You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by na...@apache.org on 2008/04/21 11:24:41 UTC
svn commit: r650061 - in /webservices/rampart/branches/java/1_4: ./
modules/rampart-core/src/main/java/org/apache/rampart/
modules/rampart-core/src/main/java/org/apache/rampart/builder/
modules/rampart-core/src/main/java/org/apache/rampart/handler/ mod...
Author: nandana
Date: Mon Apr 21 02:24:35 2008
New Revision: 650061
URL: http://svn.apache.org/viewvc?rev=650061&view=rev
Log:
there are some changed in the trunk which are not committed to the trunk
Modified:
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
webservices/rampart/branches/java/1_4/modules/rampart-trust-mar/module.xml
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
webservices/rampart/branches/java/1_4/pom.xml
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java Mon Apr 21 02:24:35 2008
@@ -62,7 +62,16 @@
RampartPolicyData rpd = rmd.getPolicyData();
- if(rpd == null || isSecurityValidationFault(msgCtx)) {
+ if(rpd == null || isSecurityValidationFault(msgCtx) ||
+ !RampartUtil.isSecHeaderRequired(rpd, rmd.isInitiator(),false)) {
+
+ Document doc = rmd.getDocument();
+ WSSecHeader secHeader = rmd.getSecHeader();
+
+ if ( secHeader != null && secHeader.isEmpty(doc) ) {
+ secHeader.removeSecurityHeader(doc);
+ }
+
return;
}
@@ -137,6 +146,9 @@
AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
builder.build(rmd);
}
+
+ //TODO remove following check, we don't need this check here as we do a check to see whether
+ // security header required
Document doc = rmd.getDocument();
WSSecHeader secHeader = rmd.getSecHeader();
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java Mon Apr 21 02:24:35 2008
@@ -30,6 +30,7 @@
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
@@ -46,6 +47,8 @@
import java.util.Set;
import java.util.Vector;
+import javax.xml.namespace.QName;
+
public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandler {
private static Log log = LogFactory.getLog(PolicyBasedResultsValidator.class);
@@ -80,6 +83,9 @@
//sig/encr
Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
if(rpd != null && rpd.isSignatureProtection() && isSignatureRequired(rmd)) {
+
+ String sigId = RampartUtil.getSigElementId(rmd);
+
encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
WSConstants.SIG_NS, "Element"));
}
@@ -219,8 +225,8 @@
SupportingToken sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens();
if(sig && signatureParts.size() == 0
- && sgndSupTokens.getTokens().size() == 0
- && sgndEndorSupTokens.getTokens().size() == 0) {
+ && (sgndSupTokens == null || sgndSupTokens.getTokens().size() == 0)
+ && (sgndEndorSupTokens == null || sgndEndorSupTokens.getTokens().size() == 0)) {
//Unexpected signature
throw new RampartException("unexprectedSignature");
@@ -413,26 +419,40 @@
//Check for encrypted body
if(rpd.isEncryptBody()) {
- if(!encrRefs.contains(data.getBodyEncrDataId())){
+ if( !isRefIdPresent(encrRefs, data.getBodyEncrDataId())){
throw new RampartException("encryptedPartMissing",
new String[]{data.getBodyEncrDataId()});
}
}
-// TODO : IMPORTANT this processing is wrong .. fix it
-//
-// int refCount = 0;
-//
-// refCount += encryptedParts.size();
-//
-// if(rpd.isSignatureProtection()) {
-// refCount ++;
-// }
-//
-// if(encrRefs.size() != refCount) {
-// throw new RampartException("invalidNumberOfEncryptedParts",
-// new String[]{Integer.toString(refCount)});
-// }
+ for (int i = 0 ; i < encryptedParts.size() ; i++) {
+
+ WSEncryptionPart encPart = (WSEncryptionPart)encryptedParts.get(i);
+
+ //This is the encrypted Body and we already checked encrypted body
+ if (encPart.getType() == WSConstants.PART_TYPE_BODY) {
+ continue;
+ }
+
+ if ((WSConstants.SIG_LN.equals(encPart.getName()) &&
+ WSConstants.SIG_NS.equals(encPart.getNamespace()))
+ || encPart.getType() == WSConstants.PART_TYPE_HEADER ) {
+ if (!isRefIdPresent(encrRefs, new QName(encPart.getNamespace(),encPart.getName()))) {
+ throw new RampartException("encryptedPartMissing",
+ new String[]{encPart.getNamespace()+":"+encPart.getName()});
+ }
+ continue;
+ }
+
+ if (encPart.getEncId() == null) {
+ throw new RampartException("encryptedPartMissing",
+ new String[]{encPart.getNamespace()+":"+encPart.getName()});
+ } else if (!isRefIdPresent(encrRefs, encPart.getEncId())) {
+ throw new RampartException("encryptedPartMissing",
+ new String[]{encPart.getNamespace()+":"+encPart.getName()});
+ }
+
+ }
}
@@ -662,8 +682,8 @@
x509certs[0] = cert;
// ... and the other certificates
for (int j = 0; j < certs.length; j++) {
- cert = certs[i];
- x509certs[certs.length + j] = cert;
+ cert = certs[j];
+ x509certs[j + 1] = cert;
}
certs = x509certs;
@@ -703,7 +723,7 @@
if(dataRefUris != null) {
for (Iterator iterator = dataRefUris.iterator(); iterator
.hasNext();) {
- String uri = (String) iterator.next();
+ WSDataRef uri = (WSDataRef) iterator.next();
refs.add(uri);
}
}
@@ -778,5 +798,53 @@
return false;
}
+
+ private boolean isRefIdPresent(ArrayList refList , String id) {
+
+ for (int i = 0; i < refList.size() ; i++) {
+ WSDataRef dataRef = (WSDataRef)refList.get(i);
+
+ //ArrayList can contain null elements
+ if(dataRef == null) {
+ continue;
+ }
+ //Try to get the wsuId of the decrypted element
+ String dataRefUri = dataRef.getWsuId();
+ //If not found, try the reference Id of encrypted element ( we set the same Id when we
+ // decrypted element in WSS4J)
+ if (dataRefUri == null) {
+ dataRefUri = dataRef.getDataref();
+ }
+ if (dataRefUri != null && dataRefUri.equals(id)) {
+ return true;
+ }
+ }
+
+ return false;
+
+ }
+
+ private boolean isRefIdPresent(ArrayList refList , QName qname) {
+
+ for (int i = 0; i < refList.size() ; i++) {
+ WSDataRef dataRef = (WSDataRef)refList.get(i);
+
+ //ArrayList can contain null elements
+ if(dataRef == null) {
+ continue;
+ }
+ //QName of the decrypted element
+ QName dataRefQName = dataRef.getName();
+
+ if ( dataRefQName != null && dataRefQName.equals(qname)) {
+ return true;
+ }
+
+ }
+
+ return false;
+
+ }
+
}
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java Mon Apr 21 02:24:35 2008
@@ -75,7 +75,7 @@
//If there is no policy information or if the message is a security fault or no security
// header required by the policy
- if(rpd == null || isSecurityFault(rmd) || !RampartUtil.isSecHeaderRequired(rpd,rmd.isInitiator())) {
+ if(rpd == null || isSecurityFault(rmd) || !RampartUtil.isSecHeaderRequired(rpd,rmd.isInitiator(),true)) {
SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
//Convert back to llom since the inflow cannot use llom
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java Mon Apr 21 02:24:35 2008
@@ -278,8 +278,28 @@
}
}
- this.config = WSSConfig.getDefaultWSConfig();
+ // Check whether RampartConfig is present
+ if (this.policyData != null && this.policyData.getRampartConfig() != null) {
+
+ boolean timestampPrecisionInMilliseconds = Boolean.valueOf(this.policyData
+ .getRampartConfig().getTimestampPrecisionInMilliseconds()).booleanValue();
+
+ // This is not the default behavior, we clone the default WSSConfig to prevent this
+ // affecting globally
+ if (timestampPrecisionInMilliseconds == WSSConfig.getDefaultWSConfig()
+ .isPrecisionInMilliSeconds()) {
+ this.config = WSSConfig.getDefaultWSConfig();
+ } else {
+ this.config = RampartUtil.getWSSConfigInstance();
+ this.config.setPrecisionInMilliSeconds(timestampPrecisionInMilliseconds);
+ }
+ } else {
+ this.config = WSSConfig.getDefaultWSConfig();
+ }
+
+
+
this.customClassLoader = msgCtx.getAxisService().getClassLoader();
if(this.sender && this.policyData != null) {
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java Mon Apr 21 02:24:35 2008
@@ -135,6 +135,9 @@
WSSecUsernameToken utBuilder = new WSSecUsernameToken();
utBuilder.setUserInfo(user, null);
utBuilder.setPasswordType(null);
+ if (rmd.getConfig() != null) {
+ utBuilder.setWsConfig(rmd.getConfig());
+ }
return utBuilder;
}
@@ -172,7 +175,9 @@
//If the password is available then build the token
WSSecUsernameToken utBuilder = new WSSecUsernameToken();
-
+ if(rmd.getConfig() != null) {
+ utBuilder.setWsConfig(rmd.getConfig());
+ }
if (token.isHashPassword()) {
utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java Mon Apr 21 02:24:35 2008
@@ -151,7 +151,7 @@
}
//Now check for security processing results if security policy is available
- if(RampartUtil.isSecHeaderRequired(rpd,isInitiator) &&
+ if(RampartUtil.isSecHeaderRequired(rpd,isInitiator,true) &&
msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
throw new AxisFault("InvalidSecurity");
}
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java Mon Apr 21 02:24:35 2008
@@ -104,6 +104,12 @@
}
childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_PRECISION_IN_MS_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampPrecisionInMilliseconds(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.TS_TTL_LN));
if (childElement != null) {
rampartConfig.setTimestampTTL(childElement.getText().trim());
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java Mon Apr 21 02:24:35 2008
@@ -35,6 +35,7 @@
* <ramp:encryptionUser>bob</ramp:encryptionUser>
* <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
* <ramp:policyValidatorCbClass>org.apache.axis2.security.ramp:PolicyValidatorCallbackHandler</ramp:policyValidatorCbClass>
+ * <ramp:timestampPrecisionInMilliseconds>true</timestampPrecisionInMilliseconds>
* <ramp:timestampTTL>300</ramp:timestampTTL>
* <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
* <ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
@@ -59,7 +60,9 @@
*
*/
public class RampartConfig implements Assertion {
-
+
+ public static final boolean DEFAULT_TIMESTAMP_PRECISION_IN_MS = true;
+
public static final int DEFAULT_TIMESTAMP_TTL = 300;
public static final int DEFAULT_TIMESTAMP_MAX_SKEW = 300;
@@ -90,6 +93,8 @@
public final static String STS_CRYPTO_LN = "stsCrypto";
+ public final static String TS_PRECISION_IN_MS_LN = "timestampPrecisionInMilliseconds";
+
public final static String TS_TTL_LN = "timestampTTL";
public final static String TS_MAX_SKEW_LN = "timestampMaxSkew";
@@ -120,6 +125,8 @@
private CryptoConfig stsCryptoConfig;
+ private String timestampPrecisionInMilliseconds = Boolean.toString(DEFAULT_TIMESTAMP_PRECISION_IN_MS);
+
private String timestampTTL = Integer.toString(DEFAULT_TIMESTAMP_TTL);
private String timestampMaxSkew = Integer.toString(DEFAULT_TIMESTAMP_MAX_SKEW);
@@ -279,6 +286,12 @@
writer.writeEndElement();
}
+ if (getTimestampPrecisionInMilliseconds() != null) {
+ writer.writeStartElement(NS, TS_PRECISION_IN_MS_LN);
+ writer.writeCharacters(getTimestampPrecisionInMilliseconds());
+ writer.writeEndElement();
+ }
+
if (getTimestampTTL() != null) {
writer.writeStartElement(NS, TS_TTL_LN);
writer.writeCharacters(getTimestampTTL());
@@ -334,6 +347,14 @@
return Constants.TYPE_ASSERTION;
}
+ public String getTimestampPrecisionInMilliseconds() {
+ return timestampPrecisionInMilliseconds;
+ }
+
+ public void setTimestampPrecisionInMilliseconds(String timestampPrecisionInMilliseconds) {
+ this.timestampPrecisionInMilliseconds = timestampPrecisionInMilliseconds;
+ }
+
/**
* @return Returns the timestampTTL.
*/
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java Mon Apr 21 02:24:35 2008
@@ -98,7 +98,6 @@
while (cipherValueElements.hasNext()) {
OMElement element = (OMElement) cipherValueElements.next();
OMText text = (OMText)element.getFirstOMChild();
- System.out.println(text.getText().length());
text.setOptimize(true);
}
}
Modified: webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java Mon Apr 21 02:24:35 2008
@@ -64,6 +64,7 @@
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
@@ -77,6 +78,7 @@
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.utils.Constants;
import org.jaxen.JaxenException;
import org.jaxen.XPath;
import org.w3c.dom.Document;
@@ -741,7 +743,7 @@
Vector encryptedPartsElements = getPartsAndElements(false, envelope, rpd.isEncryptBody(), rpd.getEncryptedParts(), rpd.getEncryptedElements(),rpd.getDeclaredNamespaces());
return getContentEncryptedElements(encryptedPartsElements, envelope, rpd.getContentEncryptedElements(), rpd.getDeclaredNamespaces());
}
-
+
public static Vector getSignedParts(RampartMessageData rmd) {
RampartPolicyData rpd = rmd.getPolicyData();
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
@@ -833,9 +835,16 @@
while (nodesIter.hasNext())
{
OMElement e = (OMElement)nodesIter.next();
-
- encryptedPartsElements.add(new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Content"));
-
+
+ WSEncryptionPart encryptedElem = new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Content");
+ OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ if ( wsuId != null ) {
+ encryptedElem.setEncId(wsuId.getAttributeValue());
+ }
+
+ encryptedPartsElements.add(encryptedElem);
+
}
} catch (JaxenException e) {
@@ -859,7 +868,7 @@
if( sign ) {
result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
} else {
- result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()), "Content"));
+ result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()), "Content", WSConstants.PART_TYPE_BODY));
}
found.add( envelope.getBody() );
}
@@ -887,7 +896,15 @@
if( sign ) {
result.add(new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Content"));
} else {
- result.add(new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Element"));
+
+ WSEncryptionPart encryptedHeader = new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Element", WSConstants.PART_TYPE_HEADER);
+ OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ if ( wsuId != null ) {
+ encryptedHeader.setEncId(wsuId.getAttributeValue());
+ }
+
+ result.add(encryptedHeader);
}
}
}
@@ -897,7 +914,14 @@
if( e != null ) {
if( ! found.contains( e ) ) {
// found new (reuse wsep)
- found.add( e );
+ found.add( e );
+ wsep.setType(WSConstants.PART_TYPE_HEADER);
+ OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ if ( wsuId != null ) {
+ wsep.setEncId(wsuId.getAttributeValue());
+ }
+
result.add( wsep );
}
}
@@ -930,10 +954,19 @@
{
OMElement e = (OMElement)nodesIter.next();
- if (sign)
+ if (sign) {
result.add(new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Content"));
- else
- result.add(new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Element"));
+ } else {
+
+ WSEncryptionPart encryptedElem = new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Element");
+ OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ if ( wsuId != null ) {
+ encryptedElem.setEncId(wsuId.getAttributeValue());
+ }
+
+ result.add(encryptedElem);
+ }
}
} catch (JaxenException e) {
@@ -1298,7 +1331,8 @@
* @param rpd
* @return true if a security header is required in the incoming message
*/
- public static boolean isSecHeaderRequired(RampartPolicyData rpd, boolean initiator ) {
+ public static boolean isSecHeaderRequired(RampartPolicyData rpd, boolean initiator,
+ boolean inflow ) {
// Checking for time stamp
if ( rpd.isIncludeTimestamp() ) {
@@ -1320,7 +1354,7 @@
// Checking for supporting tokens
SupportingToken supportingTokens;
- if (!initiator) {
+ if (!initiator && inflow || initiator && !inflow ) {
supportingTokens = rpd.getSupportingTokens();
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
@@ -1387,6 +1421,59 @@
}
+ }
+
+ public static String getSigElementId(RampartMessageData rmd) {
+
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+
+ SOAPHeader header = envelope.getHeader();
+
+ if (header == null ) {
+ return null;
+ }
+
+ ArrayList secHeaders = header.getHeaderBlocksWithNSURI(WSConstants.WSSE_NS);
+
+ if (secHeaders != null && secHeaders.size() > 0) {
+ QName sigQName = new QName(Constants.SignatureSpecNS,Constants._TAG_SIGNATURE);
+ QName wsuIdQName = new QName(WSConstants.WSU_NS,"Id");
+ OMElement sigElem = ((SOAPHeaderBlock)secHeaders.get(0)).getFirstChildWithName(sigQName);
+ OMAttribute wsuId = sigElem.getAttribute(wsuIdQName);
+
+ if (wsuId != null) {
+ return wsuId.getAttributeValue();
+ }
+
+ wsuId = sigElem.getAttribute(new QName("Id"));
+
+ if (wsuId != null) {
+ return wsuId.getAttributeValue();
+ }
+
+
+ }
+
+ return null;
+ }
+
+ /**
+ * We use this method to prevent the singleton behavior of WSSConfig
+ * @return WSSConfig object with the latest settings.
+ */
+
+ public static WSSConfig getWSSConfigInstance() {
+
+ WSSConfig defaultWssConfig = WSSConfig.getDefaultWSConfig();
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+
+ wssConfig.setEnableSignatureConfirmation(defaultWssConfig.isEnableSignatureConfirmation());
+ wssConfig.setTimeStampStrict(defaultWssConfig.isTimeStampStrict());
+ wssConfig.setWsiBSPCompliant(defaultWssConfig.isWsiBSPCompliant());
+ wssConfig.setPrecisionInMilliSeconds(defaultWssConfig.isPrecisionInMilliSeconds());
+
+ return wssConfig;
+
}
}
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust-mar/module.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust-mar/module.xml?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust-mar/module.xml (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust-mar/module.xml Mon Apr 21 02:24:35 2008
@@ -1,41 +1,52 @@
-<module name="rahas">
- <Description>This module is used to STS enable a service where it adds
- the RequestSecurityToken operation to a service that the module is engaged to</Description>
-
- <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
-
- <operation name="RequestSecurityToken" mep="http://www.w3.org/2006/01/wsdl/in-out">
- <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
-
- <!-- Action mapping to accept SCT requests -->
- <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
-
- <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
- <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
- <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
- <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
- <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
-
- <parameter name="token-dispatcher-configuration">
- <token-dispatcher-configuration>
- <!-- Issuers. You may have many issuers. -->
- <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
- <configuration type="parameter">sct-issuer-config</configuration>
- <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
- </issuer>
- <issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
- <configuration type="parameter">saml-issuer-config</configuration>
- <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
- </issuer>
-
- <!-- Only a single canceler is allowed -->
- <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
- <configuration type="parameter">token-canceler-config</configuration>
- </canceler>
-
- </token-dispatcher-configuration>
- </parameter>
-
- </operation>
-
-</module>
+<module name="rahas">
+ <Description>This module is used to STS enable a service where it adds
+ the RequestSecurityToken operation to a service that the module is engaged to</Description>
+
+ <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+
+ <operation name="RequestSecurityToken" mep="http://www.w3.org/2006/01/wsdl/in-out">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+
+ <!-- Action mapping to accept SCT requests -->
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+ <parameter name="token-dispatcher-configuration">
+ <token-dispatcher-configuration>
+ <!-- Issuers. You may have many issuers. -->
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration type="parameter">sct-issuer-config</configuration>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </issuer>
+
+ <validator class="org.apache.rahas.impl.SAMLTokenValidator" default="true">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </validator>
+
+ <!-- Only a single canceler is allowed -->
+ <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
+ <configuration type="parameter">token-canceler-config</configuration>
+ </canceler>
+
+ <!-- Renewers. You may have many renewers -->
+ <renewer class="org.apache.rahas.impl.SAMLTokenRenewer" default="true">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </renewer>
+
+ </token-dispatcher-configuration>
+ </parameter>
+
+ </operation>
+
+</module>
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java Mon Apr 21 02:24:35 2008
@@ -46,6 +46,17 @@
public static final String
REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION = "RequestSecurityTokenResponseCollection";
public final static String BINARY_SECRET = "BinarySecret";
+ public final static String VALIDATE_TARGET = "ValidateTarget";
+ public final static String RENEW_TARGET = "RenewTarget";
+
+ /* <wst:RequestSecurityTokenResponse>
+ * <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Status</wst:TokenType>
+ * <wst:Status>
+ * <wst:Code>http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid</wst:Code>
+ * </wst:Status> ... </wst:RequestSecurityTokenResponse>"
+ */
+ public static final String STATUS = "Status";
+ public static final String CODE = "Code";
}
public static class IssuanceBindingLocalNames {
@@ -101,12 +112,18 @@
public static final String RSTR_ACTION_CANCEL = "/RSTR" + REQ_TYPE_CANCEL;
public static final String RSTR_ACTION_SCT = "/RSTR/SCT";
public static final String RSTR_ACTION_CANCEL_SCT = "/RSTR/SCT" + REQ_TYPE_CANCEL;
+
+ //Status codes
+ public static final String STATUS_CODE_VALID = "/status/valid";
+ public static final String STATUS_CODE_INVALID = "/status/invalid";
+
+ public static final String TOK_TYPE_STATUS = "/RSTR/Status";
//Token types
public static final String TOK_TYPE_SAML_10 = "http://docs.oasis-open.org/wss/" +
"oasis-wss-saml-token-profile-1.1#SAMLV1.1";
//Attrs
- public static final String ATTR_TYPE = "Type";
+ public static final String ATTR_TYPE = "Type";
public static final String ATTR_CLAIMS_DIALECT = "Dialect";
}
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java Mon Apr 21 02:24:35 2008
@@ -17,14 +17,19 @@
package org.apache.rahas;
import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
import org.apache.axiom.om.util.Base64;
import org.apache.axis2.addressing.AddressingConstants;
import org.apache.axis2.context.MessageContext;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.SecurityTokenReference;
import org.opensaml.SAMLAssertion;
+import org.w3c.dom.Element;
import javax.xml.namespace.QName;
@@ -48,6 +53,8 @@
private String requestType;
private String tokenType;
+
+ private String tokenId;
private int keysize = -1;
@@ -124,6 +131,10 @@
this.processEntropy();
this.processClaims();
+
+ this.processValidateTarget();
+
+ this.processRenewTarget();
}
@@ -304,6 +315,55 @@
}
}
+
+ private void processValidateTarget()throws TrustException{
+
+ OMElement validateTargetElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.VALIDATE_TARGET));
+
+ if (validateTargetElem != null) {
+
+ OMElement strElem = validateTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ "SecurityTokenReference"));
+
+ Element elem = (Element)(new StAXOMBuilder(new OMDOMFactory(),
+ strElem.getXMLStreamReader()).getDocumentElement());
+
+ try {
+ SecurityTokenReference str = new SecurityTokenReference((Element)elem);
+ if (str.containsReference()) {
+ tokenId = str.getReference().getURI();
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorExtractingTokenId",e);
+ }
+ }
+ }
+
+ private void processRenewTarget()throws TrustException{
+
+ OMElement renewTargetElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.RENEW_TARGET));
+ if (renewTargetElem != null) {
+
+ OMElement strElem = renewTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ "SecurityTokenReference"));
+
+ Element elem = (Element)(new StAXOMBuilder(new OMDOMFactory(),
+ strElem.getXMLStreamReader()).getDocumentElement());
+
+ try {
+ SecurityTokenReference str = new SecurityTokenReference((Element)elem);
+ if (str.containsReference()) {
+ tokenId = str.getReference().getURI();
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorExtractingTokenId",e);
+ }
+ }
+ }
/**
* Process wst:Entropy element in the request.
@@ -443,6 +503,13 @@
*/
public String getSoapNs() {
return soapNs;
+ }
+
+ /**
+ * @return Returns the tokenId.
+ */
+ public String getTokenId() {
+ return tokenId;
}
/**
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java Mon Apr 21 02:24:35 2008
@@ -16,6 +16,7 @@
package org.apache.rahas;
+import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
public interface TokenRenewer {
@@ -39,17 +40,17 @@
* @param configFile
*/
public void setConfigurationFile(String configFile);
-
+
/**
- * Set the configuration element of this TokenRenewer.
+ * Set the configuration element of TokenRenewer.
*
* This is the <configuration> element of the
* token-dispatcher-configuration
*
* @param configElement
- * <code>OMElement</code> representing the configuration
+ * <code>OMElement</code> representing the configuration
*/
- public void setConfigurationElement(String configElement);
+ public void setConfigurationElement(OMElement configElement);
/**
* Set the name of the configuration parameter.
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java Mon Apr 21 02:24:35 2008
@@ -20,6 +20,7 @@
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.impl.SAMLTokenValidator;
public class TokenRequestDispatcher {
@@ -79,13 +80,43 @@
} else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_VALIDATE).equals(reqType) ||
(RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_VALIDATE).equals(reqType)) {
log.debug("validate");
- throw new UnsupportedOperationException("TODO: handle " +
- "validate requests");
+
+ TokenValidator validator;
+ if (tokenType == null || tokenType.trim().length() == 0) {
+ validator = config.getDefaultValidatorInstance();
+ } else {
+ validator = config.getValidator(tokenType);
+ }
+
+ SOAPEnvelope response = validator.validate(data);
+
+ outMsgCtx.getOptions().setAction(
+ TrustUtil.getActionValue(data.getVersion(),
+ RahasConstants.RSTR_ACTION_VALIDATE));
+
+ return response;
+
+
+
} else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_RENEW).equals(reqType) ||
(RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_RENEW).equals(reqType)) {
log.debug("renew");
- throw new UnsupportedOperationException("TODO: handle " +
- "renew requests");
+
+ TokenRenewer renewer;
+ if (tokenType == null || tokenType.trim().length() == 0) {
+ renewer = config.getDefaultRenewerInstance();
+ } else {
+ renewer = config.getRenewer(tokenType);
+ }
+
+ SOAPEnvelope response = renewer.renew(data);
+
+ outMsgCtx.getOptions().setAction(
+ TrustUtil.getActionValue(data.getVersion(),
+ RahasConstants.RSTR_ACTION_RENEW));
+
+ return response;
+
} else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType) ||
(RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType)) {
log.debug("cancel");
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java Mon Apr 21 02:24:35 2008
@@ -34,18 +34,24 @@
private final static QName DISPATCHER_CONFIG = new QName("token-dispatcher-configuration");
private final static QName ISSUER = new QName("issuer");
private final static QName CANCELER = new QName("canceler");
+ private final static QName VALIDATOR = new QName("validator");
+ private final static QName RENEWER = new QName("renewer");
private final static QName TOKEN_TYPE = new QName("tokenType");
private final static QName CLASS_ATTR = new QName("class");
private final static QName DEFAULT_ATTR = new QName("default");
private final static QName CONFIGURATION_ELEMENT = new QName("configuration");
private Map issuers;
+ private Map validators;
+ private Map renewers;
private Map configFiles = new Hashtable();
private Map configElements = new Hashtable();
private Map configParamNames = new Hashtable();
private String defaultIssuerClassName;
private String defaultCancelerClassName;
+ private String defaultValidatorClassName;
+ private String defaultRenewerClassName;
public static TokenRequestDispatcherConfig load(OMElement configElem) throws TrustException {
@@ -56,9 +62,17 @@
// Issuers
handleIssuers(configElem, conf);
-
+
+ //Validators
+ handleValidators(configElem, conf);
+
+ //Renewers
+ handleRenewers(configElem, conf);
+
// Cancelers
handleCancelers(configElem, conf);
+
+
//There must be a defulat issuer
if (conf.defaultIssuerClassName == null) {
@@ -128,6 +142,98 @@
}
}
}
+
+ private static void handleValidators(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+
+ for (Iterator validatorElems = configElem.getChildrenWithName(VALIDATOR);
+ validatorElems.hasNext();) {
+
+ OMElement element = (OMElement) validatorElems.next();
+
+ //get the class attr
+ String validatorClass = element.getAttributeValue(CLASS_ATTR);
+ if (validatorClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultValidatorClassName == null) {
+ conf.defaultValidatorClassName = validatorClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultValidators");
+ }
+ }
+
+ processConfiguration(element, conf, validatorClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Validator", validatorClass});
+ }
+ if (conf.validators == null) {
+ conf.validators = new Hashtable();
+ }
+ //If the token type is not already declared then add it to the
+ //table with the validator classname
+ if (!conf.validators.keySet().contains(value)) {
+ conf.validators.put(value, validatorClass);
+ }
+ }
+ }
+ }
+
+ private static void handleRenewers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+
+ for (Iterator renewerElems = configElem.getChildrenWithName(RENEWER);
+ renewerElems.hasNext();) {
+
+ OMElement element = (OMElement) renewerElems.next();
+
+ //get the class attr
+ String renewerClass = element.getAttributeValue(CLASS_ATTR);
+ if (renewerClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultRenewerClassName == null) {
+ conf.defaultRenewerClassName = renewerClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultRenewers");
+ }
+ }
+
+ processConfiguration(element, conf, renewerClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Renewer", renewerClass});
+ }
+ if (conf.renewers == null) {
+ conf.renewers = new Hashtable();
+ }
+ //If the token type is not already declared then add it to the
+ //table with the renwer classname
+ if (!conf.renewers.keySet().contains(value)) {
+ conf.renewers.put(value, renewerClass);
+ }
+ }
+ }
+ }
private static void processConfiguration(OMElement element,
TokenRequestDispatcherConfig conf,
@@ -190,6 +296,33 @@
return null;
}
}
+
+ public TokenValidator getDefaultValidatorInstance() throws TrustException {
+ if (this.defaultValidatorClassName != null) {
+ try {
+ return createValidator(this.defaultValidatorClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultValidatorClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public TokenRenewer getDefaultRenewerInstance() throws TrustException {
+ if (this.defaultRenewerClassName != null) {
+ try {
+ return createRenewer(this.defaultRenewerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultRenewerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
public String getDefaultIssuerName() {
return this.defaultIssuerClassName;
@@ -210,7 +343,43 @@
return createIssuer(issuerClassName);
} catch (Exception e) {
throw new TrustException("cannotLoadClass",
- new String[]{this.defaultIssuerClassName}, e);
+ new String[]{issuerClassName}, e);
+ }
+ }
+
+ public TokenValidator getValidator(String tokenType) throws TrustException {
+ String validatorClassName = null;
+ //try to find the validator class name from the tokenType<->validator map
+ if (this.validators != null) {
+ validatorClassName = (String) this.validators.get(tokenType);
+ }
+ //If a specific validator is not found use the default validator
+ if (validatorClassName == null) {
+ validatorClassName = this.defaultValidatorClassName;
+ }
+ try {
+ return createValidator(validatorClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{validatorClassName}, e);
+ }
+ }
+
+ public TokenRenewer getRenewer(String tokenType) throws TrustException {
+ String renewerClassName = null;
+ //try to find the renewer class name from the tokenType<->Renewer map
+ if (this.renewers != null) {
+ renewerClassName = (String) this.renewers.get(tokenType);
+ }
+ //If a specific renewer is not found use the default renewer
+ if (renewerClassName == null) {
+ renewerClassName = this.defaultRenewerClassName;
+ }
+ try {
+ return createRenewer(renewerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{renewerClassName}, e);
}
}
@@ -232,5 +401,21 @@
canceler.setConfigurationFile((String) this.configFiles.get(cancelerClassName));
canceler.setConfigurationParamName((String) this.configParamNames.get(cancelerClassName));
return canceler;
+ }
+
+ private TokenValidator createValidator(String validatorClassName) throws Exception {
+ TokenValidator validator = (TokenValidator) Loader.loadClass(validatorClassName).newInstance();
+ validator.setConfigurationElement((OMElement) this.configElements.get(validatorClassName));
+ validator.setConfigurationFile((String) this.configFiles.get(validatorClassName));
+ validator.setConfigurationParamName((String) this.configParamNames.get(validatorClassName));
+ return validator;
+ }
+
+ private TokenRenewer createRenewer (String renewerClassName) throws Exception {
+ TokenRenewer renewer = (TokenRenewer) Loader.loadClass(renewerClassName).newInstance();
+ renewer.setConfigurationElement((OMElement) this.configElements.get(renewerClassName));
+ renewer.setConfigurationFile((String) this.configFiles.get(renewerClassName));
+ renewer.setConfigurationParamName((String) this.configParamNames.get(renewerClassName));
+ return renewer;
}
}
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java Mon Apr 21 02:24:35 2008
@@ -16,6 +16,7 @@
package org.apache.rahas;
+import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
public interface TokenValidator {
@@ -24,7 +25,7 @@
* Validate the token specified in the given request.
*
* @param data
- * A populated <code>RahasData</code> instance
+ * A populated <code>RahasData</code> instance
* @return Response SOAPEnveloper
* @throws TrustException
*/
@@ -47,9 +48,9 @@
* token-dispatcher-configuration
*
* @param configElement
- * <code>OMElement</code> representing the configuration
+ * <code>OMElement</code> representing the configuration
*/
- public void setConfigurationElement(String configElement);
+ public void setConfigurationElement(OMElement configElement);
/**
* Set the name of the configuration parameter.
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java Mon Apr 21 02:24:35 2008
@@ -157,6 +157,32 @@
RahasConstants.LocalNames.TOKEN_TYPE,
RahasConstants.WST_PREFIX);
}
+
+ public static OMElement createValidateTargetElement(int version, OMElement parent,
+ OMElement str) throws TrustException {
+ OMElement validateTarget = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.VALIDATE_TARGET,
+ RahasConstants.WST_PREFIX);
+ validateTarget.addChild(str);
+
+ return validateTarget;
+
+ }
+
+ public static OMElement createRenewTargetElement(int version, OMElement parent,
+ OMElement str) throws TrustException {
+ OMElement renewTarget = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.RENEW_TARGET,
+ RahasConstants.WST_PREFIX);
+ renewTarget.addChild(str);
+
+ return renewTarget;
+
+}
+
+
public static OMElement createBinarySecretElement(
int version,
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java Mon Apr 21 02:24:35 2008
@@ -38,6 +38,7 @@
import org.apache.neethi.Policy;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
@@ -50,6 +51,7 @@
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
@@ -84,7 +86,7 @@
private byte[] requestorEntropy;
- private String addressingNs = AddressingConstants.Final.WSA_NAMESPACE;
+ private String addressingNs = AddressingConstants.Submission.WSA_NAMESPACE;
private int keySize;
@@ -166,6 +168,74 @@
}
}
+ public boolean validateToken(String tokenId,
+ String issuerAddress,
+ Policy issuerPolicy) throws TrustException {
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+ String requestType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_VALIDATE;
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ if(this.addressingNs != null) {
+ client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ this.processPolicy(issuerPolicy, null);
+
+ OMElement response = client.sendReceive(rstQn,
+ createValidateRequest(requestType,tokenId));
+
+ System.out.println(response.toString());
+
+ return true;
+
+
+ } catch (AxisFault e) {
+ log.error("errorInValidatingToken", e);
+ throw new TrustException("errorInValidatingToken", new String[]{issuerAddress});
+ }
+
+ }
+
+ public boolean renewToken(String tokenId,
+ String issuerAddress,
+ Policy issuerPolicy) throws TrustException {
+
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ if(this.addressingNs != null) {
+ client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ this.processPolicy(issuerPolicy, null);
+
+ String tokenType = RahasConstants.TOK_TYPE_SAML_10;
+
+ OMElement response = client.sendReceive(rstQn,
+ createRenewRequest(tokenType,tokenId));
+
+ return true;
+
+ } catch (AxisFault e) {
+ log.error("errorInRenewingToken", e);
+ throw new TrustException("errorInRenewingToken", new String[]{issuerAddress});
+ }
+
+ }
+
private ServiceClient getServiceClient(QName rstQn,
String issuerAddress) throws AxisFault {
AxisService axisService =
@@ -510,6 +580,82 @@
return rst;
+
+ }
+
+ private OMElement createValidateRequest(String requestType, String tokenId) throws TrustException {
+
+ log.debug("Creating request with request type: " + requestType);
+
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
+
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(this.version, rst);
+
+ String tokenType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.TOK_TYPE_STATUS;
+
+ tokenTypeElem.setText(tokenType);
+
+ TokenStorage store = TrustUtil.getTokenStore(configCtx);
+
+ Token token = store.getToken(tokenId);
+
+ if ( token != null) {
+
+ OMElement str = token.getUnattachedReference();
+
+ if (str == null) {
+ str = token.getAttachedReference();
+ }
+
+ TrustUtil.createValidateTargetElement(this.version, rst,str);
+
+
+ } else {
+ throw new TrustException("noToken",new String[]{tokenId});
+ }
+
+ return rst;
+
+ }
+
+ private OMElement createRenewRequest(String tokenType, String tokenId) throws TrustException {
+
+ String requestType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_RENEW;
+
+ log.debug("Creating request with request type: " + requestType);
+
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
+
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(version, rst);
+ tokenTypeElem.setText(tokenType);
+
+ TokenStorage store = TrustUtil.getTokenStore(configCtx);
+
+ Token token = store.getToken(tokenId);
+
+ if ( token != null) {
+
+ OMElement str = token.getUnattachedReference();
+
+ if (str == null) {
+ str = token.getAttachedReference();
+ }
+
+ TrustUtil.createRenewTargetElement(this.version, rst,str);
+
+
+ } else {
+ throw new TrustException("noToken",new String[]{tokenId});
+ }
+
+ return rst;
+
}
Modified: webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties (original)
+++ webservices/rampart/branches/java/1_4/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties Mon Apr 21 02:24:35 2008
@@ -28,7 +28,8 @@
UnableToRenew = The requested renewal failed
-errorInObtainingToken = Error in obtaining token from : \"{0}\"
+errorInObtainingToken = Error in obtaining token from : \"{0}\"
+errorInValidatingToken = Error in validating token from : \"{0}\"
incorrectConfiguration = The given configuration element is not a "token-dispatcher-configuration" element
missingClassName = Class attribute missing
cannotLoadClass = Error in loading and instantiating the class \"{0}\"
@@ -37,6 +38,7 @@
defaultIssuerMissing = The default issuer must be specified
tokenAlreadyExists = "The token \"{0}\" already exists in the store
noTokenToUpdate = Canot find token : \"{0}\" to update
+noToken = Canot find token : \"{0}\"
errorInBuildingTheEncryptedKey = Error in building a xenc:EncyptedKey , encrypted for \"{0}\"
missingDispatcherConfiguration = Cannot find the token-dispatcher-configuration
missingConfiguration = Missing configuration: \"{0}\"
@@ -81,4 +83,6 @@
cannotDetermineTokenId = Cannot determine token ID from request
tokenNotFound = Token with ID \"{0}\" cannot be found
configurationIsNull = Configuration is null
-errorInCancelingToken = Error occurred while trying to cancel token
\ No newline at end of file
+errorInCancelingToken = Error occurred while trying to cancel token
+
+errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
\ No newline at end of file
Modified: webservices/rampart/branches/java/1_4/pom.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/pom.xml?rev=650061&r1=650060&r2=650061&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_4/pom.xml (original)
+++ webservices/rampart/branches/java/1_4/pom.xml Mon Apr 21 02:24:35 2008
@@ -89,9 +89,9 @@
<updatePolicy>always</updatePolicy>
<checksumPolicy>warn</checksumPolicy>
</releases>
- <id>axis2-rc2</id>
- <name>Apache Axis2 RC2 repo</name>
- <url>http://people.apache.org/~dims/axis2-1.4/RC2/m2-repo</url>
+ <id>axis2-rc4</id>
+ <name>Apache Axis2 RC4 repo</name>
+ <url>http://people.apache.org/~dims/axis2-1.4/RC4/m2-repo/</url>
<layout>default</layout>
</repository>
<repository>
@@ -469,16 +469,16 @@
<rampart.version>${pom.version}</rampart.version>
<rampart.mar.version>642186</rampart.mar.version>
<rahas.mar.version>642186</rahas.mar.version>
- <axis2.version>640261</axis2.version>
- <neethi.version>634514</neethi.version>
- <axiom.version>640198</axiom.version>
- <wss4j.version>SNAPSHOT</wss4j.version>
+ <axis2.version>1.4</axis2.version>
+ <neethi.version>2.0.4</neethi.version>
+ <axiom.version>1.2.7</axiom.version>
+ <wss4j.version>1.5.4-RC1</wss4j.version>
<woden.version>634519</woden.version>
<addressing.mar.version>SNAPSHOT</addressing.mar.version>
<xmlsec.version>1.4.1</xmlsec.version>
<opensaml.version>1.1</opensaml.version>
- <XmlSchema.version>640087</XmlSchema.version>
+ <XmlSchema.version>1.4.2</XmlSchema.version>
<xbean.version>2.1.0</xbean.version>
<wsdl4j.version>1.6.2</wsdl4j.version>