You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/09/10 09:50:45 UTC
svn commit: r441923 - in /webservices/axis2/trunk/java/modules/security: ./
src/org/apache/rampart/ src/org/apache/rampart/builder/
src/org/apache/rampart/util/
Author: ruchithf
Date: Sun Sep 10 00:50:44 2006
New Revision: 441923
URL: http://svn.apache.org/viewvc?view=rev&rev=441923
Log:
- Fixed AXIS2-1127 - added rahas into rampart's lib dir
- Getting rid of TS, Encr and Sig builders and using builders for each sec policy binding type
- Added TransportBindingBuilder
Added:
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java
Removed:
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/EncryptionBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SignatureBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TimestampBuilder.java
Modified:
webservices/axis2/trunk/java/modules/security/maven.xml
webservices/axis2/trunk/java/modules/security/project.xml
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
Modified: webservices/axis2/trunk/java/modules/security/maven.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/maven.xml?view=diff&rev=441923&r1=441922&r2=441923
==============================================================================
--- webservices/axis2/trunk/java/modules/security/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/security/maven.xml Sun Sep 10 00:50:44 2006
@@ -51,7 +51,7 @@
<copy file="${dependencies.dir}/xml-apis-${xml_apis.version}.jar" todir="target/temp-mar/lib"/>
<copy file="${dependencies.dir}/xercesImpl-${xerces.version}.jar" todir="target/temp-mar/lib"/>
<copy file="${dependencies.dir}/commons-codec-${commons.codec.version}.jar" todir="target/temp-mar/lib"/>
-
+ <copy file="${dependencies.dir}/axis2-rahas-${rahas_version}.jar" todir="target/temp-mar/lib"/>
</j:if>
<j:if test="${context.getVariable('maven.jar.override').toString().trim().equalsIgnoreCase('off')}">
@@ -63,7 +63,7 @@
<copy file="${maven.repo.local}/xml-apis/jars/xml-apis-${xml_apis.version}.jar" todir="target/temp-mar/lib"/>
<copy file="${maven.repo.local}/xerces/jars/xercesImpl-${xerces.version}.jar" todir="target/temp-mar/lib"/>
<copy file="${maven.repo.local}/commons-codec/jars/commons-codec-${commons.codec.version}.jar" todir="target/temp-mar/lib"/>
-
+ <copy file="${maven.repo.local}/axis2/jars/axis2-rahas-${rahas_version}.jar" todir="target/temp-mar/lib"/>
</j:if>
Modified: webservices/axis2/trunk/java/modules/security/project.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/project.xml?view=diff&rev=441923&r1=441922&r2=441923
==============================================================================
--- webservices/axis2/trunk/java/modules/security/project.xml (original)
+++ webservices/axis2/trunk/java/modules/security/project.xml Sun Sep 10 00:50:44 2006
@@ -89,7 +89,7 @@
<dependency>
<groupId>axis2</groupId>
<artifactId>axis2-rahas</artifactId>
- <version>${pom.currentVersion}</version>
+ <version>${rahas_version}</version>
</dependency>
<!-- external JARs -->
<dependency>
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java?view=diff&rev=441923&r1=441922&r2=441923
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java Sun Sep 10 00:50:44 2006
@@ -25,11 +25,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
-import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
-import org.apache.rahas.TrustUtil;
-import org.apache.rahas.client.STSClient;
-import org.apache.rampart.builder.TimestampBuilder;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.Axis2Util;
@@ -37,20 +33,14 @@
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
-import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
-import javax.security.auth.callback.CallbackHandler;
-
import java.io.ByteArrayInputStream;
-import java.util.ArrayList;
-import java.util.Iterator;
import java.util.List;
public class MessageBuilder {
@@ -108,30 +98,20 @@
rmd.setPolicyData(policyData);
rmd.setSecHeader(secHeader);
- processEnvelope(msgCtx, rmd);
+ processEnvelope(rmd);
}
- private void processEnvelope(MessageContext msgCtx, RampartMessageData rmd)
+ private void processEnvelope(RampartMessageData rmd)
throws RampartException, WSSecurityException {
log.info("Before create Message assym....");
- RampartPolicyData rpd = rmd.getPolicyData();
-
- if(rpd.isIncludeTimestamp()) {
-
- log.debug("Adding a timestamp");
-
- TimestampBuilder tsBuilder = new TimestampBuilder();
- tsBuilder.build(rmd);
- }
-
-
initializeTokens(rmd);
//Nothing to do to handle the other bindings
+
}
/**
@@ -160,14 +140,10 @@
IssuedToken issuedToken = (IssuedToken)sigTok;
- try {
-
- String id = this.getIssuedToken(rmd, issuedToken);
- rmd.setIssuedSignatureTokenId(id);
-
- } catch (TrustException e) {
- throw new RampartException(e.getMessage(), e);
- }
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedSignatureTokenId(id);
+
}
@@ -185,7 +161,8 @@
try {
- String id = getSecConvToken(rmd, secConvTok);
+ String id = RampartUtil.getSecConvToken(rmd,
+ secConvTok);
rmd.setSecConvTokenId(id);
} catch (TrustException e) {
@@ -214,166 +191,20 @@
log.debug("EncrytionToken not alredy set");
IssuedToken issuedToken = (IssuedToken)encrTok;
-
- try {
-
- String id = this.getIssuedToken(rmd, issuedToken);
- rmd.setIssuedEncryptionTokenId(id);
- } catch (TrustException e) {
- throw new RampartException(e.getMessage(), e);
- }
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedEncryptionTokenId(id);
+
}
}
}
-
//TODO : Support processing IssuedToken and SecConvToken assertoins
//in supporting tokens, right now we only support UsernameTokens and
//X.509 Tokens
}
-
- /**
- * Obtain a security context token.
- * @param rmd
- * @param secConvTok
- * @return
- * @throws TrustException
- * @throws RampartException
- */
- private String getSecConvToken(RampartMessageData rmd, SecureConversationToken secConvTok) throws TrustException, RampartException {
- String action = TrustUtil.getActionValue(
- rmd.getWstVersion(),
- RahasConstants.RST_ACTON_SCT);
-
- // Get sts epr
- String issuerEprAddress = RampartUtil
- .processIssuerAddress(secConvTok.getIssuerEpr());
-
- //Find SC version
- int conversationVersion = rmd.getSecConvVersion();
-
- OMElement rstTemplate = RampartUtil.createRSTTempalteForSCT(
- conversationVersion,
- rmd.getWstVersion());
-
- //Check to see whether there's a specific issuer
- Policy stsPolicy = null;
- if(issuerEprAddress.equals(rmd.getMsgContext().getOptions().getTo().getAddress())) {
- log.debug("Issuer address is the same as service " +
- "address");
- stsPolicy = rmd.getServicePolicy();
- } else {
- //Try boot strap policy
- Policy bsPol = secConvTok.getBootstrapPolicy();
- if(bsPol != null) {
- log.debug("BootstrapPolicy found");
- stsPolicy = bsPol;
- } else {
- //No bootstrap policy
- //Use issuer policy specified in rampart config
- log.debug("No bootstrap policy, using issuer" +
- " policy specified in rampart config");
- rmd.getPolicyData().getRampartConfig().getTokenIssuerPolicy();
- }
- }
-
- String id = this.getToken(rmd, rstTemplate,
- issuerEprAddress, action, stsPolicy);
-
- log.debug("SecureConversationToken obtained: id=" + id);
- return id;
- }
-
- /**
- * Obtain an issued token.
- * @param rmd
- * @param issuedToken
- * @return
- * @throws TrustException
- * @throws RampartException
- */
- private String getIssuedToken(RampartMessageData rmd,
- IssuedToken issuedToken) throws TrustException, RampartException {
-
- String action = TrustUtil.getActionValue(rmd.getWstVersion(),
- RahasConstants.RST_ACTON_ISSUE);
-
- // Get sts epr
- String issuerEprAddress = RampartUtil.processIssuerAddress(issuedToken
- .getIssuerEpr());
-
- OMElement rstTemplate = issuedToken.getRstTemplate();
-
- // Get STS policy
- Policy stsPolicy = rmd.getPolicyData().getRampartConfig()
- .getTokenIssuerPolicy();
-
- String id = this.getToken(rmd, rstTemplate, issuerEprAddress, action,
- stsPolicy);
-
- log.debug("Issued token obtained: id=" + id);
- return id;
- }
-
-
- /**
- * Request a token.
- * @param rmd
- * @param rstTemplate
- * @param issuerEpr
- * @param action
- * @param issuerPolicy
- * @return
- * @throws RampartException
- */
- private String getToken(RampartMessageData rmd, OMElement rstTemplate,
- String issuerEpr, String action, Policy issuerPolicy) throws RampartException {
-
- try {
-
- STSClient client = new STSClient(rmd.getMsgContext()
- .getConfigurationContext());
- // Set request action
- client.setAction(action);
-
- client.setRstTemplate(rstTemplate);
-
- // Set crypto information
- Crypto crypto = RampartUtil.getSignatureCrypto(rmd
- .getPolicyData().getRampartConfig());
- CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
- client.setCryptoInfo(crypto, cbh);
-
- // Get service policy
- Policy servicePolicy = rmd.getServicePolicy();
-
- // Get service epr
- String servceEprAddress = rmd.getMsgContext()
- .getOptions().getTo().getAddress();
-
- // Request type
- String reqType = TrustUtil.getWSTNamespace(rmd
- .getWstVersion())
- + RahasConstants.REQ_TYPE_ISSUE;
-
- //Make the request
- org.apache.rahas.Token rst =
- client.requestSecurityToken(servicePolicy,
- issuerEpr,
- issuerPolicy,
- reqType,
- servceEprAddress);
-
- //Add the token to token storage
- rmd.getTokenStorage().add(rst);
-
- return rst.getId();
- } catch (TrustException e) {
- throw new RampartException(e.getMessage(), e);
- }
- }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java?view=diff&rev=441923&r1=441922&r2=441923
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java Sun Sep 10 00:50:44 2006
@@ -19,6 +19,7 @@
import org.apache.axis2.context.MessageContext;
import org.apache.neethi.Policy;
import org.apache.rahas.RahasConstants;
+import org.apache.rahas.SimpleTokenStore;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
@@ -26,6 +27,7 @@
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.util.Loader;
import org.w3c.dom.Document;
import java.util.Vector;
@@ -62,6 +64,8 @@
private int timeToLive = 300;
+ private String timestampId;
+
private Document document;
private Vector encryptionParts;
@@ -69,6 +73,8 @@
private Vector signatureParts;
private Vector endorsedSignatureParts;
+
+ private Vector signedEndorsedSignatureParts;
private TokenStorage tokenStorage;
@@ -101,6 +107,7 @@
*/
private Policy servicePolicy;
+ private boolean isClientSide;
public RampartMessageData(MessageContext msgCtx, Document doc) throws RampartException {
this.msgContext = msgCtx;
@@ -127,6 +134,8 @@
this.servicePolicy = (Policy)msgCtx.getProperty(getPolicyKey(msgCtx));
}
+ this.isClientSide = !msgCtx.isServerSide();
+
} catch (TrustException e) {
throw new RampartException("errorInExtractingMsgProps", e);
}
@@ -157,8 +166,12 @@
/**
* @param endorsedSignatureParts The endorsedSignatureParts to set.
*/
- public void setEndorsedSignatureParts(Vector endorsedSignatureParts) {
- this.endorsedSignatureParts = endorsedSignatureParts;
+ public void addEndorsedSignaturePart(String id) {
+ if(this.endorsedSignatureParts == null) {
+ this.endorsedSignatureParts = new Vector();
+ }
+
+ this.endorsedSignatureParts.add(id);
}
/**
@@ -171,8 +184,11 @@
/**
* @param signatureParts The signatureParts to set.
*/
- public void setSignatureParts(Vector signatureParts) {
- this.signatureParts = signatureParts;
+ public void addSignaturePart(String id) {
+ if(this.signatureParts == null) {
+ this.signatureParts = new Vector();
+ }
+ this.signatureParts.add(id);
}
/**
@@ -308,7 +324,47 @@
/**
* @return Returns the tokenStorage.
*/
- public TokenStorage getTokenStorage() {
+ public TokenStorage getTokenStorage() throws RampartException {
+
+ if(this.tokenStorage != null) {
+ return this.tokenStorage;
+ }
+
+ TokenStorage storage = (TokenStorage) this.msgContext
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY);
+
+ if (storage != null) {
+ this.tokenStorage = storage;
+ } else {
+
+ String storageClass = this.policyData.getRampartConfig()
+ .getTokenStoreClass();
+
+ if (storageClass != null) {
+ Class stClass = null;
+ try {
+ stClass = Loader.loadClass(msgContext.getAxisService()
+ .getClassLoader(), storageClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException(
+ "WSHandler: cannot load token storage class: "
+ + storageClass, e);
+ }
+ try {
+ this.tokenStorage = (TokenStorage) stClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException(
+ "Cannot create instance of token storage: "
+ + storageClass, e);
+ }
+ } else {
+ this.tokenStorage = new SimpleTokenStore();
+ }
+ }
+
+ //Set the storage instance
+ this.msgContext.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStorage);
return tokenStorage;
}
@@ -363,6 +419,42 @@
+ msgCtx.getAxisService().getName() + "{"
+ msgCtx.getAxisOperation().getName().getNamespaceURI()
+ "}" + msgCtx.getAxisOperation().getName().getLocalPart();
+ }
+
+ /**
+ * @return Returns the timestampId.
+ */
+ public String getTimestampId() {
+ return timestampId;
+ }
+
+ /**
+ * @param timestampId The timestampId to set.
+ */
+ public void setTimestampId(String timestampId) {
+ this.timestampId = timestampId;
+ }
+
+ /**
+ * @return Returns the isClientSide.
+ */
+ public boolean isClientSide() {
+ return isClientSide;
+ }
+
+ /**
+ * @return Returns the signedendorsedSignatureParts.
+ */
+ public Vector getSignedEndorsedSignatureParts() {
+ return signedEndorsedSignatureParts;
+ }
+
+ public void addSignedEndorsedSignatureParts(String id) {
+ if(this.signedEndorsedSignatureParts == null) {
+ this.signedEndorsedSignatureParts = new Vector();
+ }
+
+ this.signedEndorsedSignatureParts.add(id);
}
}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java?view=auto&rev=441923
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java Sun Sep 10 00:50:44 2006
@@ -0,0 +1,292 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class TransportBindingBuilder {
+
+ private static Log log = LogFactory.getLog(TransportBindingBuilder.class);
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("TransportBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ Document doc = rmd.getDocument();
+
+ log.debug("Adding timestamp");
+
+ WSSecTimestamp timeStampBuilder = new WSSecTimestamp();
+ timeStampBuilder.setWsConfig(rmd.getConfig());
+
+ timeStampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
+
+ // add the Timestamp to the SOAP Enevelope
+
+ timeStampBuilder.build(doc, rmd
+ .getSecHeader());
+
+ log.debug("Timestamp id: " + timeStampBuilder.getId());
+
+ rmd.setTimestampId(timeStampBuilder.getId());
+
+ log.debug("Adding timestamp: DONE");
+
+ /*
+ * Process Supporting tokens
+ */
+
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null &&
+ sgndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing signed supporting tokens");
+
+ ArrayList tokens = sgndSuppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken && rmd.isClientSide()) {
+ addUsernameToken(rmd);
+ } else {
+ throw new RampartException("unsupportedSignedSupportingToken",
+ new String[]{"{" +token.getName().getNamespaceURI()
+ + "}" + token.getName().getLocalPart()});
+ }
+ }
+ }
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ if(sgndEndSuppTokens != null && sgndEndSuppTokens.getTokens() != null &&
+ sgndEndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing endorsing signed supporting tokens");
+
+ ArrayList tokens = sgndEndSuppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken){
+ doIssuedTokenSignature(rmd, token);
+ }
+ }
+ }
+
+ SupportingToken endSupptokens = rpd.getEndorsingSupportingTokens();
+ if(endSupptokens != null && endSupptokens.getTokens() != null &&
+ endSupptokens.getTokens().size() > 0) {
+ log.debug("Processing endorsing supporting tokens");
+ ArrayList tokens = endSupptokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken){
+ doIssuedTokenSignature(rmd, token);
+ }
+ }
+ }
+
+ }
+
+ /**
+ * @param rmd
+ * @param token
+ * @throws RampartException
+ */
+ private void doIssuedTokenSignature(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc= rmd.getDocument();
+
+ //Get the issued token
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+
+ String inclusion = token.getInclusion();
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken",
+ new String[]{id} ,e);
+ }
+
+ if(inclusion.equals(Constants.INCLUDE_ALWAYS) ||
+ ((inclusion.equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT)
+ || inclusion.equals(Constants.INCLUDE_ONCE))
+ && rmd.isClientSide())) {
+
+ //Add the token
+ rmd.getSecHeader().getSecurityHeader().appendChild(
+ doc.importNode((Element) tok.getToken(), true));
+
+ }
+
+ //check for dirived keys
+ if(token.isDerivedKeys()) {
+ //Create a derived key and add
+ try {
+
+ //Do Signature with derived keys
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ OMElement ref = tok.getAttachedReference();
+ if(ref == null) {
+ ref = tok.getUnattachedReference();
+ }
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+
+
+ dkSign.prepare(doc);
+
+ dkSign.appendDKElementToHeader(rmd.getSecHeader());
+
+ Vector sigParts = new Vector();
+
+ sigParts.add(rmd.getTimestampId());
+
+ if(rpd.isTokenProtection()) {
+ sigParts.add(id);
+ }
+
+ dkSign.setParts(sigParts);
+
+ //Do signature
+ dkSign.computeSignature();
+
+ dkSign.appendSigToHeader(rmd.getSecHeader());
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ //TODO: Do signature withtout derived keys with the Issuedtoken ??
+ }
+ }
+
+ /**
+ * Add a UsernameToken to the security header
+ * @param rmd
+ * @param rpd
+ * @param doc
+ * @return
+ * @throws RampartException
+ */
+ private String addUsernameToken(RampartMessageData rmd) throws RampartException {
+
+ log.debug("Adding a UsernameToken");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ //Get the user
+ String user = rpd.getRampartConfig().getUser();
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ //Get the password
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.USERNAME_TOKEN) };
+
+ try {
+ handler.handle(cb);
+
+ //get the password
+ String password = cb[0].getPassword();
+
+ log.debug("Password : " + password);
+
+ if(password != null && !"".equals(password)) {
+ //If the password is available then build the token
+
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ //TODO Get the UT type, only WS-Sx spec supports this
+ utBuilder.setUserInfo(user, password);
+
+ //Add the UT
+ utBuilder.build(doc, rmd.getSecHeader());
+
+ return utBuilder.getId();
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ }
+
+}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=441923&r1=441922&r2=441923
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties Sun Sep 10 00:50:44 2006
@@ -12,4 +12,12 @@
missingEncryptionCrypto=Encryption crypto information not available
missingCallbackHandler=Password callback handler cannot be located
errorInObtainingSct=Error in obtaining SCT from \"{0}\"
-errorInExtractingMsgProps = Error in extracting message properties
\ No newline at end of file
+errorInObtainingToken=Error in obtaining a token
+errorInExtractingMsgProps = Error in extracting message properties
+userMissing = No user value in the rampart configuration policy
+cbHandlerMissing = Password CallbackHandler not speficied in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
+errorInGettingPasswordForUser = Error in getting password for user : \"{0}\"
+noPasswordForUser = No password supplied by the callback handler for the user : \"{0}\"
+unsupportedSignedSupportingToken = Unsupported SignedSupportingToken : \"{0}\"
+errorExtractingToken = Error extracting token : \"{0}\"
+errorInDerivedKeyTokenSignature = Error in creating DerivedKeyToken signature
\ No newline at end of file
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java?view=diff&rev=441923&r1=441922&r2=441923
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java Sun Sep 10 00:50:44 2006
@@ -17,18 +17,26 @@
package org.apache.rampart.util;
import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.soap.SOAPBody;
+import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Policy;
+import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
@@ -41,6 +49,7 @@
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
import java.util.Properties;
@@ -91,14 +100,14 @@
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
} catch (ClassNotFoundException e) {
throw new RampartException(
- "WSHandler: cannot load password callback class: "
+ "Cannot load password callback class: "
+ cbHandlerClass, e);
}
try {
cbHandler = (CallbackHandler) cbClass.newInstance();
} catch (java.lang.Exception e) {
throw new RampartException(
- "WSHandler: cannot create instance of password callback: "
+ "Cannot create instance of password callback: "
+ cbHandlerClass, e);
}
} else {
@@ -271,4 +280,186 @@
}
+ public static int getTimeToLive(RampartMessageData messageData) {
+
+ String ttl = messageData.getPolicyData().getRampartConfig()
+ .getTimestampTTL();
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = messageData.getTimeToLive();
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = messageData.getTimeToLive();
+ }
+ return ttl_i;
+ }
+
+ /**
+ * Obtain a security context token.
+ * @param rmd
+ * @param secConvTok
+ * @return
+ * @throws TrustException
+ * @throws RampartException
+ */
+ public static String getSecConvToken(RampartMessageData rmd,
+ SecureConversationToken secConvTok) throws TrustException,
+ RampartException {
+ String action = TrustUtil.getActionValue(
+ rmd.getWstVersion(),
+ RahasConstants.RST_ACTON_SCT);
+
+ // Get sts epr
+ String issuerEprAddress = RampartUtil
+ .processIssuerAddress(secConvTok.getIssuerEpr());
+
+ //Find SC version
+ int conversationVersion = rmd.getSecConvVersion();
+
+ OMElement rstTemplate = RampartUtil.createRSTTempalteForSCT(
+ conversationVersion,
+ rmd.getWstVersion());
+
+ //Check to see whether there's a specific issuer
+ Policy stsPolicy = null;
+ if (issuerEprAddress.equals(rmd.getMsgContext().getOptions().getTo().getAddress())) {
+ log.debug("Issuer address is the same as service " +
+ "address");
+ stsPolicy = rmd.getServicePolicy();
+ } else {
+ //Try boot strap policy
+ Policy bsPol = secConvTok.getBootstrapPolicy();
+ if(bsPol != null) {
+ log.debug("BootstrapPolicy found");
+ stsPolicy = bsPol;
+ } else {
+ //No bootstrap policy
+ //Use issuer policy specified in rampart config
+ log.debug("No bootstrap policy, using issuer" +
+ " policy specified in rampart config");
+ rmd.getPolicyData().getRampartConfig().getTokenIssuerPolicy();
+ }
+ }
+
+ String id = getToken(rmd, rstTemplate,
+ issuerEprAddress, action, stsPolicy);
+
+ log.debug("SecureConversationToken obtained: id=" + id);
+ return id;
+ }
+
+
+ /**
+ * Obtain an issued token.
+ * @param rmd
+ * @param issuedToken
+ * @return
+ * @throws TrustException
+ * @throws RampartException
+ */
+ public static String getIssuedToken(RampartMessageData rmd,
+ IssuedToken issuedToken) throws RampartException {
+
+ try {
+ String action = TrustUtil.getActionValue(rmd.getWstVersion(),
+ RahasConstants.RST_ACTON_ISSUE);
+
+ // Get sts epr
+ String issuerEprAddress = RampartUtil.processIssuerAddress(issuedToken
+ .getIssuerEpr());
+
+ OMElement rstTemplate = issuedToken.getRstTemplate();
+
+ // Get STS policy
+ Policy stsPolicy = rmd.getPolicyData().getRampartConfig()
+ .getTokenIssuerPolicy();
+
+ String id = getToken(rmd, rstTemplate, issuerEprAddress, action,
+ stsPolicy);
+
+ log.debug("Issued token obtained: id=" + id);
+ return id;
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingToken", e);
+ }
+ }
+
+ /**
+ * Request a token.
+ * @param rmd
+ * @param rstTemplate
+ * @param issuerEpr
+ * @param action
+ * @param issuerPolicy
+ * @return
+ * @throws RampartException
+ */
+ public static String getToken(RampartMessageData rmd, OMElement rstTemplate,
+ String issuerEpr, String action, Policy issuerPolicy) throws RampartException {
+
+ try {
+
+ STSClient client = new STSClient(rmd.getMsgContext()
+ .getConfigurationContext());
+ // Set request action
+ client.setAction(action);
+
+ client.setRstTemplate(rstTemplate);
+
+ // Set crypto information
+ Crypto crypto = RampartUtil.getSignatureCrypto(rmd
+ .getPolicyData().getRampartConfig());
+ CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
+ client.setCryptoInfo(crypto, cbh);
+
+ // Get service policy
+ Policy servicePolicy = rmd.getServicePolicy();
+
+ // Get service epr
+ String servceEprAddress = rmd.getMsgContext()
+ .getOptions().getTo().getAddress();
+
+ // Request type
+ String reqType = TrustUtil.getWSTNamespace(rmd
+ .getWstVersion())
+ + RahasConstants.REQ_TYPE_ISSUE;
+
+ //Make the request
+ org.apache.rahas.Token rst =
+ client.requestSecurityToken(servicePolicy,
+ issuerEpr,
+ issuerPolicy,
+ reqType,
+ servceEprAddress);
+
+ //Add the token to token storage
+ rmd.getTokenStorage().add(rst);
+
+ return rst.getId();
+ } catch (TrustException e) {
+ throw new RampartException(e.getMessage(), e);
+ }
+ }
+
+ public static String getSoapBodyId(SOAPEnvelope env) {
+ String id = null;
+ SOAPBody body = env.getBody();
+ OMAttribute idAttr = body.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+ if(idAttr != null) {
+ id = idAttr.getAttributeValue();
+ } else {
+ //Add an id
+ OMNamespace ns = env.getOMFactory().createOMNamespace(WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ id = "Id-" + body.hashCode();
+ idAttr = env.getOMFactory().createOMAttribute("Id", ns, id);
+ body.addAttribute(idAttr);
+ }
+
+ return id;
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org