You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/04/18 13:06:29 UTC
svn commit: r394909 - in /webservices/axis2/trunk/java/modules:
integration/test-resources/security/rahas/
integration/test/org/apache/axis2/security/rahas/
security/src/org/apache/axis2/security/rahas/
Author: ruchithf
Date: Tue Apr 18 04:06:24 2006
New Revision: 394909
URL: http://svn.apache.org/viewcvs?rev=394909&view=rev
Log:
- One more WS-Sec Conv scenario working - Now rahas module will automatically create the security context if an STS is not specified and will propagate SCT to the other party in a RSTR sent in the soap:Header.
- Added a test case to do the above
- Modified the sec.jks to include the STS's cert as a trusted certificate
Added:
webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java
Modified:
webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/sec.jks
webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java
webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties
Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/sec.jks
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/sec.jks?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
Binary files - no diff available.
Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java Tue Apr 18 04:06:24 2006
@@ -160,6 +160,10 @@
pc.setPassword("noR");
+ } else if(pc.getIdentifer().equals("sts")) {
+
+ pc.setPassword("password");
+
} else {
pc.setPassword("sirhC");
Added: webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java?rev=394909&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java (added)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java Tue Apr 18 04:06:24 2006
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.rahas;
+
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.security.handler.config.InflowConfiguration;
+import org.apache.axis2.security.handler.config.OutflowConfiguration;
+
+public class RahasScenario3Test extends TestClient {
+
+ public RahasScenario3Test(String name) {
+ super(name);
+ }
+
+ public Parameter getClientRahasConfiguration() {
+ RahasConfiguration config = new RahasConfiguration();
+
+ config.setCryptoPropertiesFile("sec.properties");
+ config.setScope(RahasConfiguration.SCOPE_SERVICE);
+ config.setPasswordCallbackClass(PWCallback.class.getName());
+ config.setEncryptionUser("sts");
+
+ return config.getParameter();
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ return null;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ return null;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+}
Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java Tue Apr 18 04:06:24 2006
@@ -80,8 +80,15 @@
options.setTo(new EndpointReference("http://127.0.0.1:" + port + "/axis2/services/Service"));
options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
- options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, getClientOutflowConfiguration().getProperty());
- options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, getClientInflowConfiguration().getProperty());
+
+ OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
+ if(clientOutflowConfiguration != null) {
+ options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, clientOutflowConfiguration.getProperty());
+ }
+ InflowConfiguration clientInflowConfiguration = getClientInflowConfiguration();
+ if(clientInflowConfiguration != null) {
+ options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, clientInflowConfiguration.getProperty());
+ }
options.setProperty(RahasConfiguration.RAHAS_CONFIG, getClientRahasConfiguration());
options.setAction("urn:echo");
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java Tue Apr 18 04:06:24 2006
@@ -63,6 +63,8 @@
public final static QName CRYPTO_PROPERTIES_FILE = new QName(
"cryptoProperties");
+ public final static QName ENCRYPTION_USER = new QName("encryptionUser");
+
public final static QName PW_CALLBACK_CLASS = new QName(
WSHandlerConstants.PW_CALLBACK_CLASS);
@@ -150,30 +152,33 @@
&& elem.getFirstElement().getLocalName().equals(
RAHAS_CONFIG)) {
- OMElement conFileElem = elem.getFirstElement();
+ OMElement confElem = elem.getFirstElement();
RahasConfiguration config = new RahasConfiguration();
config.msgCtx = msgCtx;
msgCtx.setProperty(RAHAS_CONFIG, config);
- config.scope = getStringValue(conFileElem.getFirstChildWithName(SCOPE));
+ config.scope = getStringValue(confElem.getFirstChildWithName(SCOPE));
- config.stsEPRAddress = getStringValue(conFileElem
+ config.stsEPRAddress = getStringValue(confElem
.getFirstChildWithName(STS_EPR_ADDRESS));
- config.keyDerivationAlgorithmClass = getStringValue(conFileElem
+ config.keyDerivationAlgorithmClass = getStringValue(confElem
.getFirstChildWithName(KEY_DERIVATION_ALGORITHM_CLASS));
- config.tokenStoreClass = getStringValue(conFileElem
+ config.tokenStoreClass = getStringValue(confElem
.getFirstChildWithName(TOKEN_STORE_CLASS));
- config.cryptoPropertiesFile = getStringValue(conFileElem
+ config.cryptoPropertiesFile = getStringValue(confElem
.getFirstChildWithName(CRYPTO_PROPERTIES_FILE));
- config.passwordCallbackClass = getStringValue(conFileElem
+ config.passwordCallbackClass = getStringValue(confElem
.getFirstChildWithName(PW_CALLBACK_CLASS));
+ config.encryptionUser = getStringValue(confElem
+ .getFirstChildWithName(ENCRYPTION_USER));
+
//Get the action<->ctx-identifier map
config.contextMap = (Hashtable) msgCtx
.getProperty(RahasHandlerConstants.CONTEXT_MAP_KEY);
@@ -305,7 +310,11 @@
tempElem.setText(this.cryptoPropertiesFile);
elem.addChild(tempElem);
}
-
+ if(this.encryptionUser != null) {
+ OMElement tempElem = factory.createOMElement(ENCRYPTION_USER, elem);
+ tempElem.setText(this.encryptionUser);
+ elem.addChild(tempElem);
+ }
return elem;
}
@@ -611,14 +620,14 @@
/**
* @return Returns the encryptionUser.
*/
- protected String getEncryptionUser() {
+ public String getEncryptionUser() {
return encryptionUser;
}
/**
* @param encryptionUser The encryptionUser to set.
*/
- protected void setEncryptionUser(String encryptionUser) {
+ public void setEncryptionUser(String encryptionUser) {
this.encryptionUser = encryptionUser;
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java Tue Apr 18 04:06:24 2006
@@ -16,7 +16,10 @@
package org.apache.axis2.security.rahas;
+import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.HandlerDescription;
@@ -51,10 +54,23 @@
secReceiver.invoke(msgContext);
return;
}
-
+
// Parse the configuration
RahasConfiguration config = RahasConfiguration.load(msgContext,
false);
+
+
+ //check if there's an RSTR in the msg and process it if exists
+ SOAPEnvelope env = (SOAPEnvelope) config.getDocument().getDocumentElement();
+ SOAPHeader header = env.getHeader();
+ if (header != null
+ && header.getFirstChildWithName(new QName(Constants.WST_NS,
+ Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN)) != null) {
+ OMElement elem = header.getFirstChildWithName(new QName(Constants.WST_NS,
+ Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN));
+ Util.processRSTR(elem, config);
+ }
+
WSSecurityEngine secEngine = new WSSecurityEngine();
secEngine.processSecurityHeader(config.getDocument(), null,
new RahasCallbackHandler(config), config
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java Tue Apr 18 04:06:24 2006
@@ -30,23 +30,13 @@
import org.apache.axis2.description.Parameter;
import org.apache.axis2.security.handler.WSSHandlerConstants;
import org.apache.axis2.security.trust.Constants;
-import org.apache.axis2.security.trust.Token;
-import org.apache.axis2.security.trust.TrustException;
import org.apache.axis2.security.trust.types.RequestSecurityTokenType;
import org.apache.axis2.security.util.Axis2Util;
-import org.apache.axis2.util.Base64;
-import org.apache.axis2.util.Loader;
import org.apache.axis2.util.StreamWrapper;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.message.token.SecurityContextToken;
-import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.w3c.dom.Element;
-import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
-import java.util.Vector;
-
public class STSRequester {
public static void issueRequest(RahasConfiguration config) throws RahasException, AxisFault {
@@ -98,7 +88,7 @@
Axis2Util.useDOOM(true);
OMElement tempelem = Axis2Util.toDOOM(DOOMAbstractFactory.getOMFactory(), tempResult);
OMElement elem = (OMElement)config.getDocument().importNode((Element)tempelem, true);
- processRSTR(elem, config);
+ Util.processRSTR(elem, config);
} catch (Exception e) {
e.printStackTrace();
@@ -106,91 +96,4 @@
}
}
- private static void processRSTR(OMElement rstr, RahasConfiguration config)
- throws Exception {
- //Extract the SecurityContextToken
- OMElement rstElem = rstr.getFirstChildWithName(new QName(
- Constants.WST_NS, Constants.REQUESTED_SECURITY_TOKEN_LN));
- Token token = null;
- if(rstElem != null) {
- OMElement sctElem = rstElem.getFirstChildWithName(SecurityContextToken.TOKEN);
- if(sctElem != null) {
- SecurityContextToken sct = new SecurityContextToken((Element)sctElem);
- token = new Token(sct.getIdentifier(), sctElem);
- config.resgisterContext(sct.getIdentifier());
- } else {
- throw new RahasException("sctMissingInResponse");
- }
- } else {
- throw new TrustException("reqestedSecTokMissing");
- }
-
- // Process RequestedProofToken and extract the secret
- byte[] secret = null;
- OMElement rpt = rstr.getFirstChildWithName(new QName(Constants.WST_NS,
- Constants.REQUESTED_PROOF_TOKEN_LN));
- if (rpt != null) {
- OMElement elem = rpt.getFirstElement();
-
- if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
- && WSConstants.ENC_NS
- .equals(elem.getNamespace().getName())) {
- //Handle the xenc:EncryptedKey case
- EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
- processor.handleToken((Element) elem, null,
- Util.getCryptoInstace(config),
- getCallbackHandlerInstance(config), null, new Vector(),
- null);
- secret = processor.getDecryptedBytes();
- } else if (Constants.BINARY_SECRET.equals(elem.getLocalName())
- && Constants.WST_NS.equals(elem.getNamespace().getName())) {
- //Handle the wst:BinarySecret case
- secret = Base64.decode(elem.getText());
- } else {
- throw new TrustException("notSupported", new String[] { "{"
- + elem.getNamespace().getName() + "}"
- + elem.getLocalName() });
- }
- } else {
- throw new TrustException("rptMissing");
- }
-
- //Check for attached ref
- OMElement reqAttElem = rstr.getFirstChildWithName(new QName(
- Constants.WST_NS, Constants.REQUESTED_ATTACHED_REFERENCE));
- OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
- .getFirstElement();
-
- OMElement reqUnattElem = rstr.getFirstChildWithName(new QName(
- Constants.WST_NS, Constants.REQUESTED_UNATTACHED_REFERENCE));
- OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
- .getFirstElement();
-
- token.setAttachedReference(reqAttRef);
- token.setUnattachedReference(reqUnattRef);
- token.setSecret(secret);
- config.getTokenStore().add(token);
- }
-
-
- private static CallbackHandler getCallbackHandlerInstance(
- RahasConfiguration config) throws Exception {
- if (config.getPasswordCallbackRef() != null) {
- return config.getPasswordCallbackRef();
- } else if (config.getPasswordCallbackClass() != null) {
- if (config.getClassLoader() != null) {
- Class clazz = Loader.loadClass(config.getClassLoader(), config
- .getPasswordCallbackClass());
- return (CallbackHandler) clazz.newInstance();
- } else {
- Class clazz = Loader.loadClass(config
- .getPasswordCallbackClass());
- return (CallbackHandler) clazz.newInstance();
- }
- } else {
- throw new RahasException("noInfoForCBhandler");
- }
- }
-
-
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java Tue Apr 18 04:06:24 2006
@@ -101,7 +101,7 @@
}
}
-
+
/**
* Create the self created <code>wsc:SecurityContextToken</code> and
* add it to a <code>wst:RequestSecurityTokenResponse</code>.
@@ -118,7 +118,11 @@
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
Crypto crypto = Util.getCryptoInstace(config);
- X509Certificate cert = crypto.getCertificates(config.getEncryptionUser())[0];
+ String encryptionUser = config.getEncryptionUser();
+ if(encryptionUser == null) {
+ throw new RahasException("missingEncryptionUser");
+ }
+ X509Certificate cert = crypto.getCertificates(encryptionUser)[0];
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
try {
@@ -133,6 +137,7 @@
SecurityContextToken sct = new SecurityContextToken(config.getDocument());
config.resgisterContext(sct.getIdentifier());
Token token = new Token(sct.getIdentifier(), (OMElement)sct.getElement());
+ token.setSecret(encrKeyBuilder.getEphemeralKey());
config.getTokenStore().add(token);
@@ -200,8 +205,8 @@
WSSecurityUtil.prependChildElement(doc, secHeader.getSecurityHeader(),
sct.getElement(), false);
}
-
-
+
+
public void cleanup() throws AxisFault {
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java Tue Apr 18 04:06:24 2006
@@ -16,33 +16,54 @@
package org.apache.axis2.security.rahas;
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.security.trust.Constants;
+import org.apache.axis2.security.trust.Token;
+import org.apache.axis2.security.trust.TrustException;
+import org.apache.axis2.util.Base64;
+import org.apache.axis2.util.Loader;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.util.Vector;
public class Util {
/**
- * Returns the crypto instance of this configuration.
- * If one is not availabale then it will try to create a <code>Crypto</code>
- * instance using available configuration information and will set it as
- * the <code>Crypto</code> instance of the configuration.
- *
+ * Returns the crypto instance of this configuration. If one is not
+ * availabale then it will try to create a <code>Crypto</code> instance
+ * using available configuration information and will set it as the
+ * <code>Crypto</code> instance of the configuration.
+ *
* @param config
* @return
* @throws RahasException
*/
- public static Crypto getCryptoInstace(RahasConfiguration config) throws RahasException {
- if(config.getCrypto() != null) {
+ public static Crypto getCryptoInstace(RahasConfiguration config)
+ throws RahasException {
+ if (config.getCrypto() != null) {
return config.getCrypto();
- } else {
+ } else {
Crypto crypto = null;
- if(config.getCryptoClassName() != null && config.getCryptoProperties() != null) {
- crypto = CryptoFactory.getInstance(config.getCryptoClassName(), config.getCryptoProperties());
- } else if(config.getCryptoPropertiesFile() != null) {
- if(config.getClassLoader() != null) {
- crypto = CryptoFactory.getInstance(config.getCryptoPropertiesFile(), config.getClassLoader());
+ if (config.getCryptoClassName() != null
+ && config.getCryptoProperties() != null) {
+ crypto = CryptoFactory.getInstance(config.getCryptoClassName(),
+ config.getCryptoProperties());
+ } else if (config.getCryptoPropertiesFile() != null) {
+ if (config.getClassLoader() != null) {
+ crypto = CryptoFactory
+ .getInstance(config.getCryptoPropertiesFile(),
+ config.getClassLoader());
} else {
- crypto = CryptoFactory.getInstance(config.getCryptoPropertiesFile());
+ crypto = CryptoFactory.getInstance(config
+ .getCryptoPropertiesFile());
}
} else {
throw new RahasException("cannotCrateCryptoInstance");
@@ -51,5 +72,91 @@
return crypto;
}
}
+
+ public static void processRSTR(OMElement rstr, RahasConfiguration config)
+ throws Exception {
+ // Extract the SecurityContextToken
+ OMElement rstElem = rstr.getFirstChildWithName(new QName(
+ Constants.WST_NS, Constants.REQUESTED_SECURITY_TOKEN_LN));
+ Token token = null;
+ if (rstElem != null) {
+ OMElement sctElem = rstElem
+ .getFirstChildWithName(SecurityContextToken.TOKEN);
+ if (sctElem != null) {
+ SecurityContextToken sct = new SecurityContextToken(
+ (Element) sctElem);
+ token = new Token(sct.getIdentifier(), sctElem);
+ config.resgisterContext(sct.getIdentifier());
+ } else {
+ throw new RahasException("sctMissingInResponse");
+ }
+ } else {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ // Process RequestedProofToken and extract the secret
+ byte[] secret = null;
+ OMElement rpt = rstr.getFirstChildWithName(new QName(Constants.WST_NS,
+ Constants.REQUESTED_PROOF_TOKEN_LN));
+ if (rpt != null) {
+ OMElement elem = rpt.getFirstElement();
+
+ if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
+ && WSConstants.ENC_NS.equals(elem.getNamespace().getName())) {
+ // Handle the xenc:EncryptedKey case
+ EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+ processor.handleToken((Element) elem, null, Util
+ .getCryptoInstace(config),
+ getCallbackHandlerInstance(config), null, new Vector(),
+ null);
+ secret = processor.getDecryptedBytes();
+ } else if (Constants.BINARY_SECRET.equals(elem.getLocalName())
+ && Constants.WST_NS.equals(elem.getNamespace().getName())) {
+ // Handle the wst:BinarySecret case
+ secret = Base64.decode(elem.getText());
+ } else {
+ throw new TrustException("notSupported", new String[] { "{"
+ + elem.getNamespace().getName() + "}"
+ + elem.getLocalName() });
+ }
+ } else {
+ throw new TrustException("rptMissing");
+ }
+
+ // Check for attached ref
+ OMElement reqAttElem = rstr.getFirstChildWithName(new QName(
+ Constants.WST_NS, Constants.REQUESTED_ATTACHED_REFERENCE));
+ OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
+ .getFirstElement();
+
+ OMElement reqUnattElem = rstr.getFirstChildWithName(new QName(
+ Constants.WST_NS, Constants.REQUESTED_UNATTACHED_REFERENCE));
+ OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
+ .getFirstElement();
+
+ token.setAttachedReference(reqAttRef);
+ token.setUnattachedReference(reqUnattRef);
+ token.setSecret(secret);
+ config.getTokenStore().add(token);
+ }
+ private static CallbackHandler getCallbackHandlerInstance(
+ RahasConfiguration config) throws Exception {
+ if (config.getPasswordCallbackRef() != null) {
+ return config.getPasswordCallbackRef();
+ } else if (config.getPasswordCallbackClass() != null) {
+ if (config.getClassLoader() != null) {
+ Class clazz = Loader.loadClass(config.getClassLoader(), config
+ .getPasswordCallbackClass());
+ return (CallbackHandler) clazz.newInstance();
+ } else {
+ Class clazz = Loader.loadClass(config
+ .getPasswordCallbackClass());
+ return (CallbackHandler) clazz.newInstance();
+ }
+ } else {
+ throw new RahasException("noInfoForCBhandler");
+ }
+ }
+
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties Tue Apr 18 04:06:24 2006
@@ -6,4 +6,5 @@
missingWSATo = wsa:To address value missing
sctMissingInResponse = Response doesn't contain a SecurityContextToken
cannotCrateCryptoInstance = Cannot create Crypto instace
-noInfoForCBhandler = Cannot obtain a callback handler with available configuration information
\ No newline at end of file
+noInfoForCBhandler = Cannot obtain a callback handler with available configuration information
+missingEncryptionUser=Encryption user not specified (The context is created by the initiating party)
\ No newline at end of file