You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/09/07 10:02:06 UTC
svn commit: r441010 - in /webservices/axis2/trunk/java/modules:
integration/test/org/apache/rahas/TestClient.java
rahas/src/org/apache/rahas/client/STSClient.java
rahas/src/org/apache/rahas/errors.properties
Author: ruchithf
Date: Thu Sep 7 01:02:05 2006
New Revision: 441010
URL: http://svn.apache.org/viewvc?view=rev&rev=441010
Log:
Minor changes to STSClient :
- Added a constructor which accepts a conig ctx
- Enabled setting the trust version and the RSTTemplate externally
Modified:
webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java?view=diff&rev=441010&r1=441009&r2=441010
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java Thu Sep 7 01:02:05 2006
@@ -141,7 +141,7 @@
*/
public void testWithStsClient() {
- STSClient client = new STSClient();
+
// Get the repository location from the args
String repo = Constants.TESTING_PATH + "rahas_client_repo";
@@ -150,6 +150,8 @@
ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
null);
+ STSClient client = new STSClient(configContext);
+
Options options = new Options();
OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
if(clientOutflowConfiguration != null) {
@@ -162,13 +164,13 @@
client.setAction(this.getRequestAction());
client.setOptions(options);
+ client.setRstTemplate(this.getRSTTemplate());
+ client.setVersion(this.getTrstVersion());
- Token tok = client.requestSecurityToken(configContext,
- this.getTrstVersion(), this.getServicePolicy(),
- "http://127.0.0.1:" + port+ "/axis2/services/SecureService",
- this.getSTSPolicy(),
- this.getRSTTemplate(),
- TrustUtil.getWSTNamespace(this.getTrstVersion())+ RahasConstants.REQ_TYPE_ISSUE,
+ Token tok = client.requestSecurityToken(
+ this.getServicePolicy(), "http://127.0.0.1:" + port + "/axis2/services/SecureService", this.getSTSPolicy(),
+ TrustUtil.getWSTNamespace(this.getTrstVersion())
+ + RahasConstants.REQ_TYPE_ISSUE,
"http://localhost:5555/axis2/services/SecureService");
assertNotNull("Response token missing", tok);
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java?view=diff&rev=441010&r1=441009&r2=441010
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java Thu Sep 7 01:02:05 2006
@@ -62,6 +62,10 @@
private String action;
+ private OMElement rstTemplate;
+
+ private int version = RahasConstants.VERSION_05_02;
+
private Options options;
private Trust10 trust10;
@@ -84,21 +88,32 @@
private Crypto crypto;
private CallbackHandler cbHandler;
+
+ private ConfigurationContext configCtx;
- public Token requestSecurityToken(ConfigurationContext configCtx,
- int version, Policy servicePolicy, String issuerAddress,
- Policy IssuerPolicy, OMElement rstTemplate, String requestType,
+ public STSClient(ConfigurationContext configCtx) throws TrustException {
+ if(configCtx != null) {
+ this.configCtx = configCtx;
+ } else {
+ throw new TrustException("stsClientCfgCtxNull");
+ }
+ }
+
+ public Token requestSecurityToken(
+ Policy servicePolicy, String issuerAddress,
+ Policy IssuerPolicy, String requestType,
String appliesTo) throws TrustException {
try {
AxisService axisService = new AxisService("SecurityTokenService");
QName rstQn = new QName("requestSecurityToken");
OutInAxisOperation operation = new OutInAxisOperation(rstQn);
axisService.addOperation(operation);
- ServiceClient client = new ServiceClient(configCtx, axisService);
+ ServiceClient client = new ServiceClient(this.configCtx, axisService);
if(this.options != null) {
client.setOptions(options);
}
+
//Set the action
client.getOptions().setAction(action);
client.getOptions().setTo(new EndpointReference(issuerAddress));
@@ -110,7 +125,7 @@
//Process the STS and service policy policy
this.processPolicy(IssuerPolicy, servicePolicy);
- OMElement result = client.sendReceive(rstQn, this.createRequest(version, rstTemplate, requestType, appliesTo));
+ OMElement result = client.sendReceive(rstQn, this.createRequest(requestType, appliesTo));
return this.processResult(version, result);
} catch (AxisFault e) {
@@ -148,7 +163,8 @@
.getFirstElement();
//Get the security token
- OMElement reqSecTok = rstr.getFirstChildWithName(new QName(ns, RahasConstants.REQUESTED_SECURITY_TOKEN_LN));
+ OMElement reqSecTok = rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.REQUESTED_SECURITY_TOKEN_LN));
if(reqSecTok == null) {
throw new TrustException("reqestedSecTokMissing");
}
@@ -161,14 +177,16 @@
throw new TrustException("cannotObtainTokenIdentifier");
}
- OMElement lifeTimeEle = rstr.getFirstChildWithName(new QName(ns, RahasConstants.LIFETIME_LN));
+ OMElement lifeTimeEle = rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.LIFETIME_LN));
Token tok = new Token(id, tokenElem, lifeTimeEle);
tok.setAttachedReference(reqAttRef);
tok.setUnattachedReference(reqUnattRef);
//Handle proof token
- OMElement rpt = rstr.getFirstChildWithName(new QName(ns, RahasConstants.REQUESTED_PROOF_TOKEN_LN));
+ OMElement rpt = rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.REQUESTED_PROOF_TOKEN_LN));
byte[] secret = null;
@@ -183,11 +201,16 @@
tok.setSecret(Base64.decode(b64Secret));
}else if(child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))){
try {
- Element domChild = (Element)new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),child.getXMLStreamReader()).getDocumentElement();
+ Element domChild = (Element) new StAXOMBuilder(
+ DOOMAbstractFactory.getOMFactory(), child
+ .getXMLStreamReader()).getDocumentElement();
+
EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+
processor.handleToken(domChild, null, this.crypto,
this.cbHandler, null, new Vector(),
null);
+
secret = processor.getDecryptedBytes();
} catch (WSSecurityException e) {
throw new TrustException("errorInProcessingEncryptedKey", e);
@@ -196,9 +219,15 @@
//Handle the computed key
//Get service entropy
- OMElement serviceEntrElem = rstr.getFirstChildWithName(new QName(ns, RahasConstants.ENTROPY_LN));
+ OMElement serviceEntrElem = rstr
+ .getFirstChildWithName(new QName(ns,
+ RahasConstants.ENTROPY_LN));
+
OMElement binSecElem = serviceEntrElem.getFirstElement();
- if(binSecElem != null && binSecElem.getText() != null && !"".equals(binSecElem.getText().trim())) {
+
+ if (binSecElem != null && binSecElem.getText() != null
+ && !"".equals(binSecElem.getText().trim())) {
+
byte[] serviceEntr = Base64.decode(binSecElem.getText());
//Right now we only use PSHA1 as the computed key algo
@@ -311,48 +340,56 @@
/**
* Create the RST request.
* @param version
- * @param rstTemplate
* @return
* @throws TrustException
*/
- private OMElement createRequest(int version, OMElement rstTemplate, String requestType, String appliesTo) throws TrustException {
+ private OMElement createRequest(String requestType,
+ String appliesTo) throws TrustException {
OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
- TrustUtil.createRequestTypeElement(version, rst, requestType);
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
TrustUtil.createAppliesToElement(rst, appliesTo, this.addressingNs);
- TrustUtil.createLifetimeElement(version, rst, this.ttl * 1000);
+ TrustUtil.createLifetimeElement(this.version, rst, this.ttl * 1000);
//Copy over the elements from the template
- Iterator templateChildren = rstTemplate.getChildElements();
- while (templateChildren.hasNext()) {
- OMNode child = (OMNode) templateChildren.next();
- rst.addChild(child);
-
- //Look for the key size element
- if (child instanceof OMElement
- && ((OMElement) child).getQName().equals(
- new QName(TrustUtil.getWSTNamespace(version),
- RahasConstants.KEY_SIZE_LN))) {
- OMElement childElem = (OMElement)child;
- this.keySize = (childElem.getText() != null && !""
- .equals(childElem.getText())) ?
- Integer.parseInt(childElem.getText()) : -1;
+ if(this.rstTemplate != null) {
+ Iterator templateChildren = rstTemplate.getChildElements();
+ while (templateChildren.hasNext()) {
+ OMNode child = (OMNode) templateChildren.next();
+ rst.addChild(child);
+
+ //Look for the key size element
+ if (child instanceof OMElement
+ && ((OMElement) child).getQName().equals(
+ new QName(TrustUtil.getWSTNamespace(this.version),
+ RahasConstants.KEY_SIZE_LN))) {
+ OMElement childElem = (OMElement)child;
+ this.keySize = (childElem.getText() != null && !""
+ .equals(childElem.getText())) ?
+ Integer.parseInt(childElem.getText()) : -1;
+ }
}
}
try {
- //Handle entropy
- if(this.trust10 != null) {
- if(this.trust10.isRequireClientEntropy()) {
- //setup requestor entropy
- OMElement ent = TrustUtil.createEntropyElement(version, rst);
- OMElement binSec = TrustUtil.createBinarySecretElement(version, ent, RahasConstants.BIN_SEC_TYPE_NONCE);
- this.requestorEntropy = WSSecurityUtil.generateNonce(this.algorithmSuite.getMaximumSymmetricKeyLength());
+ // Handle entropy
+ if (this.trust10 != null) {
+ if (this.trust10.isRequireClientEntropy()) {
+ // setup requestor entropy
+ OMElement ent = TrustUtil
+ .createEntropyElement(this.version, rst);
+ OMElement binSec = TrustUtil.createBinarySecretElement(
+ this.version, ent,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ this.requestorEntropy = WSSecurityUtil
+ .generateNonce(this.algorithmSuite
+ .getMaximumSymmetricKeyLength());
binSec.setText(Base64.encode(this.requestorEntropy));
-
- //Add the ComputedKey element
- TrustUtil.createComputedKeyAlgorithm(version, rst, RahasConstants.COMPUTED_KEY_PSHA1);
-
+
+ // Add the ComputedKey element
+ TrustUtil.createComputedKeyAlgorithm(this.version, rst,
+ RahasConstants.COMPUTED_KEY_PSHA1);
+
}
}
} catch (Exception e) {
@@ -416,6 +453,27 @@
this.crypto = crypto;
this.cbHandler = new CBHandler(privKeyPasswd);
}
+
+ /**
+ * @param action The action to set.
+ */
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ /**
+ * @param options The options to set.
+ */
+ public void setOptions(Options options) {
+ this.options = options;
+ }
+
+ /**
+ * @param rstTemplate The rstTemplate to set.
+ */
+ public void setRstTemplate(OMElement rstTemplate) {
+ this.rstTemplate = rstTemplate;
+ }
private class CBHandler implements CallbackHandler {
@@ -425,24 +483,18 @@
this.passwd = passwd;
}
- public void handle(Callback[] cb) throws IOException, UnsupportedCallbackException {
+ public void handle(Callback[] cb) throws IOException,
+ UnsupportedCallbackException {
((WSPasswordCallback)cb[0]).setPassword(this.passwd);
}
}
/**
- * @param action The action to set.
+ * @param version The version to set.
*/
- public void setAction(String action) {
- this.action = action;
- }
-
- /**
- * @param options The options to set.
- */
- public void setOptions(Options options) {
- this.options = options;
+ public void setVersion(int version) {
+ this.version = version;
}
}
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties?view=diff&rev=441010&r1=441009&r2=441010
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties Thu Sep 7 01:02:05 2006
@@ -43,6 +43,8 @@
keyDerivationError = Error in key derivation
errorInProcessingEncryptedKey = Error in processing encrypted key
+stsClientCfgCtxNull = STSClient: ConfigurationContext client is null
+
#SCTIssuer specific error messages
sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org