Author: ruchithf
Date: Sun Apr 16 10:02:11 2006
New Revision: 394512
URL: http://svn.apache.org/viewcvs?rev=394512&view=rev
Log:
- Updating the out-action.xsd
- Moved some common code to TrustUtil
Added:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java
Modified:
webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd
Modified:
webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml
URL:
http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
---
webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml
(original)
+++
webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml
Sun Apr 16 10:02:11 2006
@@ -23,7 +23,7 @@
<passwordCallbackClass
xmlns="">org.apache.axis2.security.rahas.PWCallback</passwordCallbackClass>
<cryptoProperties
xmlns="">sctIssuer.properties</cryptoProperties>
</rahas-configuration>
- </parameter>
+ </parameter>
<parameter name="InflowSecurity">
<action>
Modified:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
URL:
http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
---
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
(original)
+++
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
Sun Apr 16 10:02:11 2006
@@ -135,6 +135,8 @@
private byte[] issuerEntropy;
+ private String encryptionUser;
+
public static RahasConfiguration load(MessageContext msgCtx, boolean
sender)
throws Exception {
Parameter param = msgCtx.getParameter(RAHAS_CONFIG);
@@ -604,6 +606,20 @@
*/
protected void setRequesterEntropy(byte[] requesterEntropy) {
this.requesterEntropy = requesterEntropy;
+ }
+
+ /**
+ * @return Returns the encryptionUser.
+ */
+ protected String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ /**
+ * @param encryptionUser The encryptionUser to set.
+ */
+ protected void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
}
}
Modified:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
URL:
http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
---
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
(original)
+++
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
Sun Apr 16 10:02:11 2006
@@ -19,6 +19,8 @@
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.SOAPHeader;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.HandlerDescription;
@@ -27,9 +29,13 @@
import org.apache.axis2.security.WSDoAllSender;
import org.apache.axis2.security.trust.Constants;
import org.apache.axis2.security.trust.Token;
+import org.apache.axis2.security.trust.TrustException;
+import org.apache.axis2.security.trust.TrustUtil;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -38,6 +44,8 @@
import javax.xml.namespace.QName;
+import java.security.cert.X509Certificate;
+
/**
* Rahas outflow handler
*/
@@ -58,36 +66,28 @@
return;
}
- //Parse the configuration
+ //Parse the rahas configuration
RahasConfiguration config = RahasConfiguration.load(msgContext,
true);
-
- if(config.getMsgCtx().isServerSide()) {
- this.constructMessage(config);
- msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
- .getDocumentElement());
- } else {
-
- if(config.getContextIdentifier() == null &&
config.getStsEPRAddress() != null && !config.getMsgCtx().isServerSide()) {
+ msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
+ .getDocumentElement());
+
+ if(!config.getMsgCtx().isServerSide()) {
+ if(config.getContextIdentifier() == null &&
!config.getMsgCtx().isServerSide()) {
String sts = config.getStsEPRAddress();
if(sts != null) {
//Use a security token service
STSRequester.issueRequest(config);
- this.constructMessage(config);
- msgContext.setEnvelope((SOAPEnvelope)
config.getDocument()
- .getDocumentElement());
} else {
- //Create a token
+ //Create an an SCT, include it in an RSTR
+ // and add the RSTR to the header
+ this.createRSTR(config);
}
- } else {
- this.constructMessage(config);
- msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
- .getDocumentElement());
}
}
-
-
+ this.constructMessage(config);
+
} catch (Exception e) {
e.printStackTrace();
if(e instanceof RahasException) {
@@ -99,6 +99,72 @@
} finally {
DocumentBuilderFactoryImpl.setDOOMRequired(false);
}
+
+ }
+
+ /**
+ * Create the self created <code>wsc:SecurityContextToken</code> and
+ * add it to a <code>wst:RequestSecurityTokenResponse</code>.
+ *
+ * This is called in the case where the security context establishment
+ * is done by one of the parties with out the use of an STS
+ * and the creted SCT is sent across to the other party in an unsolicited
+ * <code>wst:RequestSecurityTokenResponse</code>
+ *
+ * @param config
+ * @throws Exception
+ */
+ private void createRSTR(RahasConfiguration config) throws Exception {
+
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ Crypto crypto = Util.getCryptoInstace(config);
+ X509Certificate cert =
crypto.getCertificates(config.getEncryptionUser())[0];
+
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ try {
+ encrKeyBuilder.setUseThisCert(cert);
+ encrKeyBuilder.prepare(config.getDocument(), crypto);
+ } catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { cert.getSubjectDN().getName()});
+ }
+
+ SecurityContextToken sct = new
SecurityContextToken(config.getDocument());
+ config.resgisterContext(sct.getIdentifier());
+ Token token = new Token(sct.getIdentifier(),
(OMElement)sct.getElement());
+
+ config.getTokenStore().add(token);
+
+ SOAPEnvelope env = config.getMsgCtx().getEnvelope();
+
+ SOAPHeader header = env.getHeader();
+ if(header == null) {
+ header = ((SOAPFactory)env.getOMFactory()).createSOAPHeader(env);
+ }
+
+ OMElement rstrElem =
TrustUtil.createRequestSecurityTokenResponseElement(header);
+
+ OMElement rstElem =
TrustUtil.createRequestedSecurityTokenElement(rstrElem);
+
+ rstElem.addChild((OMElement)sct.getElement());
+
+ TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(),
+ Constants.TOK_TYPE_SCT);
+
+ TrustUtil.createRequestedUnattachedRef(rstrElem, sct.getIdentifier(),
+ Constants.TOK_TYPE_SCT);
+
+ Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+
+ OMElement reqProofTok =
TrustUtil.createRequestedProofTokenElement(rstrElem);
+
+ if(bstElem != null) {
+ reqProofTok.addChild((OMElement)bstElem);
+ }
+
+ reqProofTok.addChild((OMElement)encryptedKeyElem);
}
Added:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java
URL:
http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java?rev=394512&view=auto
==============================================================================
---
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java
(added)
+++
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java
Sun Apr 16 10:02:11 2006
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.trust;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+
+public class TrustUtil {
+
+ /**
+ * Create a wsse:Reference element with the given uri and the value type
+ * @param doc
+ * @param refUri
+ * @param refValueType
+ * @return
+ */
+ public static Element createSecurityTokenReference(Document doc,
+ String refUri, String refValueType) {
+
+ Reference ref = new Reference(doc);
+ ref.setURI(refUri);
+ if(refValueType != null) {
+ ref.setValueType(refValueType);
+ }
+ SecurityTokenReference str = new SecurityTokenReference(doc);
+ str.setReference(ref);
+
+ return str.getElement();
+ }
+
+ public static OMElement createRequestSecurityTokenResponseElement(
+ OMElement parent) {
+ return createOMElement(parent,Constants.WST_NS,
+ Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN,
+ Constants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedSecurityTokenElement(OMElement
parent) {
+ return createOMElement(parent,Constants.WST_NS,
+ Constants.REQUESTED_SECURITY_TOKEN_LN,
+ Constants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedProofTokenElement(OMElement parent)
{
+ return createOMElement(parent, Constants.WST_NS,
+ Constants.REQUESTED_PROOF_TOKEN_LN, Constants.WST_PREFIX);
+ }
+
+ public static OMElement createBinarySecretElement(OMElement parent) {
+ return createOMElement(parent, Constants.WST_NS,
+ Constants.BINARY_SECRET, Constants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedUnattachedRef(OMElement parent,
+ String refUri, String refValueType) {
+ OMElement elem = createOMElement(parent, Constants.WST_NS,
+ Constants.REQUESTED_UNATTACHED_REFERENCE,
+ Constants.WST_PREFIX);
+ elem.addChild((OMElement) createSecurityTokenReference(
+ ((Element) parent).getOwnerDocument(), refUri, refValueType));
+ return elem;
+ }
+
+ public static OMElement createRequestedAttachedRef(OMElement parent,
+ String refUri, String refValueType) {
+ OMElement elem = createOMElement(parent, Constants.WST_NS,
+ Constants.REQUESTED_ATTACHED_REFERENCE,
+ Constants.WST_PREFIX);
+ elem.addChild((OMElement) createSecurityTokenReference(
+ ((Element) parent).getOwnerDocument(), refUri, refValueType));
+ return elem;
+ }
+
+ private static OMElement createOMElement(OMElement parent, String ns,
+ String ln, String prefix) {
+ return parent.getOMFactory().createOMElement(new QName(ns, ln, prefix),
+ parent);
+ }
+}
Modified:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
URL:
http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
---
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
(original)
+++
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
Sun Apr 16 10:02:11 2006
@@ -28,6 +28,7 @@
import org.apache.axis2.security.trust.TokenIssuer;
import org.apache.axis2.security.trust.TokenStorage;
import org.apache.axis2.security.trust.TrustException;
+import org.apache.axis2.security.trust.TrustUtil;
import org.apache.axis2.util.Base64;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
@@ -37,14 +38,10 @@
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityContextToken;
-import org.apache.ws.security.message.token.SecurityTokenReference;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import javax.xml.namespace.QName;
-
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
@@ -167,47 +164,26 @@
Document doc = ((Element)env).getOwnerDocument();
SecurityContextToken sct = new SecurityContextToken(doc);
- String sctId = "sctId-" + sct.getElement().hashCode();
- sct.setID(sctId);
- OMElement rstrElem = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS,
- Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN,
- Constants.WST_PREFIX), env.getBody());
-
- OMElement rstElem = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS,
- Constants.REQUESTED_SECURITY_TOKEN_LN,
- Constants.WST_PREFIX), rstrElem);
+ OMElement rstrElem =
TrustUtil.createRequestSecurityTokenResponseElement(env.getBody());
+
+ OMElement rstElem =
TrustUtil.createRequestedSecurityTokenElement(rstrElem);
rstElem.addChild((OMElement)sct.getElement());
if (config.addRequestedAttachedRef) {
- OMElement reqAttRef = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS,
- Constants.REQUESTED_ATTACHED_REFERENCE,
- Constants.WST_PREFIX), rstrElem);
- reqAttRef.addChild((OMElement) this.createSecurityTokenReference(
- doc, "#" + sctId, Constants.TOK_TYPE_SCT));
+ TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(),
+ Constants.TOK_TYPE_SCT);
}
if (config.addRequestedUnattachedRef) {
- OMElement reqUnattRef = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS,
- Constants.REQUESTED_UNATTACHED_REFERENCE,
- Constants.WST_PREFIX), rstrElem);
-
- reqUnattRef.addChild((OMElement) this.createSecurityTokenReference(
- doc, sct.getIdentifier(), Constants.TOK_TYPE_SCT));
+ TrustUtil.createRequestedUnattachedRef(
+ rstrElem, sct.getIdentifier(), Constants.TOK_TYPE_SCT);
}
- OMElement reqProofTok = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS, Constants.REQUESTED_PROOF_TOKEN_LN,
- Constants.WST_PREFIX), rstrElem);
-
- OMElement binSecElem = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS, Constants.BINARY_SECRET,
- Constants.WST_PREFIX), reqProofTok);
+ OMElement reqProofTok =
TrustUtil.createRequestedProofTokenElement(rstrElem);
+
+ OMElement binSecElem =
TrustUtil.createBinarySecretElement(reqProofTok);
byte[] secret = this.generateEphemeralKey();
binSecElem.setText(Base64.encode(secret));
@@ -242,46 +218,30 @@
}
SecurityContextToken sct = new SecurityContextToken(doc);
- String sctId = "sctId-" + sct.getElement().hashCode();
- sct.setID(sctId);
- OMElement rstrElem = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS,
- Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN,
- Constants.WST_PREFIX), env.getBody());
-
- OMElement rstElem = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS,
- Constants.REQUESTED_SECURITY_TOKEN_LN,
- Constants.WST_PREFIX), rstrElem);
+ OMElement rstrElem = TrustUtil
+ .createRequestSecurityTokenResponseElement(env.getBody());
+
+ OMElement rstElem = TrustUtil
+ .createRequestedSecurityTokenElement(rstrElem);
rstElem.addChild((OMElement)sct.getElement());
if (config.addRequestedAttachedRef) {
- OMElement reqAttRef = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS,
- Constants.REQUESTED_ATTACHED_REFERENCE,
- Constants.WST_PREFIX), rstrElem);
- reqAttRef.addChild((OMElement) this.createSecurityTokenReference(
- doc, "#" + sctId, Constants.TOK_TYPE_SCT));
+ TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(),
+ Constants.TOK_TYPE_SCT);
}
if (config.addRequestedUnattachedRef) {
- OMElement reqUnattRef = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS,
- Constants.REQUESTED_UNATTACHED_REFERENCE,
- Constants.WST_PREFIX), rstrElem);
-
- reqUnattRef.addChild((OMElement) this.createSecurityTokenReference(
- doc, sct.getIdentifier(), Constants.TOK_TYPE_SCT));
+ TrustUtil.createRequestedUnattachedRef(
+ rstrElem, sct.getIdentifier(), Constants.TOK_TYPE_SCT);
}
Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
- OMElement reqProofTok = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS, Constants.REQUESTED_PROOF_TOKEN_LN,
- Constants.WST_PREFIX), rstrElem);
+ OMElement reqProofTok = TrustUtil
+ .createRequestedProofTokenElement(rstrElem);
if(bstElem != null) {
reqProofTok.addChild((OMElement)bstElem);
@@ -290,7 +250,8 @@
reqProofTok.addChild((OMElement)encryptedKeyElem);
//Store the tokens
- Token sctToken = new Token(sct.getIdentifier(),
(OMElement)sct.getElement());
+ Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
+ .getElement());
sctToken.setSecret(encrKeyBuilder.getEphemeralKey());
this.getTokenStore(msgCtx).add(sctToken);
@@ -369,15 +330,6 @@
this.configParamName = configParamName;
}
- private Element createSecurityTokenReference(Document doc, String refUri,
String refValueType) {
-
- Reference ref = new Reference(doc);
- ref.setURI(refUri);
- ref.setValueType(refValueType);
- SecurityTokenReference str = new SecurityTokenReference(doc);
- str.setReference(ref);
-
- return str.getElement();
- }
+
}
Modified: webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd
URL:
http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
--- webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd (original)
+++ webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd Sun Apr
16 10:02:11 2006
@@ -11,6 +11,7 @@
<xs:element name="passwordCallbackClass"
type="xs:string" minOccurs="0"/>
<xs:element name="signaturePropFile"
type="xs:string" minOccurs="0"/>
<xs:element name="encryptionPropFile"
type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionPropFile"
type="xs:string" minOccurs="0"/>
<xs:element name="signatureKeyIdentifier"
type="xs:string" minOccurs="0"/>
<xs:element name="encryptionKeyIdentifier"
type="xs:string" minOccurs="0"/>
<xs:element name="encryptionUser"
type="xs:string" minOccurs="0"/>
@@ -21,6 +22,7 @@
<xs:element name="EmbeddedKeyCallbackClass"
type="xs:string" minOccurs="0"/>
<xs:element
name="encryptionKeyTransportAlgorithm" type="xs:string" minOccurs="0"/>
<xs:element name="EmbeddedKeyName"
type="xs:string" minOccurs="0"/>
+ <xs:element name="timeToLive" type="xs:string"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
