ // Set the DOM impl to DOOM
+ DocumentBuilderFactoryImpl.setDOOMRequired(true);
+
+ // Create envelope
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
+
+ // Create RSTR element, with respective version
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
+
+ Crypto crypto;
+ if (config.cryptoElement != null) {
+ // crypto props defined as elements
+ crypto = CryptoFactory.getInstance(TrustUtil
+ .toProperties(config.cryptoElement), inMsgCtx
+ .getAxisService().getClassLoader());
+ } else {
+ // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ inMsgCtx.getAxisService().getClassLoader());
+ }
+
+ // Create TokenType element
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ RahasConstants.TOK_TYPE_SAML_10);
+
+ // Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ // Obtain the token
+ Token tk = tkStorage.getToken(data.getTokenId());
+
+ OMElement assertionOMElement = tk.getToken();
+ SAMLAssertion samlAssertion = null;
+
+ try {
+ samlAssertion = new SAMLAssertion((Element) assertionOMElement);
+ samlAssertion.unsign();
+ samlAssertion.setNotBefore(creationTime);
+ samlAssertion.setNotOnOrAfter(expirationTime);
+
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
+
+ samlAssertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+
+ // Create the RequestedSecurityToken element and add the SAML token
+ // to it
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ Node tempNode = samlAssertion.toDOM();
+ reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
+ .getOwnerDocument().importNode(tempNode, true));
+
+
+ } catch (SAMLException e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ } catch (WSSecurityException e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ } catch (Exception e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ }
+ return env;
+ } finally {
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+
+}
Modified: webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java?rev=644261&r1=644260&r2=644261&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java Thu Apr 3 04:07:26 2008
@@ -81,8 +81,8 @@
OMElement statusElement = createMessageElement(wstVersion,
rstrElem, RahasConstants.LocalNames.STATUS);
- //TODO this is wrong, figure out a way to get the token to validate
- Token tk = tkStorage.getToken(tkStorage.getTokenIdentifiers()[0]);
+ // Obtain the token
+ Token tk = tkStorage.getToken(data.getTokenId());
// create the crypto object
PublicKey issuerPBKey = getIssuerPublicKey(inMsgCtx);