You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by di...@apache.org on 2005/04/12 14:39:08 UTC
cvs commit: ws-fx/wss4j/src/org/apache/ws/security/trust/message/token KeySize.java ComputedKey.java
dims 2005/04/12 05:39:08
Modified: wss4j/src/org/apache/ws/axis/security/conversation
ConvHandlerConstants.java
ConversationClientHandler.java
wss4j/src/org/apache/ws/axis/security/trust/secconv/interop
UNT2SAMLIssuer.java
wss4j/src/org/apache/ws/axis/security/trust/service
RequestSecurityTokenType.java
SecurityTokenService.java
wss4j/src/org/apache/ws/security/trust TrustConstants.java
wss4j/src/org/apache/ws/security/trust/message/token
ComputedKey.java
Added: wss4j/src/org/apache/ws/axis/security/conversation
ClientReceiver.java ClientSender.java
SecurityContextTokenIssuer.java
SecurityContextTokenService.java
wss4j/src/org/apache/ws/security/trust STSManager2.java
wss4j/src/org/apache/ws/security/trust/message/token
KeySize.java
Log:
Committing some changes from Ruchith for SecureConversation.
Revision Changes Path
1.6 +26 -1 ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/ConvHandlerConstants.java
Index: ConvHandlerConstants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/ConvHandlerConstants.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ConvHandlerConstants.java 16 Oct 2004 07:40:08 -0000 1.5
+++ ConvHandlerConstants.java 12 Apr 2005 12:39:08 -0000 1.6
@@ -18,7 +18,11 @@
package org.apache.ws.axis.security.conversation;
+import org.apache.axis.components.logger.LogFactory;
+import org.apache.commons.logging.Log;
import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.transform.STRTransform;
+import org.apache.xml.security.transforms.Transform;
import java.util.Hashtable;
import java.util.Map;
@@ -30,6 +34,9 @@
*/
public class ConvHandlerConstants {
+ private static Log log =
+ LogFactory.getLog(ConvHandlerConstants.class.getName());
+
public static final String SEVER_PROP_FILE = "serverPropFile";
public static final String REQUESTOR_PROP_FILE = "requestorPropFile";
public static final String STS_PROP_FILE = "trustServicePropFile";
@@ -65,6 +72,11 @@
public static Map requesterTypeMapper = new Hashtable();
//TODO::Remove the below line
public static final String CONV_CALLBACK = "pwcallback";
+
+ public static final String SCT_ISSUE_ACTION = "http://schemas.xmlsoap.org/ws/2005/XX/security/trust/RST/SCT";
+
+
+
/**
* Which algorithm to be used for encryption as in AES or DES and so on
@@ -103,7 +115,20 @@
new Integer(ConversationConstants.INTEROP_SCENE1));
-
+ org.apache.xml.security.Init.init();
+ String Id = "BC";
+ if (java.security.Security.getProvider(Id) == null) {
+ log.debug("The provider " + Id
+ + " had to be added to the java.security.Security");
+ java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
+ }
+ Transform.init();
+ try {
+ Transform.register(STRTransform.implementedTransformURI,
+ "org.apache.ws.security.transform.STRTransform");
+ } catch (Exception ex) {
+ //TODO Log the exception
+ }
}
1.13 +1 -85 ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/ConversationClientHandler.java
Index: ConversationClientHandler.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/ConversationClientHandler.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- ConversationClientHandler.java 17 Mar 2005 10:54:31 -0000 1.12
+++ ConversationClientHandler.java 12 Apr 2005 12:39:08 -0000 1.13
@@ -325,96 +325,12 @@
*Add them to the convSession.
*/
- log.debug("I am in ClientHndelr Response");
+ log.debug("I am in ClientHandler Response");
try{
ConversationEngine convEng = new ConversationEngine(this.configurator);
Vector results = convEng.processSecConvHeader(doc, "", dkcbHandler, (String)this.configurator.get(WSHandlerConstants.PW_CALLBACK_CLASS));
-
- ConvEngineResult convResult = null;
- //String uuid = "";
-
-
-
- /*put the actions into a stack to obtain LIFO behavior
- * Rational for using the stack;
- *
- * Consider "Signature Encrypt"
- * Then the ConvEngine Results will be in the order "Encrypt Signature"
- * i.e. ConvEngine reusult containing ConvEngineResult.ENCRYPT_DERIVED_KEY
- * will be before ConvEngineResult.SIGN_DERIVED_KEY
- *
- * Hense I need to read actions in the order of Last in First out - the stack
- *
- * This is same for "Encrypt Signature" visa versa.
- */
-// Stack stk = new Stack();
-// for(int i=0; i<actionsInt.length ; i++){
-// stk.push(new Integer(actionsInt[i]));
-// }
-// int act = -1;
-// boolean rstr = false;
-// for(int i=0; i<results.size(); i++){
-// convResult=(ConvEngineResult)results.get(i);
-//
-// switch(convResult.getAction()){
-//
-// case ConvEngineResult.SECURITY_TOKEN_RESPONSE :
-// log.debug("ConversationServerHandler :: Found RSTR result");
-// uuid = convResult.getUuid();
-// rstr = true;
-// break;
-//
-// case ConvEngineResult.ENCRYPT_DERIVED_KEY :
-// log.debug("ConversationServerHandler :: Found dk_encrypt result");
-// if(stk.isEmpty()){
-// throw new AxisFault("Action mismatch");
-// }
-//
-// act =((Integer)stk.pop()).intValue();
-// if(act == ConversationConstants.DK_ENCRYPT){
-// //fine do nothing
-// }else{
-// throw new AxisFault("Mismatch action order");
-// }
-// break;
-//
-// case ConvEngineResult.SIGN_DERIVED_KEY :
-// log.debug("ConversationServerHandler :: Found dk_sign result");
-// if(stk.isEmpty()){
-// throw new AxisFault("Action mismatch");
-// }
-// act =((Integer)stk.pop()).intValue();
-// if(act == ConversationConstants.DK_SIGN){
-// //fine do nothing
-// }else{
-// throw new AxisFault("Mismatch action order");
-// }
-// break;
-//
-// case ConvEngineResult.SCT :
-// log.debug("ConversationServerHandler :: Found SCT result");
-// uuid = convResult.getUuid();
-// break;
-//
-// }
-// }
-//
-// if(uuid.equals("")){
-// throw new AxisFault("ConversationServerHandler :: Cannot find Session.");
-// }
-//
-// if(!rstr){
-// if(!stk.isEmpty()){
-// throw new AxisFault("Action mismatch. Required action missing");
-// }
-// }
- // msgContext.setProperty(ConversationConstants.IDENTIFIER,uuid);
-
-
-
-
} catch (ConversationException e1) {
e1.printStackTrace();
throw new AxisFault("CovnersationServerHandler :: "+e1.getMessage());
1.1 ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/ClientReceiver.java
Index: ClientReceiver.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.axis.security.conversation;
import org.apache.axis.AxisFault;
import org.apache.axis.MessageContext;
import org.apache.axis.handlers.BasicHandler;
/**
* @author Ruchith Fernando
*/
public class ClientReceiver extends BasicHandler {
/**
* Comment for <code>serialVersionUID</code>
*/
private static final long serialVersionUID = 1L;
/* (non-Javadoc)
* @see org.apache.axis.Handler#invoke(org.apache.axis.MessageContext)
*/
public void invoke(MessageContext arg0) throws AxisFault {
// TODO Auto-generated method stub
}
}
1.1 ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/ClientSender.java
Index: ClientSender.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.axis.security.conversation;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.SOAPPart;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.message.MessageElement;
import org.apache.axis.message.SOAPHeaderElement;
import org.apache.commons.logging.Log;
import org.apache.ws.axis.security.trust.secconv.interop.InteropHandshaker;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConvEngineResult;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.ConversationEngine;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.ConversationManager;
import org.apache.ws.security.conversation.ConversationUtil;
import org.apache.ws.security.conversation.DerivedKeyCallbackHandler;
import org.apache.ws.security.conversation.message.info.DerivedKeyInfo;
import org.apache.ws.security.conversation.message.info.SecurityContextInfo;
import org.apache.ws.security.conversation.message.token.RequestSecurityTokenResponse;
import org.apache.ws.security.conversation.message.token.RequestedProofToken;
import org.apache.ws.security.conversation.message.token.RequestedSecurityToken;
import org.apache.ws.security.conversation.message.token.SecurityContextToken;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.StringUtil;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
/**
* @author Ruchith Fernando
*/
public class ClientSender extends BasicHandler {
/**
* Comment for <code>serialVersionUID</code>
*/
private static final long serialVersionUID = 1L;
private static Log log =
LogFactory.getLog(ClientSender.class.getName());
private int keyLen = -1;
private RequestSecurityTokenResponse stRes;
private static DerivedKeyCallbackHandler dkcbHandler =
new DerivedKeyCallbackHandler();
// private int frequency = 1;
private WSSecurityEngine secEng = null;
private static String uuid = null;
private Crypto serverCrypto = null;
private String serverAlias = null;
private Crypto reqCrypto = null;
private Crypto stsCrypto = null;
private int sctEstablishment = -1;
private static boolean handShakeDone = false;
private boolean isSCTavailabe = false;
private static boolean isConfigured = false;
private boolean readCrypto = false;
private String appliesTo = null;
private boolean isSessionInfoConfigured = false;
/*
* TODO :: For now we are allowing only fixed sized derived keys
*/
private boolean usedFixedKeys = true;
private HashMap configurator;
int[] actionsInt;
public ClientSender() throws AxisFault {
log.debug("ConversationClientHandler :: created");
}
/**
* Method inherited from the BasicHandler.
* If in the request flow calls the doRequestMetod()
* else calls the doResponse() method.
*
*/
public void invoke(MessageContext msg) throws AxisFault {
log.debug("ConversationClientHandler :: invoked");
System.out.println("ConversationClientHandler :: invoked");
if (msg.getPastPivot())
doResponse(msg);
else
doRequest(msg);
}
/**
* The method is called in the request flow.
*
* Do request method behaves in two different was according to the fact that
* <p>initial handshake is done.</p>
* <p>OR</p>
* <p>initial handshake is not done, i.e. SCT is not in memory</p>
*
* <br/>If SCT is in memory(handshake is done), then conversation carried out
* using it
* <br/>If Token is not in memory (handshake is not done), the the SCT generation
* method will be read from the wsdd file. According to the parameters read the
* method will execute actions.
* @param msg
* @throws AxisFault
*/
private void doRequest(MessageContext msg) throws AxisFault {
if(!isSessionInfoConfigured){
initSessionInfo();
isSessionInfoConfigured = true;
}
Message sm = msg.getCurrentMessage();
//SOAPPart sPart = (org.apache.axis.SOAPPart) sm.getSOAPPart();
Document doc = null;
if (!handShakeDone) {
decodeSCTEstabParameter();
this.loadCrypto();
switch (this.sctEstablishment) {
case ConversationConstants.DIRECT_GENERATED :
this.doHandshake_Direct_Generated(sm);
break;
case ConversationConstants.STS_GENERATED :
this.doHandshake_STS_Generated(sm);
break;
case ConversationConstants.STSREQUEST_TOKEN ://the scenario where STS signs the token.
break;
case ConversationConstants.INTEROP_SCENE1 :
this.doHandlshake_Interop(sm);
break;
default :
throw new AxisFault("Unsupored STS establishment method.");
}
handShakeDone = true;
} else { // handshake is done.
log.debug("Token in memory .");
SOAPPart sPart = (org.apache.axis.SOAPPart) sm.getSOAPPart();
try {
doc =
((org.apache.axis.message.SOAPEnvelope) sPart
.getEnvelope())
.getAsDocument();
} catch (Exception e) {
throw new AxisFault("CoversationClientHandler :: Cannot get the document");
}
try {
// add the relavent SCT
Element securityHeader =
WSSecurityUtil.findWsseSecurityHeaderBlock(WSSConfig.getDefaultWSConfig(),
doc,
doc.getDocumentElement(),
true);
WSSecurityUtil.appendChildElement(
doc,
securityHeader,
(new SecurityContextToken(doc, uuid)).getElement());
ConversationManager manager = new ConversationManager();
for (int i = 0; i < this.actionsInt.length; i++) {
// Derrive the token
DerivedKeyInfo dkInfo =
manager.createDerivedKeyToken(doc, uuid, dkcbHandler,null, keyLen);
String genID = dkInfo.getId();
SecurityTokenReference stRef =
dkInfo.getSecTokRef2DkToken();
if (actionsInt[i] == ConversationConstants.DK_ENCRYPT) {
manager.performDK_ENCR(
ConversationUtil.generateIdentifier(uuid, genID),
"",
true,
doc,
stRef,
dkcbHandler, null,(String)this.configurator.get(ConvHandlerConstants.DK_ENC_ALGO));
} else if(actionsInt[i]==ConversationConstants.DK_SIGN){
//TODO:
manager.performDK_Sign(doc, dkcbHandler, uuid, dkInfo, null);
}
manager.addDkToken(doc,dkInfo);
}
} catch (ConversationException e1) {
e1.printStackTrace();
throw new AxisFault(
"ConversationClientHandler ::" + e1.getMessage());
}
//set it as current message
ByteArrayOutputStream os = new ByteArrayOutputStream();
XMLUtils.outputDOM(doc, os, true);
String osStr = os.toString();
sPart.setCurrentMessage(osStr, SOAPPart.FORM_STRING);
}
}
/**
* This method is called in the response.
* If Security Context Token (SCT) is not in the message, then it throws a fault.
*
* @param msgContext
* @throws AxisFault
*/
private void doResponse(MessageContext msgContext)
throws AxisFault { //for incoming message
Document doc = null;
if(!isSessionInfoConfigured){
initSessionInfo();
isSessionInfoConfigured = true;
}
Message message = msgContext.getCurrentMessage();
SOAPPart sPart = (org.apache.axis.SOAPPart) message.getSOAPPart();
Object obj = null;
if((obj=msgContext.getProperty(ConvHandlerConstants.DK_CB_HANDLER))!=null){
dkcbHandler = (DerivedKeyCallbackHandler)obj;
}
try {
doc =
((org.apache.axis.message.SOAPEnvelope) sPart.getEnvelope())
.getAsDocument();
} catch (Exception e) {
throw new AxisFault(
"WSDoAllSender: cannot get SOAP envlope from message" + e);
}
/*Get the derved key tokens.
*Add them to the convSession.
*/
log.debug("I am in ClientHndelr Response");
try{
ConversationEngine convEng = new ConversationEngine(this.configurator);
Vector results = convEng.processSecConvHeader(doc, "", dkcbHandler, (String)this.configurator.get(WSHandlerConstants.PW_CALLBACK_CLASS));
ConvEngineResult convResult = null;
} catch (ConversationException e1) {
e1.printStackTrace();
throw new AxisFault("CovnersationServerHandler :: "+e1.getMessage());
}
//stolen from WSDoallReciever
ByteArrayOutputStream os = new ByteArrayOutputStream();
XMLUtils.outputDOM(doc, os, true);
sPart.setCurrentMessage(os.toByteArray(), SOAPPart.FORM_BYTES);
ArrayList processedHeaders = new ArrayList();
Iterator iterator = message.getSOAPEnvelope().getHeaders().iterator();
while (iterator.hasNext()) {
org.apache.axis.message.SOAPHeaderElement tempHeader = (org.apache.axis.message.SOAPHeaderElement) iterator.next();
if (tempHeader.isProcessed()) {
processedHeaders.add(tempHeader.getQName());
}
}
/*
* set the original processed-header flags
*/
iterator = processedHeaders.iterator();
while (iterator.hasNext()) {
QName qname = (QName) iterator.next();
Enumeration enumHeaders = message.getSOAPEnvelope().getHeadersByName(qname.getNamespaceURI(), qname.getLocalPart());
while(enumHeaders.hasMoreElements()) {
org.apache.axis.message.SOAPHeaderElement tempHeader = (org.apache.axis.message.SOAPHeaderElement)enumHeaders.nextElement();
tempHeader.setProcessed(true);
}
}
/*
* After setting the new current message, probably modified because
* of decryption, we need to locate the security header. That is,
* we force Axis (with getSOAPEnvelope()) to parse the string, build
* the new header. Then we examine, look up the security header
* and set the header as processed.
*
* Please note: find all header elements that contain the same
* actor that was given to processSecurityHeader(). Then
* check if there is a security header with this actor.
*/
SOAPHeader sHeader = null;
try {
sHeader = message.getSOAPEnvelope().getHeader();
} catch (Exception ex) {
throw new AxisFault("WSDoAllReceiver: cannot get SOAP header after security processing", ex);
}
Iterator headers = sHeader.examineHeaderElements("");
SOAPHeaderElement headerElement = null;
while (headers.hasNext()) {
SOAPHeaderElement hE = (SOAPHeaderElement) headers.next();
if (hE.getLocalName().equals(WSConstants.WSSE_LN)
&& hE.getNamespaceURI().equals(WSConstants.WSSE_NS)) {
headerElement = hE;
break;
}
}
((org.apache.axis.message.SOAPHeaderElement) headerElement).setProcessed(true);
System.out.println("I am in ClientHndelr Response");
} //do response done
/**
* The method is responsible for generating a SCT. This implements the scenario
* described in the specification as "Security context token created by
* one of the communicating parties and propagated with a message"
*
* @param sm
* @throws AxisFault
*/
private void doHandshake_Direct_Generated(Message sm) throws AxisFault {
Document doc = null;
SOAPPart sPart = (org.apache.axis.SOAPPart) sm.getSOAPPart();
try {
log.debug("ConversationClientHandler :: Trust Not required");
doc =
((org.apache.axis.message.SOAPEnvelope) sPart.getEnvelope())
.getAsDocument();
this.initSessionInfo();
this.stRes = new RequestSecurityTokenResponse(doc, true);
} catch (Exception e) {
e.printStackTrace();
throw new AxisFault(
"ConversationClientHandler ::" + e.getMessage());
}
/*
* SCT is now created.
* Steps::
* 1)
* 2)SCTInfo in dkcbHandler
*/
uuid = stRes.getRequestedSecurityToken().getSct().getIdentifier();
stRes.build(doc);
isSCTavailabe = true;
//Now encrypting with the base token
RequestedProofToken reqProof = stRes.getRequestedProofToken();
try {
reqProof.doEncryptProof(doc, this.serverCrypto, this.serverAlias);
SecurityContextInfo info =
new SecurityContextInfo(
stRes.getRequestedSecurityToken().getSct(),
reqProof,
((Integer) (configurator
.get(ConvHandlerConstants.KEY_FREQ)))
.intValue());
dkcbHandler.addSecurtiyContext(uuid, info);
/*
* Add session specific information to the dkcbHandler
* 1) Key frequency.
*/
if (usedFixedKeys == true) {
Long ln = new Long((String)Integer.toString(keyLen));
dkcbHandler.setDerivedKeyLength(uuid, ln.longValue() );
}
ByteArrayOutputStream os = new ByteArrayOutputStream();
XMLUtils.outputDOM(doc, os, true);
String osStr = os.toString();
sPart.setCurrentMessage(osStr, SOAPPart.FORM_STRING);
} catch (WSSecurityException e2) {
e2.printStackTrace();
throw new AxisFault(
"ConversationClientHandler ::" + e2.getMessage());
} catch (ConversationException e2) {
e2.printStackTrace();
throw new AxisFault(
"ConversationClientHandler ::" + e2.getMessage());
}
}
/**
* This method is repsonsible for obtaining the SCT from the STS.
*
* Firstly, a method call to the STS is done, usig WS-Trust components.
*
* The STS will return a <RequestedSecurityTokenResponse> that contains
* <RequestedProofToken> and <RequestedSecurityToken>
*
* The returned <RequestedProofToken> is decrypted, and again encrypted with the servers
* certificate to create a new <RequestedProofToken>.
*
* The recieved <RequestedSecurityToken> and the newly created <RequestedProofToken> is
* added to the message.
*
*
* @param sm
* @throws AxisFault
*/
private void doHandshake_STS_Generated(Message sm) throws AxisFault {
Document doc = null;
MessageElement[] meArrRes = null;
String tmpStr = null;
String stsEndPoint, callbackHandler;
if ((tmpStr = (String) getOption(ConvHandlerConstants.STS_ADDRESS))
!= null) {
stsEndPoint =tmpStr;
}else{
throw new AxisFault("STS address is not set.");
}
if ((tmpStr =(String) getOption(ConvHandlerConstants.APPLIES_TO_VAL))
!= null) {
log.debug("Applies to value is read ::" + tmpStr);
this.appliesTo = tmpStr;
}
if ((tmpStr = (String) getOption(ConvHandlerConstants.CONV_CALLBACK))
!= null) {
callbackHandler =tmpStr;
}else{
throw new AxisFault("PasswordCallbackHandler is not set.");
}
// try {
//// TrustCommunicator tc =
//// new TrustCommunicator(stsEndPoint);
////
//// tc.requestSecurityToken(
//// new URI(TrustConstants.ISSUE_SECURITY_TOKEN_RST),
//// TokenType.SCT,this.appliesTo);
////
//// meArrRes = tc.getResponse();
//// log.debug(
//// "TrustCommTester end length of elements in the response is "
//// + meArrRes.length);
//
// } catch (MalformedURIException e1) {
// e1.printStackTrace();
// throw new AxisFault(
// "ConversationClientHandler ::" + e1.getMessage());
// } catch (Exception e1) {
// e1.printStackTrace();
// throw new AxisFault(
// "ConversationClientHandler ::" + e1.getMessage());
// }
// We have successfully recieved the message element part.
SecurityContextToken sct = null;
RequestedProofToken proof = null;
log.debug("Trust communitcator successfully completed.");
try {
MessageElement tmpEle = null;
for (int i = 0; i < meArrRes.length; i++) {
tmpEle = meArrRes[i];
QName el =
new QName(tmpEle.getNamespaceURI(), tmpEle.getLocalName());
Element domEle = tmpEle.getAsDOM();
if (el.equals(RequestedSecurityToken.TOKEN)) {
log.debug("Recognized RequestedSecurityToken.");
NodeList ndList =
domEle.getElementsByTagNameNS(
SecurityContextToken.TOKEN.getNamespaceURI(),
SecurityContextToken.TOKEN.getLocalPart());
if (ndList.getLength() < 0) {
throw new AxisFault("Unspported yet ..");
}
sct = new SecurityContextToken((Element) ndList.item(0));
SOAPHeader soapHeader = sm.getSOAPHeader();
soapHeader.addChildElement(
"Security",
WSConstants.WSSE_PREFIX,
WSConstants.WSSE_NS);
Iterator it = soapHeader.getChildElements();
while (it.hasNext()) {
SOAPHeaderElement shSecElem;
if ((shSecElem = (SOAPHeaderElement) it.next())
.getLocalName()
.equals("Security")) {
MessageElement rstr =
new MessageElement(
RequestSecurityTokenResponse
.TOKEN
.getLocalPart(),
RequestSecurityTokenResponse
.TOKEN
.getPrefix(),
RequestSecurityTokenResponse
.TOKEN
.getNamespaceURI());
rstr.addChild(tmpEle);
shSecElem.addChildElement(rstr);
}
}
} else if (el.equals(RequestedProofToken.TOKEN)) {
SOAPPart sPart =
(org.apache.axis.SOAPPart) sm.getSOAPPart();
doc =
((org.apache.axis.message.SOAPEnvelope) sPart
.getEnvelope())
.getAsDocument();
//do decrytion - proof is encrypted with certificate of STS
proof = new RequestedProofToken(domEle);
proof.doDecryption(callbackHandler, serverCrypto);
byte[] bkArr = proof.getSharedSecret();
RequestedProofToken newProof = new RequestedProofToken(doc);
newProof.setSharedSecret(bkArr);
newProof.doEncryptProof(
doc,
serverCrypto,
this.serverAlias);
Element secHeader =
WSSecurityUtil.findWsseSecurityHeaderBlock(WSSConfig.getDefaultWSConfig(),
doc,
doc.getDocumentElement(),
true);
Element ele =
(Element) WSSecurityUtil.findElement(
secHeader,
RequestSecurityTokenResponse.TOKEN.getLocalPart(),
RequestSecurityTokenResponse
.TOKEN
.getNamespaceURI());
ele.appendChild(newProof.getElement());
ByteArrayOutputStream os = new ByteArrayOutputStream();
XMLUtils.outputDOM(doc, os, true);
String osStr = os.toString();
sPart.setCurrentMessage(osStr, SOAPPart.FORM_STRING);
}
} //for loop
this.initSessionInfo();
Integer keyFreq =
(Integer) this.configurator.get(ConvHandlerConstants.KEY_FREQ);
SecurityContextInfo sctInfo =
new SecurityContextInfo(sct, proof, keyFreq.intValue());
this.uuid = sct.getIdentifier();
dkcbHandler.addSecurtiyContext(uuid, sctInfo);
Boolean isFixedKey =
(Boolean) configurator.get(
ConvHandlerConstants.USE_FIXED_KEYLEN);
if (this.usedFixedKeys==true) {
Long keyLen =
(Long) this.configurator.get(
ConvHandlerConstants.KEY_LEGNTH);
dkcbHandler.setDerivedKeyLength(uuid, keyLen.longValue());
}
handShakeDone = true;
} catch (WSSecurityException e3) {
e3.printStackTrace();
throw new AxisFault(
"ConversationClientHandler ::" + e3.getMessage());
} catch (SOAPException e) {
e.printStackTrace();
throw new AxisFault(
"ConversationClientHandler ::" + e.getMessage());
} catch (Exception e3) {
e3.printStackTrace();
throw new AxisFault(
"ConversationClientHandler ::" + e3.getMessage());
}
} //end of doHandshake_STS_Generated
private void doHandlshake_Interop(Message sm) throws AxisFault{
InteropHandshaker interop = new InteropHandshaker();
interop.handshake(getOptions());
//System.out.println("Ok back");
this.dkcbHandler = interop.getDkcb();
this.uuid = interop.getUuid();
log.debug("Done handlshake .");
SOAPPart sPart = (org.apache.axis.SOAPPart) sm.getSOAPPart();
Document doc = null;
try {
doc =
((org.apache.axis.message.SOAPEnvelope) sPart
.getEnvelope())
.getAsDocument();
} catch (Exception e) {
throw new AxisFault("CoversationClientHandler :: Cannot get the document");
}
try {
// add the relavent SCT
Element securityHeader =
WSSecurityUtil.findWsseSecurityHeaderBlock(WSSConfig.getDefaultWSConfig(),
doc,
doc.getDocumentElement(),
true);
WSSecurityUtil.appendChildElement(
doc,
securityHeader,
(new SecurityContextToken(doc, uuid)).getElement());
ConversationManager manager = new ConversationManager();
for (int i = 0; i < this.actionsInt.length; i++) {
// Derrive the token
System.out.println("UUID is "+this.uuid);
DerivedKeyInfo dkInfo =
manager.createDerivedKeyToken(doc, this.uuid, dkcbHandler,null,keyLen);
String genID = dkInfo.getId();
SecurityTokenReference stRef =
dkInfo.getSecTokRef2DkToken();
if (actionsInt[i] == ConversationConstants.DK_ENCRYPT) {
manager.performDK_ENCR(
ConversationUtil.generateIdentifier(uuid, genID),
"",
true,
doc,
stRef,
dkcbHandler, null, (String)this.configurator.get(ConvHandlerConstants.DK_ENC_ALGO));
} else if(actionsInt[i]==ConversationConstants.DK_SIGN){
//TODO:
manager.performDK_Sign(doc, dkcbHandler, uuid, dkInfo, null);
}
manager.addDkToken(doc,dkInfo);
}
} catch (ConversationException e1) {
e1.printStackTrace();
throw new AxisFault(
"ConversationClientHandler ::" + e1.getMessage());
}
//set it as current message
ByteArrayOutputStream os = new ByteArrayOutputStream();
XMLUtils.outputDOM(doc, os, true);
String osStr = os.toString();
sPart.setCurrentMessage(osStr, SOAPPart.FORM_STRING);
}
/**
* Reads configeration parameters from the wsdd file.
* @throws AxisFault
*/
private void initSessionInfo() throws AxisFault {
/**
* Default values for a session. These will be overriden by WSDD file parameters.
*/
this.configurator = new HashMap();
String tmpStr;
if ((tmpStr = (String) getOption(ConvHandlerConstants.KEY_FREQ))
!= null) {
log.debug("Key Frequency is set ::" + tmpStr);
this.configurator.put(
ConvHandlerConstants.KEY_FREQ,
new Integer(tmpStr));
}
if ((tmpStr = (String) getOption(ConvHandlerConstants.DK_ACTION))
!= null) {
log.debug("Derived Key Action is read ::" + tmpStr);
String[] action = StringUtil.split(tmpStr, ' ');
actionsInt = new int[action.length];
for (int i = 0; i < action.length; i++) {
if ((action[i]).equalsIgnoreCase("Signature")) {
actionsInt[i] = ConversationConstants.DK_SIGN;
} else if ((action[i]).equalsIgnoreCase("Encrypt")) {
actionsInt[i] = ConversationConstants.DK_ENCRYPT;
}
}
}
if ((tmpStr =
(String) getOption(ConvHandlerConstants.KEY_LEGNTH))
!= null) {
log.debug("Key Frequency is set ::" + tmpStr);
this.keyLen=Integer.parseInt(tmpStr);
this.configurator.put(ConvHandlerConstants.KEY_LEGNTH, new Long(tmpStr));
}
if ((tmpStr =
(String) getOption(WSHandlerConstants.PW_CALLBACK_CLASS))
!= null) {
this.configurator.put(WSHandlerConstants.PW_CALLBACK_CLASS, tmpStr);
}else{
//throw new AxisFault("Set the pass word call back class.....");
}
if((tmpStr =(String) getOption(ConvHandlerConstants.DK_ENC_ALGO))!= null) {
this.configurator.put(ConvHandlerConstants.DK_ENC_ALGO, tmpStr);
}
}
/**
* Decodes the SCT establishment parameter set in the .wsdd
* @throws AxisFault
*/
private void decodeSCTEstabParameter() throws AxisFault {
String tmpStr =
(String) getOption(ConvHandlerConstants.SCT_ESTABLISH_MTD);
log.debug(
"ConversationClientHandler :: Decording SCT establishing parameter");
if (tmpStr.equals(null)) {
throw new AxisFault("SCT establishing method not specified.");
} else {
Integer i =
(Integer) ConvHandlerConstants.sctEstablishmentMapper.get(
tmpStr);
this.sctEstablishment = i.intValue();
}
}
private int decodeSTSRequesterTypeParamer() throws AxisFault{
String tmpStr =
(String) getOption(ConvHandlerConstants.STS_REQUSTOR_TYPE);
log.debug("ConversationClientHandler :: Decording STS requeter type parameter");
if (tmpStr.equals(null)) {
throw new AxisFault("STS requeter type not specified.");
} else {
Integer i =
(Integer) ConvHandlerConstants.requesterTypeMapper.get(
tmpStr);
return i.intValue();
}
}
/**
* Loads the crypto property files
* @throws AxisFault
*/
private void loadCrypto() throws AxisFault {
String tmpStr = null;
if ((tmpStr = (String) getOption(ConvHandlerConstants.SEVER_PROP_FILE))
== null) {
throw new AxisFault("Error! No server server properties file in wsdd");
}
log.debug("Server prop file is " + tmpStr);
this.serverCrypto = CryptoFactory.getInstance(tmpStr);
if ((tmpStr = (String) getOption(ConvHandlerConstants.SEVER_ALIAS))
== null) {
throw new AxisFault("Error! No server server properties file in wsdd");
}
this.serverAlias = tmpStr;
}
private void decodeDkAction() {
}
}
1.1 ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/SecurityContextTokenIssuer.java
Index: SecurityContextTokenIssuer.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.axis.security.conversation;
import org.apache.axis.message.addressing.EndpointReference;
import org.apache.ws.security.policy.message.token.AppliesTo;
import org.apache.ws.security.trust.issue.STIssuer;
import org.apache.ws.security.trust.message.token.LifeTime;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
* @author Ruchith Fernando
*/
public class SecurityContextTokenIssuer implements STIssuer {
/* (non-Javadoc)
* @see org.apache.ws.security.trust.issue.STIssuer#issue(org.w3c.dom.Document, org.w3c.dom.Document)
*/
public Document issue(Document req, Document res) throws Exception {
//Create an instance of the WSDoAllReceiver and get the request cleanedup :-)
//
Element elemAppliesTo = (Element)WSSecurityUtil.findElement(req,AppliesTo.TOKEN.getLocalPart(),AppliesTo.TOKEN.getNamespaceURI());
Element elemEpr = (Element)elemAppliesTo.getFirstChild();
EndpointReference epr = new EndpointReference(elemEpr);
//Create the Lifetime element for the response message
LifeTime lt = new LifeTime(res,12*60);
Element elemLifeTime = lt.getElement();
//Add the SecurityContextToken to the derivedKeyCallbackhandler
return null;
}
}
1.1 ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/SecurityContextTokenService.java
Index: SecurityContextTokenService.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.axis.security.conversation;
import javax.xml.soap.SOAPHeader;
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.SOAPPart;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.utils.ByteArrayOutputStream;
import org.apache.ws.axis.security.trust.service.SecurityTokenService;
import org.apache.ws.security.trust.STSManager;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
/**
* @author Ruchith Fernando
*/
public class SecurityContextTokenService extends SecurityTokenService {
public SecurityContextTokenService() {
this.loadProperties("SCTS.properties");
}
public void requestSecurityToken(org.apache.ws.axis.security.trust.service.RequestSecurityTokenType request) throws java.rmi.RemoteException{
try{
MessageContext msgCntxt = MessageContext.getCurrentContext();
msgCntxt.getRequestMessage();
SOAPHeader sHeader = null;
//get the request msg
Message smReq = msgCntxt.getRequestMessage();
//get the response msg
// Message smCurr = msgCntxt.getCurrentMessage();
Message smCurr = msgCntxt.getResponseMessage();//.getRequestMessage();
//get the request msg as a SOAP part
SOAPPart sPartReq = (org.apache.axis.SOAPPart) smReq.getSOAPPart();
//get the response msg as a SOAP part
SOAPPart sPartRes = (org.apache.axis.SOAPPart) smCurr.getSOAPPart();
Document docReq, docRes = null;
try {
//initialize xml security
org.apache.xml.security.Init.init();
docReq = ((SOAPEnvelope) sPartReq.getEnvelope()).getAsDocument();
docRes = ((SOAPEnvelope) sPartRes.getEnvelope()).getAsDocument();
STSManager stsMgr =
new STSManager(this.options);
docRes = stsMgr.handleRequest(docReq, docRes);
// log.debug("STSServerHandler: STSManager has done the job");
ByteArrayOutputStream os = new ByteArrayOutputStream();
XMLUtils.outputDOM(docRes, os, true);
//modify the current message
sPartRes.setCurrentMessage(os.toByteArray(), SOAPPart.FORM_BYTES);
//set current message to the context
//msgCntxt.setCurrentMessage(sPartRes.getMessage());
//msgCntxt.setPastPivot(true);
//msgCntxt.setPastPivot(true);
msgCntxt.setCurrentMessage(sPartRes.getMessage());
// msgCntxt.setResponseMessage(sPartRes.getMessage());
} catch (Exception ex) {
throw new AxisFault("STSServerHandler-dorequest:Response failed due to a problem in issuence process",
ex);
}
} catch (Exception e) {
System.out.println("Exception is "+e.getMessage());
throw new AxisFault();
}
}
}
1.2 +2 -2 ws-fx/wss4j/src/org/apache/ws/axis/security/trust/secconv/interop/UNT2SAMLIssuer.java
Index: UNT2SAMLIssuer.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/trust/secconv/interop/UNT2SAMLIssuer.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- UNT2SAMLIssuer.java 16 Oct 2004 08:07:10 -0000 1.1
+++ UNT2SAMLIssuer.java 12 Apr 2005 12:39:08 -0000 1.2
@@ -105,7 +105,7 @@
BinarySecret binSecretReq = new BinarySecret(elemBinSecret);
String nonceReq = binSecretReq.getBinarySecretValue();
- //Responce entropy
+ //Response entropy
Entropy entropyRes = new Entropy(res);
BinarySecret binSecretRes = new BinarySecret(res);
String nonceRes = ConversationUtil.generateNonce(128);
@@ -120,7 +120,7 @@
//Crete the response
- RequestSecurityTokenResponse requestSecurityTokenResponse = new RequestSecurityTokenResponse(res);
+ RequestSecurityTokenResponse requestSecurityTokenResponse = new RequestSecurityTokenResponse(res);
RequestedSecurityToken requestedSecurityToken = new RequestedSecurityToken(res);
1.2 +8 -1 ws-fx/wss4j/src/org/apache/ws/axis/security/trust/service/RequestSecurityTokenType.java
Index: RequestSecurityTokenType.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/trust/service/RequestSecurityTokenType.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RequestSecurityTokenType.java 16 Oct 2004 08:07:11 -0000 1.1
+++ RequestSecurityTokenType.java 12 Apr 2005 12:39:08 -0000 1.2
@@ -19,6 +19,13 @@
public RequestSecurityTokenType() {
}
+ public RequestSecurityTokenType(
+ org.apache.axis.message.MessageElement [] _any,
+ org.apache.axis.types.URI context) {
+ this._any = _any;
+ this.context = context;
+ }
+
/**
* Gets the _any value for this RequestSecurityTokenType.
@@ -111,7 +118,7 @@
new org.apache.axis.description.TypeDesc(RequestSecurityTokenType.class, true);
static {
- typeDesc.setXmlType(new javax.xml.namespace.QName("http://schemas.xmlsoap.org/ws/2004/04/trust", "RequestSecurityTokenType"));
+ typeDesc.setXmlType(new javax.xml.namespace.QName("http://schemas.xmlsoap.org/ws/2005/02/trust", "RequestSecurityTokenType"));
org.apache.axis.description.AttributeDesc attrField = new org.apache.axis.description.AttributeDesc();
attrField.setFieldName("context");
attrField.setXmlName(new javax.xml.namespace.QName("", "Context"));
1.3 +2 -2 ws-fx/wss4j/src/org/apache/ws/axis/security/trust/service/SecurityTokenService.java
Index: SecurityTokenService.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/trust/service/SecurityTokenService.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SecurityTokenService.java 16 Oct 2004 15:01:27 -0000 1.2
+++ SecurityTokenService.java 12 Apr 2005 12:39:08 -0000 1.3
@@ -32,7 +32,7 @@
*/
public class SecurityTokenService {
- private Hashtable options;
+ protected Hashtable options;
public SecurityTokenService() {
this.loadProperties("STS.properties");
@@ -89,7 +89,7 @@
}
}
- private void loadProperties(String propFilename) {
+ protected void loadProperties(String propFilename) {
Properties properties = new Properties();
try {
URL url = Loader.getResource(propFilename);
1.6 +16 -16 ws-fx/wss4j/src/org/apache/ws/security/trust/TrustConstants.java
Index: TrustConstants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/trust/TrustConstants.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- TrustConstants.java 16 Oct 2004 08:05:12 -0000 1.5
+++ TrustConstants.java 12 Apr 2005 12:39:08 -0000 1.6
@@ -54,24 +54,24 @@
public static final String SECURITY_CONTEXT_TOKEN_LN = "SecurityContextToken";
// The request type is specified using following URIs as specified in the WS-Trust specification
- public static final String ISSUE_SECURITY_TOKEN = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue";//RequestTypeEnum._value1.toString();//"http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue";
- public static final String RENEW_SECURITY_TOKEN = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/Renew";
- public static final String VALIDATE_SECURITY_TOKEN = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/Validate";
-
- public static final String ISSUE_SECURITY_TOKEN_RSTR = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue";
- public static final String RENEW_SECURITY_TOKEN_RSTR = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Renew";
- public static final String VALIDATE_SECURITY_TOKEN_RSTR = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Validate";
-
- public static final String ISSUE_SECURITY_TOKEN_RST = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue";
- public static final String RENEW_SECURITY_TOKEN_RST = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Renew";
- public static final String VALIDATE_SECURITY_TOKEN_RST = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Validate";
+ public static final String ISSUE_SECURITY_TOKEN = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/Issue";//RequestTypeEnum._value1.toString();//"http://schemas.xmlsoap.org/ws/2005/02/security/trust/Issue";
+ public static final String RENEW_SECURITY_TOKEN = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/Renew";
+ public static final String VALIDATE_SECURITY_TOKEN = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/Validate";
+
+ public static final String ISSUE_SECURITY_TOKEN_RSTR = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/RSTR/Issue";
+ public static final String RENEW_SECURITY_TOKEN_RSTR = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/RSTR/Renew";
+ public static final String VALIDATE_SECURITY_TOKEN_RSTR = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/RSTR/Validate";
+
+ public static final String ISSUE_SECURITY_TOKEN_RST = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/RST/Issue";
+ public static final String RENEW_SECURITY_TOKEN_RST = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/RST/Renew";
+ public static final String VALIDATE_SECURITY_TOKEN_RST = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/RST/Validate";
-// public static final URI ISSUE_SECURITY_TOKEN_URI = new URI("http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue");
-// public static final URI RENEW_SECURITY_TOKEN_URI = new URI("http://schemas.xmlsoap.org/ws/2004/04/security/trust/Renew");
-// public static final URI VALIDATE_SECURITY_TOKEN_URI = new URI("http://schemas.xmlsoap.org/ws/2004/04/security/trust/Validate");
- public static final String WST_NS = "http://schemas.xmlsoap.org/ws/2004/04/trust";
- public static final String WSP_NS = "http://schemas.xmlsoap.org/ws/2002/12/policy";
+// public static final URI ISSUE_SECURITY_TOKEN_URI = new URI("http://schemas.xmlsoap.org/ws/2005/02/security/trust/Issue");
+// public static final URI RENEW_SECURITY_TOKEN_URI = new URI("http://schemas.xmlsoap.org/ws/2005/02/security/trust/Renew");
+// public static final URI VALIDATE_SECURITY_TOKEN_URI = new URI("http://schemas.xmlsoap.org/ws/2005/02/security/trust/Validate");
+ public static final String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+ public static final String WSP_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
public static final String WST_PREFIX = "wst";
public static final String WSP_PREFIX = "wsp";
1.1 ws-fx/wss4j/src/org/apache/ws/security/trust/STSManager2.java
Index: STSManager2.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.security.trust;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.trust.issue.STIssuer;
import org.apache.ws.security.trust.message.Info.RequestInfo;
import org.apache.ws.security.trust.renew.STRenewer;
import org.apache.ws.security.trust.validate.STValidator;
import org.w3c.dom.Document;
import java.util.Hashtable;
/**
* @author Malinda Kaushalye
* <p/>
* <p/>
* The main objective of <code>STSManager</code> is to work as a
* decision making component in the server side.
* It decides to whom this request must be handed over,
* and to carry out the task it uses one <code>RequestResolver</code>
* and one <code>RequestInfo</code> object. This analogous to the real
* world the Manager, Clerk and the Report scenario,
* where (STS)Manager orders clerk(<code>RequestResolver</code> )
* to resolve a certain request and handover a
* report (<code>RequestInfo</code> ) about the request.
* Depending on the RequestInfo <code>STSManager</code>
* decides the worker class. The worker class can be
* an Issuer, Validator or a Renewer. Each STS must
* define its Issuer, Validator and Renewer class names
* in the server-config.wsdd file. <code>STSServerHandler</code> will
* read it and give to the <code>STSManager</code> as a hash table.
* <code>STSManager</code> will load the appropriate worker class and give the
* response and request documents for further processing.
*/
public class STSManager2 {
static Log log = LogFactory.getLog(STSManager2.class.getName());
//Following worker classes are defined in the server-config.wsdd
String issuerClassName = null;
String renewerClassName = null;
String validatorClassName = null;
//To keep the class name of the worker (issuer, renewer or validater)
String requestType = "";
String tokenType = "";
Hashtable hashOps;
/**
* @param hashOps set of parameters coming from STSServerHandler.
*/
public STSManager2(Hashtable hashOps) {
this.hashOps = hashOps;
}
/**
* Handle the request and build the Response Envelope
* <p/>
* <p/>
* <p/>
* Handle the request and build the Response Envelope
*
* @param req request message envelop as a DOM Document
* @param res response message envelop as a DOM Document
* @return modified response message envelop as a DOM Document
* Note :
* (may not need to use since response message envelop is passed as a reference)
*/
public Document handleRequest(Document req, Document res, Hashtable options)
throws WSTrustException {
RequestResolver requestResolver = new RequestResolver(req);
try {
log.debug("STS Manager resolving the request");
RequestInfo requestInfo = requestResolver.resolve();
this.requestType = requestInfo.getRequestType();
//this.tokenType = requestInfo.getTokenType();//we may need to have <wsp:Applies> to override the <wst:TokenType>
log.debug("STS Manager resolving completed");
} catch (WSSecurityException wsEx) {
//wsEx.printStackTrace();
throw new WSTrustException("STSManager: cannot resolve the request: ",
wsEx);
}
/********************************************************************
* Issue
*/
if (this.requestType.equals(TrustConstants.ISSUE_SECURITY_TOKEN)) {
//issue
//get the woker class name
this.issuerClassName = (String) hashOps.get(TrustConstants.ISSUER_CLASS);
log.debug("Issuer class" + this.issuerClassName);
//Create the instance of the issue/renew/validate class
Class wClass = null;
try {
wClass = java.lang.Class.forName(issuerClassName);
} catch (ClassNotFoundException e) {
throw new WSTrustException("STSManager: cannot load security token class: ",
e);
}
STIssuer stissuer = null;
try {
//Create a new instance of the STIssuer
stissuer = (STIssuer) wClass.newInstance();
} catch (java.lang.Exception e) {
throw new WSTrustException("STSManager: cannot create instance of security token issuer: "
+ stissuer,
e);
}
try {
res = stissuer.issue(req, res);
} catch (java.lang.Exception e) {
System.out.println(e.getMessage());
throw new WSTrustException("STSManager: could not issue a token " + stissuer,
e);
}
/********************************************************************
* Renew
*/
} else if (this.requestType.equals(TrustConstants.RENEW_SECURITY_TOKEN)) { //renew
// get the woker class name
this.renewerClassName = (String) hashOps.get(TrustConstants.RENEWER_CLASS);
log.debug("renewer class" + this.renewerClassName);
//Create the instance of the issue/renew/validate class
Class wClass = null;
try {
wClass = java.lang.Class.forName(renewerClassName);
} catch (ClassNotFoundException e) {
throw new WSTrustException("STSManager: cannot load security token class: ",
e);
}
STRenewer stRenewer = null;
try {
//Create a new instance of the STIssuer
stRenewer = (STRenewer) wClass.newInstance();
} catch (java.lang.Exception e) {
throw new WSTrustException("STSManager: cannot create instance of security token renewer: "
+ stRenewer,
e);
}
try {
res = stRenewer.renew(req, res);
} catch (java.lang.Exception e) {
throw new WSTrustException("STSManager: could not renew the token " + stRenewer,
e);
}
/********************************************************************
* validate
*/
} else if (
this.requestType.equals(TrustConstants.VALIDATE_SECURITY_TOKEN)) { //validate
// get the woker class name
this.validatorClassName = (String) hashOps.get(TrustConstants.VALIDATOR_CLASS);
log.debug("validatorClassName " + this.validatorClassName);
//Create the instance of the issue/renew/validate class
Class wClass = null;
try {
wClass = java.lang.Class.forName(validatorClassName);
} catch (ClassNotFoundException e) {
throw new WSTrustException("STSManager: cannot load security token class: ",
e);
}
STValidator stValidator = null;
try {
//Create a new instance of the STIssuer
stValidator = (STValidator) wClass.newInstance();
} catch (java.lang.Exception e) {
throw new WSTrustException("STSManager: cannot create instance of security token validator: "
+ stValidator,
e);
}
try {
res = stValidator.validate(req, res);
} catch (java.lang.Exception e) {
throw new WSTrustException("STSManager: could not validate the token " + stValidator,
e);
}
} else {
throw new WSTrustException("STSManager: Cannot Identify the Request Type ");
}
return res;
}
}
1.2 +2 -1 ws-fx/wss4j/src/org/apache/ws/security/trust/message/token/ComputedKey.java
Index: ComputedKey.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/trust/message/token/ComputedKey.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ComputedKey.java 16 Oct 2004 06:16:07 -0000 1.1
+++ ComputedKey.java 12 Apr 2005 12:39:08 -0000 1.2
@@ -23,7 +23,8 @@
*/
public class ComputedKey {
- public static final String PSHA1 = "http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1";
+ public static final String PSHA1 = "http://schemas.xmlsoap.org/ws/2005/02/security/trust/CK/PSHA1";
+
public static final QName TOKEN = new QName(TrustConstants.WST_NS, "ComputedKey");
1.1 ws-fx/wss4j/src/org/apache/ws/security/trust/message/token/KeySize.java
Index: KeySize.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.security.trust.message.token;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.trust.TrustConstants;
import org.apache.ws.security.trust.WSTrustException;
import org.apache.xml.utils.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
/**
* @author Ruchith Fernando
*/
public class KeySize {
public static final String KEY_SIZE = "KeySize";
public static final QName TOKEN = new QName(TrustConstants.WST_NS,KEY_SIZE);
protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
protected Element element = null;
public KeySize(Element elem) throws WSTrustException {
this.element = elem;
QName el = new QName(this.element.getNamespaceURI(),
this.element.getLocalName());
if (!el.equals(TOKEN)) {
throw new WSTrustException("Elemtn is not a 'KeySize' element");
}
}
public KeySize(Document doc) {
this.element =
doc.createElementNS(TrustConstants.WST_NS,
TrustConstants.WST_PREFIX+":"+KEY_SIZE);
}
public void setKeySize(int keySize) {
this.element.appendChild(this.element.getOwnerDocument().createTextNode(Integer.toString(keySize)));
}
/**
* Returns the key size if set otherwise returns -1
* @return Returns the key size if set otherwise returns -1
* @throws WSTrustException
*/
public int getKeySize() throws WSTrustException {
Node node = this.element.getFirstChild();
if(node != null && node.getNodeType() == Node.TEXT_NODE) {
try {
return Integer.parseInt(node.getNodeValue());
} catch (NumberFormatException nfe) {
throw new WSTrustException("Invalid Key Size : " + nfe.getMessage());
}
} else {
return -1;
}
}
/**
* @return Returns the element.
*/
public Element getElement() {
return element;
}
/**
* @param element The element to set.
*/
public void setElement(Element element) {
this.element = element;
}
}