You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/03/21 09:58:49 UTC
svn commit: r387461 - in /webservices/axis2/trunk/java/modules:
doom/src/org/apache/axis2/om/impl/dom/
security/src/org/apache/axis2/security/trust/
security/src/org/apache/axis2/security/trust/impl/
security/test/org/apache/axis2/security/trust/
Author: ruchithf
Date: Tue Mar 21 00:58:46 2006
New Revision: 387461
URL: http://svn.apache.org/viewcvs?rev=387461&view=rev
Log:
- Fixed the Axis2 build break - Fixed a bug in DOOM where we were not properly replacing the first child of an element
- Changed the trust interfaces (E.g. TokenIssuer) so that the impl will return the complete soap envelope after processing
- Started implementing an security context token issuer which implements TokenIssuer
Added:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
Modified:
webservices/axis2/trunk/java/modules/doom/src/org/apache/axis2/om/impl/dom/ParentNode.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Token.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenCanceler.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenIssuer.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenValidator.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenVerifier.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
webservices/axis2/trunk/java/modules/security/test/org/apache/axis2/security/trust/TempIssuer.java
Modified: webservices/axis2/trunk/java/modules/doom/src/org/apache/axis2/om/impl/dom/ParentNode.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/doom/src/org/apache/axis2/om/impl/dom/ParentNode.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/doom/src/org/apache/axis2/om/impl/dom/ParentNode.java (original)
+++ webservices/axis2/trunk/java/modules/doom/src/org/apache/axis2/om/impl/dom/ParentNode.java Tue Mar 21 00:58:46 2006
@@ -212,7 +212,7 @@
if (tempNode.equals(refChild)) {
// RefChild found
- if (tempNode.isFirstChild()) { // If the refChild is the
+ if (this.firstChild == tempNode) { // If the refChild is the
// first child
if (newChild instanceof DocumentFragmentimpl) {
@@ -321,9 +321,22 @@
child.parentNode = this;
this.replaceChild(child, oldChild);
} else {
- if (oldDomChild.isFirstChild()) {
- oldDomChild.detach();
- this.addChild(newDomChild);
+ if (this.firstChild == oldDomChild) {
+
+ newDomChild.parentNode = this;
+
+ if(this.firstChild.nextSibling != null) {
+ this.firstChild.nextSibling.previousSibling = newDomChild;
+ newDomChild.nextSibling = this.firstChild.nextSibling;
+ }
+
+ //Cleanup the current first child
+ this.firstChild.parentNode = null;
+ this.firstChild.nextSibling = null;
+
+ //Set the new first child
+ this.firstChild = newDomChild;
+
} else {
newDomChild.nextSibling = oldDomChild.nextSibling;
newDomChild.previousSibling = oldDomChild.previousSibling;
@@ -379,7 +392,7 @@
ChildNode tempNode = (ChildNode) children.next();
if (tempNode.equals(oldChild)) {
- if (tempNode.isFirstChild()) {
+ if (this.firstChild == tempNode) {
// If this is the first child
this.firstChild = null;
this.lastChild = null;
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Token.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Token.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Token.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Token.java Tue Mar 21 00:58:46 2006
@@ -75,6 +75,11 @@
private boolean chnaged;
/**
+ * The secret associated with the Token
+ */
+ private byte[] secret;
+
+ /**
* @return Returns the chnaged.
*/
protected boolean isChnaged() {
@@ -162,6 +167,20 @@
*/
protected void setPresivousToken(OMElement presivousToken) {
this.presivousToken = presivousToken;
+ }
+
+ /**
+ * @return Returns the secret.
+ */
+ protected byte[] getSecret() {
+ return secret;
+ }
+
+ /**
+ * @param secret The secret to set.
+ */
+ protected void setSecret(byte[] secret) {
+ this.secret = secret;
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenCanceler.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenCanceler.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenCanceler.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenCanceler.java Tue Mar 21 00:58:46 2006
@@ -18,9 +18,10 @@
import org.apache.axis2.context.MessageContext;
import org.apache.ws.commons.om.OMElement;
+import org.apache.ws.commons.soap.SOAPEnvelope;
public interface TokenCanceler {
- public OMElement cancel(OMElement request, MessageContext msgCtx) throws TrustException;
+ public SOAPEnvelope cancel(OMElement request, MessageContext msgCtx) throws TrustException;
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenIssuer.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenIssuer.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenIssuer.java Tue Mar 21 00:58:46 2006
@@ -18,8 +18,9 @@
import org.apache.axis2.context.MessageContext;
import org.apache.ws.commons.om.OMElement;
+import org.apache.ws.commons.soap.SOAPEnvelope;
public interface TokenIssuer {
- public OMElement issue(OMElement request, MessageContext msgCtx) throws TrustException;
+ public SOAPEnvelope issue(OMElement request, MessageContext msgCtx) throws TrustException;
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcher.java Tue Mar 21 00:58:46 2006
@@ -18,10 +18,10 @@
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.databinding.types.URI;
-import org.apache.axis2.security.trust.types.RequestSecurityTokenResponseType;
import org.apache.axis2.security.trust.types.RequestSecurityTokenType;
import org.apache.ws.commons.om.OMElement;
import org.apache.ws.commons.om.impl.builder.StAXOMBuilder;
+import org.apache.ws.commons.soap.SOAPEnvelope;
public class TokenRequestDispatcher {
@@ -40,7 +40,14 @@
this(TokenRequestDispatcherConfig.load(configFilePath));
}
- public RequestSecurityTokenResponseType handle(
+ /**
+ * Processes the incoming request and returns a SOAPEnvelope
+ * @param request
+ * @param ctx
+ * @return
+ * @throws TrustException
+ */
+ public SOAPEnvelope handle(
RequestSecurityTokenType request, MessageContext ctx)
throws TrustException {
@@ -59,17 +66,10 @@
} else {
issuer = config.getIssuer(tokenType.toString());
}
- OMElement responseToken = issuer.issue(new StAXOMBuilder(request
+ SOAPEnvelope response = issuer.issue(new StAXOMBuilder(request
.getPullParser(null)).getDocumentElement(), ctx);
- OMElement reqSecTok = responseToken.getOMFactory().createOMElement(
- "RequestedSecurityToken", Constants.WST_NS,
- Constants.WST_PREFIX);
- reqSecTok.addChild(responseToken);
- RequestSecurityTokenResponseType rstrType =
- new RequestSecurityTokenResponseType();
- rstrType.addExtraElement(reqSecTok);
- return rstrType;
+ return response;
} else if(Constants.REQ_TYPE_VALIDATE.equals(reqType)) {
throw new UnsupportedOperationException("TODO: handle " +
"validate requests");
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java Tue Mar 21 00:58:46 2006
@@ -68,4 +68,11 @@
*/
public ArrayList getRenewedTokens() throws TrustException;
+ /**
+ * Return the list of CANCELLED tokens
+ * @return
+ * @throws TrustException
+ */
+ public ArrayList getCancelledTokens() throws TrustException;
+
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenValidator.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenValidator.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenValidator.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenValidator.java Tue Mar 21 00:58:46 2006
@@ -18,8 +18,9 @@
import org.apache.axis2.context.MessageContext;
import org.apache.ws.commons.om.OMElement;
+import org.apache.ws.commons.soap.SOAPEnvelope;
public interface TokenValidator {
- public OMElement validate(OMElement request, MessageContext msgCtx) throws TrustException;
+ public SOAPEnvelope validate(OMElement request, MessageContext msgCtx) throws TrustException;
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenVerifier.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenVerifier.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenVerifier.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenVerifier.java Tue Mar 21 00:58:46 2006
@@ -18,8 +18,9 @@
import org.apache.axis2.context.MessageContext;
import org.apache.ws.commons.om.OMElement;
+import org.apache.ws.commons.soap.SOAPEnvelope;
public interface TokenVerifier {
- public OMElement veify(OMElement request, MessageContext msgCtx) throws TrustException;
+ public SOAPEnvelope veify(OMElement request, MessageContext msgCtx) throws TrustException;
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties Tue Mar 21 00:58:46 2006
@@ -18,4 +18,5 @@
errorLoadingConfigFile = Error in loading configuration file : \"{0}\"
defaultIssuerMissing = The default issuer must be specified
tokenAlreadyExists = "The token \"{0}\" already exists in the store
-noTokenToUpdate = Canot find token : \"{0}\"to update
\ No newline at end of file
+noTokenToUpdate = Canot find token : \"{0}\" to update
+errorInBuildingTheEncryptedKey = Error in building a xenc:EncyptedKey , encrypted for \"{0}\"
\ No newline at end of file
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java?rev=387461&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java Tue Mar 21 00:58:46 2006
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.trust.impl;
+
+import java.security.Principal;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.om.DOOMAbstractFactory;
+import org.apache.axis2.security.trust.TokenIssuer;
+import org.apache.axis2.security.trust.TrustException;
+import org.apache.ws.commons.om.OMElement;
+import org.apache.ws.commons.soap.SOAP11Constants;
+import org.apache.ws.commons.soap.SOAPEnvelope;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecHeader;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class SCTIssuer implements TokenIssuer {
+
+ public final static String ENCRYPTED_KEY = "EncryptedKey";
+ public final static String COMPUTED_KEY = "ComputedKey";
+ public final static String BINARY_SECRET = "BinarySecret";
+
+ public final static String SCT_ISSUER_CONFIG_PARAM = "sct-issuer-config";
+
+ /**
+ * Issue a SecuritycontextToken based on the wsse:Signature
+ *
+ * This will support returning the SecurityContextToken with the following
+ * types of wst:RequestedProof tokens:
+ * <ul>
+ * <li>xenc:EncryptedKey</li>
+ * <li>wst:ComputedKey</li>
+ * <li>wst:BinarySecret (for secure transport)</li>
+ * </ul>
+ */
+ public SOAPEnvelope issue(OMElement request, MessageContext msgCtx)
+ throws TrustException {
+
+ Vector results = null;
+ if ((results = (Vector) msgCtx
+ .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+ throw new TrustException(TrustException.REQUEST_FAILED);
+ } else {
+ System.out.println("Number of results: " + results.size());
+ Principal principal = null;
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() != WSConstants.ENCR
+ && wser.getPrincipal() != null) {
+ principal = wser.getPrincipal();
+ }
+ }
+ }
+ //If the principal is missing
+ if(principal == null) {
+ throw new TrustException(TrustException.REQUEST_FAILED);
+ }
+
+ Parameter param = msgCtx.getParameter(SCT_ISSUER_CONFIG_PARAM);
+ SCTIssuerConfig config = new SCTIssuerConfig(param
+ .getParameterElement());
+ if(ENCRYPTED_KEY.equals(config.proofTokenType)) {
+ return this.doEncryptedKey(config, msgCtx, principal);
+ } else if(BINARY_SECRET.equals(config.proofTokenType)) {
+ //TODO
+ } else if(COMPUTED_KEY.equals(config.proofTokenType)) {
+ //TODO
+ } else {
+ //Default behavior is to use EncrptedKey
+ this.doEncryptedKey(config, msgCtx, principal);
+ }
+ }
+
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ private SOAPEnvelope doEncryptedKey(SCTIssuerConfig config,
+ MessageContext msgCtx, Principal principal) throws TrustException {
+ SOAPEnvelope env = this.getSOAPEnvelope(msgCtx);
+ //Get the document
+ Document doc = ((Element)env).getOwnerDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile);
+// encrKeyBuilder.se
+// encrKeyBuilder.setUserInfo("wss4jcert");
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ try {
+ encrKeyBuilder.build(doc, crypto, secHeader);
+ } catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { principal.getName() });
+ }
+
+ return env;
+ }
+
+
+ private SOAPEnvelope getSOAPEnvelope(MessageContext msgCtx) {
+ if(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(msgCtx.getEnvelope().getNamespace().getName())) {
+ return DOOMAbstractFactory.getSOAP11Factory().getDefaultEnvelope();
+ } else {
+ return DOOMAbstractFactory.getSOAP12Factory().getDefaultEnvelope();
+ }
+ }
+
+
+
+
+ protected class SCTIssuerConfig {
+
+ protected String proofTokenType = SCTIssuer.ENCRYPTED_KEY;
+ protected String cryptoPropertiesFile = null;
+
+ public SCTIssuerConfig(OMElement elem) {
+ OMElement proofTokenElem = (OMElement)elem.getChildrenWithName(
+ new QName("proofToken")).next();
+ this.proofTokenType = proofTokenElem.getText();
+ }
+
+
+
+ }
+
+}
Modified: webservices/axis2/trunk/java/modules/security/test/org/apache/axis2/security/trust/TempIssuer.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/test/org/apache/axis2/security/trust/TempIssuer.java?rev=387461&r1=387460&r2=387461&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test/org/apache/axis2/security/trust/TempIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/security/test/org/apache/axis2/security/trust/TempIssuer.java Tue Mar 21 00:58:46 2006
@@ -18,10 +18,11 @@
import org.apache.axis2.context.MessageContext;
import org.apache.ws.commons.om.OMElement;
+import org.apache.ws.commons.soap.SOAPEnvelope;
public class TempIssuer implements TokenIssuer {
- public OMElement issue(OMElement request, MessageContext msgCtx) throws TrustException {
+ public SOAPEnvelope issue(OMElement request, MessageContext msgCtx) throws TrustException {
// TODO TODO
throw new UnsupportedOperationException("TODO");
}