You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/07/23 12:52:17 UTC
svn commit: r424706 - in /webservices/axis2/trunk/java/modules:
integration/test/org/apache/rahas/ rahas/src/org/apache/rahas/
rahas/src/org/apache/rahas/impl/
security/src/org/apache/rampart/conversation/
Author: ruchithf
Date: Sun Jul 23 03:52:16 2006
New Revision: 424706
URL: http://svn.apache.org/viewvc?rev=424706&view=rev
Log:
- Added the AppliesTo element to refer to the service the client is trying to talk to when requesting for a SAMLToken
- Added the KeySize and KeyType elements to the requests of the two Rahas tests and no the SAMLTokenIssuer issues SAMLTokens based on the key type.
Modified:
webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java
webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java
Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java?rev=424706&r1=424705&r2=424706&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java Sun Jul 23 03:52:16 2006
@@ -84,8 +84,13 @@
rstElem.build();
- OMElement appliesToElem = TrustUtil.createAppliesToElement(rstElem);
- appliesToElem.setText("http://localhost:5555/axis2/services/SecureService");
+ //KeySize
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ //KeyType
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService");
rstElem = (OMElement)rstElem.detach();
return rstElem;
Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java?rev=424706&r1=424705&r2=424706&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java Sun Jul 23 03:52:16 2006
@@ -36,9 +36,6 @@
super(name);
}
- /* (non-Javadoc)
- * @see org.apache.rahas.TestClient#getRequest()
- */
public OMElement getRequest() {
try {
OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
@@ -47,8 +44,11 @@
reqTypeElem.setText(RahasConstants.V_05_12.REQ_TYPE_ISSUE);
tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
- OMElement appliesToElem = TrustUtil.createAppliesToElement(rstElem);
- appliesToElem.setText("http://localhost:5555/axis2/services/SecureService");
+ TrustUtil.createAppliesToElement(rstElem,
+ "http://localhost:5555/axis2/services/SecureService");
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
return rstElem;
@@ -76,9 +76,6 @@
return ifc;
}
- /* (non-Javadoc)
- * @see org.apache.rahas.TestClient#getServiceRepo()
- */
public String getServiceRepo() {
return "rahas_service_repo_1";
}
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java?rev=424706&r1=424705&r2=424706&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java Sun Jul 23 03:52:16 2006
@@ -35,6 +35,12 @@
public final static String WSP_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
public final static String WSP_PREFIX = "wsp";
+
+ public final static String WSA_NS = "http://schemas.xmlsoap.org/ws/2004/08/addressing";
+ public final static String WSA_PREFIX = "wsa";
+
+ public final static String ENDPOINT_REFERENCE = "EndpointReference";
+ public final static String ADDRESS = "Address";
//Local names
public final static String REQUEST_TYPE_LN = "RequestType";
@@ -54,6 +60,12 @@
public final static String LIFETIME_LN = "Lifetime";
+ //Key types
+ public final static String KEY_TYPE_SYMM_KEY = "/SymmetricKey";
+ public final static String KEY_TYPE_PUBLIC_KEY = "/PublicKey";
+ public final static String KEY_TYPE_BEARER = "/Bearer";
+
+
public class V_05_02 {
//RequestTypes
public final static String REQ_TYPE_ISSUE = WST_NS_05_02 + "/Issue";
@@ -80,10 +92,6 @@
//Token types
public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
- //Key types
- public final static String KEY_TYPE_SYMM_KEY = WST_NS_05_02 + "/SymmetricKey";
- public final static String KEY_TYPE_PUBLIC_KEY = WST_NS_05_02 + "/PublicKey";
- public final static String KEY_TYPE_BEARER = WST_NS_05_02 + "/Bearer";
}
public class V_05_12 {
@@ -112,10 +120,6 @@
//Token types
public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/12/sc/sct";
- //Key types
- public final static String KEY_TYPE_SYMM_KEY = WST_NS_05_12 + "/SymmetricKey";
- public final static String KEY_TYPE_PUBLIC_KEY = WST_NS_05_12 + "/PublicKey";
- public final static String KEY_TYPE_BEARER = WST_NS_05_12 + "/Bearer";
}
//Token types
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java?rev=424706&r1=424705&r2=424706&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java Sun Jul 23 03:52:16 2006
@@ -161,19 +161,24 @@
}
public static OMElement createKeySizeElement(
- int version, OMElement parent) throws TrustException {
+ int version, OMElement parent, int size) throws TrustException {
String ns = getWSTNamespace(version);
- return createOMElement(parent, ns,
+ OMElement ksElem = createOMElement(parent, ns,
RahasConstants.KEY_SIZE_LN,
RahasConstants.WST_PREFIX);
+ ksElem.setText(Integer.toString(size));
+ return ksElem;
}
public static OMElement createKeyTypeElement(
- int version, OMElement parent) throws TrustException {
+ int version, OMElement parent, String type) throws TrustException {
String ns = getWSTNamespace(version);
- return createOMElement(parent, ns,
+ OMElement ktelem = createOMElement(parent, ns,
RahasConstants.KEY_TYPE_LN,
RahasConstants.WST_PREFIX);
+
+ ktelem.setText(ns + type);
+ return ktelem;
}
public static OMElement createLifetimeElement(
@@ -199,10 +204,16 @@
return ltElem;
}
- public static OMElement createAppliesToElement(OMElement parent) {
- return createOMElement(parent, RahasConstants.WSP_NS,
+ public static OMElement createAppliesToElement(OMElement parent, String address) {
+ OMElement appliesToElem = createOMElement(parent, RahasConstants.WSP_NS,
RahasConstants.APPLIES_TO_LN,
RahasConstants.WSP_PREFIX);
+
+ OMElement eprElem = createOMElement(appliesToElem, RahasConstants.WSA_NS, RahasConstants.ENDPOINT_REFERENCE, RahasConstants.WSA_PREFIX);
+ OMElement addressElem = createOMElement(eprElem, RahasConstants.WSA_NS, RahasConstants.ADDRESS, RahasConstants.WSA_PREFIX);
+ addressElem.setText(address);
+
+ return appliesToElem;
}
/**
@@ -260,7 +271,7 @@
try {
return Integer.parseInt(text.trim());
} catch (NumberFormatException e) {
- throw new TrustException(TrustException.BAD_REQUEST, e);
+ throw new TrustException(TrustException.INVALID_REQUEST, new String[] { "invalid wst:Keysize value" }, e);
}
}
}
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties?rev=424706&r1=424705&r2=424706&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties Sun Jul 23 03:52:16 2006
@@ -32,6 +32,7 @@
invlidTTL = timeToLive (in milliseconds) must be a positive long value.
invalidKeysize = Invalid key size
unsupportedWSTVersion = Unsupported WS-Trust version
+unsupportedKeyType = Upsupported KeyType
#SCTIssuer specific error messages
sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
@@ -43,5 +44,5 @@
samlConverstionError = Error in converting a SAML token to DOOM
samlAssertionCreationError = Error in creating a SAMLToken using opensaml library
aliasMissingForService = Certificate alias missing for service : \"{0}\"
-samlInvalidAppliesToValue = Invalid wst:AppliesTo value, right now Rahas SAML token issuer expects the service epr address to be the value
+samlInvalidAppliesToElem = Invalid wst:AppliesTo element, Rahas SAML token issuer expects the service epr to be the child
samlIssuerNameMissing = issuerName value missing in the SAMLTokenIssuer configuration
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java?rev=424706&r1=424705&r2=424706&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java Sun Jul 23 03:52:16 2006
@@ -182,10 +182,24 @@
*/
String keyType = TrustUtil.findKeyType(request);
- ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+ String appliesToAddress = this.getServiceAddress(request);
+ SAMLAssertion assertion = null;
+
+ if(keyType == null) {
+ throw new TrustException(TrustException.INVALID_REQUEST, new String[]{"Requested KeyType is missing"});
+ }
+
+ if(keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY) ||
+ keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ assertion = createHoKAssertion(config, request, doc, crypto,
+ creationTime, expirationTime, keyType, secret);
+ } else if(keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
+ //TODO Create bearer token
+ } else {
+ throw new TrustException("unsupportedKeyType");
+ }
- SAMLAssertion assertion = createHoKAssertion(config, request, doc, crypto, creationTime, expirationTime, keyType, secret);
OMElement rstrElem = null;
int version = TrustUtil.getWSTVersion(request.getNamespace().getName());
@@ -205,8 +219,8 @@
TrustUtil.createtTokenTypeElement(version, rstrElem).setText(
RahasConstants.TOK_TYPE_SAML_10);
- TrustUtil.createKeySizeElement(version, rstrElem).setText(
- Integer.toString(getKeySize(request, config, version)));
+
+ TrustUtil.createKeySizeElement(version, rstrElem, keySize);
if (config.addRequestedAttachedRef) {
TrustUtil.createRequestedAttachedRef(version, rstrElem, "#"
@@ -218,6 +232,10 @@
.getId(), RahasConstants.TOK_TYPE_SAML_10);
}
+ if(appliesToAddress != null) {
+ TrustUtil.createAppliesToElement(rstrElem, appliesToAddress);
+ }
+
// Use GMT time in milliseconds
DateFormat zulu = new XmlSchemaDateFormat();
@@ -257,29 +275,6 @@
return env;
}
- /**
- * Get the keysize of the encrypted key
- * If the request contains a <code>wst:KeySize</code> element and if it is a
- * a valid value then return that value. If not, then use the value
- * available in the config.
- * @return
- */
- private int getKeySize(OMElement request, SAMLTokenIssuerConfig config, int version)
- throws TrustException {
- OMElement keySizeElem = request.getFirstChildWithName(
- new QName(TrustUtil.getWSTNamespace(version), RahasConstants.KEY_SIZE_LN));
- if (keySizeElem != null) {
- // Try to get the wst:KeySize value
- try {
- return Integer.parseInt(keySizeElem.getText().trim());
- } catch (NumberFormatException e) {
- throw new TrustException(TrustException.INVALID_REQUEST,
- new String[] { "invalid wst:Keysize value" });
- }
- } else {
- return config.keySize;
- }
- }
/**
* Uses the <code>wst:AppliesTo</code> to figure out the certificate to
@@ -293,19 +288,12 @@
private X509Certificate getServiceCert(OMElement request,
SAMLTokenIssuerConfig config, Crypto crypto)
throws WSSecurityException, TrustException {
+
+ String address = this.getServiceAddress(request);
- OMElement appliesToElem = request.getFirstChildWithName(
- new QName(RahasConstants.WSP_NS, RahasConstants.APPLIES_TO_LN));
- if(appliesToElem != null) {
- //Right now we only expect the service epr address to be here
- String address = appliesToElem.getText().trim();
- if(address != null && !"".equals(address)) {
- //figure out the alias from the config
- String alias = (String)config.trustedServices.get(address);;
- return (X509Certificate)crypto.getCertificates(alias)[0];
- } else {
- throw new TrustException("samlInvalidAppliesToValue");
- }
+ if(address != null && !"".equals(address)) {
+ String alias = (String)config.trustedServices.get(address);;
+ return (X509Certificate)crypto.getCertificates(alias)[0];
} else {
//Return the STS cert
return (X509Certificate)crypto.getCertificates(config.issuerKeyAlias)[0];
@@ -313,6 +301,29 @@
}
+
+ private String getServiceAddress(OMElement request) throws TrustException {
+ OMElement appliesToElem = request.getFirstChildWithName(
+ new QName(RahasConstants.WSP_NS, RahasConstants.APPLIES_TO_LN));
+ if(appliesToElem != null) {
+ OMElement eprElem = appliesToElem.getFirstChildWithName(new QName(
+ RahasConstants.WSA_NS, RahasConstants.ENDPOINT_REFERENCE));
+ if (eprElem != null) {
+ OMElement addrElem = eprElem.getFirstChildWithName(new QName(
+ RahasConstants.WSA_NS, RahasConstants.ADDRESS));
+ if (addrElem != null && addrElem.getText() != null && !"".equals(addrElem.getText().trim())) {
+ return addrElem.getText().trim();
+ } else {
+ throw new TrustException("samlInvalidAppliesToElem");
+ }
+ } else {
+ throw new TrustException("samlInvalidAppliesToElem");
+ }
+ }
+ //If the AppliesTo element is missing
+ return null;
+ }
+
private SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig config,
OMElement request, Document doc, Crypto crypto, Date creationTime,
Date expirationTime, String keyType, byte[] secret)
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java?rev=424706&r1=424705&r2=424706&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java Sun Jul 23 03:52:16 2006
@@ -111,7 +111,7 @@
}
elem.setText(Base64.encode(nonce));
- TrustUtil.createKeySizeElement(config.getWstVersion(), rstElem).setText(Integer.toString(nonceLength * 8));
+ TrustUtil.createKeySizeElement(config.getWstVersion(), rstElem, nonceLength * 8);
}
String str = rstElem.toString();
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org