svn commit: r1173063 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/validate/ test/java/org/apache/ws/security/message/token/

coheigea Tue, 20 Sep 2011 03:20:36 -0700

Author: coheigea
Date: Tue Sep 20 10:20:06 2011
New Revision: 1173063

URL: http://svn.apache.org/viewvc?rev=1173063&view=rev
Log:
[WSS-307] - Add in an interface to provider a pluggable way of getting the 
secret key from a Kerberos token


Added:
    
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenDecoder.java
Modified:
    
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
    
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java

Added: 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenDecoder.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenDecoder.java?rev=1173063&view=auto
==============================================================================
--- 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenDecoder.java
 (added)
+++ 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenDecoder.java
 Tue Sep 20 10:20:06 2011
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.validate;
+
+import javax.security.auth.Subject;
+
+/**
+ * This interface defines a pluggable way to obtain a session key given an 
AP-REQ Kerberos token and a 
+ * Subject. The session key is needed on the receiving side when it is used 
for message signature or
+ * encryption. A default implementation is not shipped with WSS4J due to a 
dependency on internal APIs 
+ * or ASN1 parsers.
+ */
+public interface KerberosTokenDecoder {
+    
+    /**
+     * Set the AP-REQ Kerberos Token
+     * @param token the AP-REQ Kerberos Token
+     */
+    public void setToken(byte[] token);
+    
+    /**
+     * Set the Subject
+     * @param subject the Subject
+     */
+    public void setSubject(Subject subject);
+    
+    /**
+     * Get the session key from the token
+     * @return the session key from the token
+     */
+    public byte[] getSessionKey();
+    
+    /**
+     * Clear all internal information
+     */
+    public void clear();
+    
+}

Modified: 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java?rev=1173063&r1=1173062&r2=1173063&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
 (original)
+++ 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
 Tue Sep 20 10:20:06 2011
@@ -32,7 +32,6 @@ import org.apache.ws.security.handler.Re
 import org.apache.ws.security.message.token.BinarySecurity;
 import org.apache.ws.security.message.token.KerberosSecurity;
 import org.apache.ws.security.message.token.KerberosServiceAction;
-//import org.apache.ws.security.message.token.KerberosTicketDecoder;
 
 /**
  */
@@ -44,6 +43,7 @@ public class KerberosTokenValidator impl
     private String serviceName;
     private CallbackHandler callbackHandler;
     private String contextName;
+    private KerberosTokenDecoder kerberosTokenDecoder;
     
     /**
      * Get the JAAS Login context name to use.
@@ -114,6 +114,24 @@ public class KerberosTokenValidator impl
     }
     
     /**
+     * Get the KerberosTokenDecoder instance used to extract a session key 
from the received Kerberos
+     * token.
+     * @return the KerberosTokenDecoder instance used to extract a session key
+     */
+    public KerberosTokenDecoder getKerberosTokenDecoder() {
+        return kerberosTokenDecoder;
+    }
+
+    /**
+     * Set the KerberosTokenDecoder instance used to extract a session key 
from the received Kerberos
+     * token.
+     * @param kerberosTokenDecoder the KerberosTokenDecoder instance used to 
extract a session key
+     */
+    public void setKerberosTokenDecoder(KerberosTokenDecoder 
kerberosTokenDecoder) {
+        this.kerberosTokenDecoder = kerberosTokenDecoder;
+    }
+    
+    /**
      * Validate the credential argument. It must contain a non-null 
BinarySecurityToken. 
      * 
      * @param credential the Credential to be validated
@@ -191,11 +209,15 @@ public class KerberosTokenValidator impl
         }
         credential.setPrincipal(principal);
         
-        // Get the session key and store it in the returned Credential
-        //KerberosTicketDecoder decode = new KerberosTicketDecoder(token, 
subject);
-        //sun.security.krb5.EncryptionKey sessionKey = decode.getSessionKey();
-        //byte[] sessionKeyBytes = sessionKey.getBytes();
-        //credential.setSecretKey(sessionKeyBytes);
+        // Try to extract the session key from the token if a 
KerberosTokenDecoder implementation is
+        // available
+        if (kerberosTokenDecoder != null) {
+            kerberosTokenDecoder.clear();
+            kerberosTokenDecoder.setToken(token);
+            kerberosTokenDecoder.setSubject(subject);
+            byte[] sessionKey = kerberosTokenDecoder.getSessionKey();
+            credential.setSecretKey(sessionKey);
+        }
         
         if (log.isDebugEnabled()) {
             log.debug("Successfully validated a ticket");

Modified: 
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java?rev=1173063&r1=1173062&r2=1173063&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java
 (original)
+++ 
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java
 Tue Sep 20 10:20:06 2011
@@ -30,6 +30,7 @@ import org.apache.ws.security.message.WS
 import org.apache.ws.security.message.WSSecSignature;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
+// import org.apache.ws.security.validate.KerberosTokenDecoderImpl;
 import org.apache.ws.security.validate.KerberosTokenValidator;
 import org.w3c.dom.Document;
 
@@ -170,6 +171,7 @@ public class KerberosTest extends org.ju
         KerberosTokenValidator validator = new KerberosTokenValidator();
         validator.setContextName("bob");
         validator.setServiceName("[email protected]");
+        // validator.setKerberosTokenDecoder(new KerberosTokenDecoderImpl());
         wssConfig.setValidator(WSSecurityEngine.BINARY_TOKEN, validator);
         WSSecurityEngine secEngine = new WSSecurityEngine();
         secEngine.setWssConfig(wssConfig);
@@ -231,6 +233,7 @@ public class KerberosTest extends org.ju
         KerberosTokenValidator validator = new KerberosTokenValidator();
         validator.setContextName("bob");
         validator.setServiceName("[email protected]");
+        // validator.setKerberosTokenDecoder(new KerberosTokenDecoderImpl());
         wssConfig.setValidator(WSSecurityEngine.BINARY_TOKEN, validator);
         WSSecurityEngine secEngine = new WSSecurityEngine();
         secEngine.setWssConfig(wssConfig);
@@ -287,6 +290,7 @@ public class KerberosTest extends org.ju
         KerberosTokenValidator validator = new KerberosTokenValidator();
         validator.setContextName("bob");
         validator.setServiceName("[email protected]");
+        // validator.setKerberosTokenDecoder(new KerberosTokenDecoderImpl());
         wssConfig.setValidator(WSSecurityEngine.BINARY_TOKEN, validator);
         WSSecurityEngine secEngine = new WSSecurityEngine();
         secEngine.setWssConfig(wssConfig);
@@ -343,6 +347,7 @@ public class KerberosTest extends org.ju
         KerberosTokenValidator validator = new KerberosTokenValidator();
         validator.setContextName("bob");
         validator.setServiceName("[email protected]");
+        // validator.setKerberosTokenDecoder(new KerberosTokenDecoderImpl());
         wssConfig.setValidator(WSSecurityEngine.BINARY_TOKEN, validator);
         WSSecurityEngine secEngine = new WSSecurityEngine();
         secEngine.setWssConfig(wssConfig);
@@ -401,6 +406,7 @@ public class KerberosTest extends org.ju
         KerberosTokenValidator validator = new KerberosTokenValidator();
         validator.setContextName("bob");
         validator.setServiceName("[email protected]");
+        // validator.setKerberosTokenDecoder(new KerberosTokenDecoderImpl());
         wssConfig.setValidator(WSSecurityEngine.BINARY_TOKEN, validator);
         WSSecurityEngine secEngine = new WSSecurityEngine();
         secEngine.setWssConfig(wssConfig);

svn commit: r1173063 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/validate/ test/java/org/apache/ws/security/message/token/

Reply via email to