axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r394512 - in /webservices/axis2/trunk/java: modules/integration/test-resources/security/rahas/ modules/security/src/org/apache/axis2/security/rahas/ modules/security/src/org/apache/axis2/security/trust/ modules/security/src/org/apache/axis2...
Date Sun, 16 Apr 2006 17:02:13 GMT
Author: ruchithf
Date: Sun Apr 16 10:02:11 2006
New Revision: 394512

URL: http://svn.apache.org/viewcvs?rev=394512&view=rev
Log:
- Updating the out-action.xsd
- Moved some common code to TrustUtil


Added:
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java
Modified:
    webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
    webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml
Sun Apr 16 10:02:11 2006
@@ -23,7 +23,7 @@
 			<passwordCallbackClass xmlns="">org.apache.axis2.security.rahas.PWCallback</passwordCallbackClass>
 			<cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
 		</rahas-configuration>
-	</parameter>
+    </parameter>
 
     <parameter name="InflowSecurity">
       <action>

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
Sun Apr 16 10:02:11 2006
@@ -135,6 +135,8 @@
     
     private byte[] issuerEntropy;
     
+    private String encryptionUser;
+    
     public static RahasConfiguration load(MessageContext msgCtx, boolean sender)
             throws Exception {
         Parameter param = msgCtx.getParameter(RAHAS_CONFIG);
@@ -604,6 +606,20 @@
      */
     protected void setRequesterEntropy(byte[] requesterEntropy) {
         this.requesterEntropy = requesterEntropy;
+    }
+
+    /**
+     * @return Returns the encryptionUser.
+     */
+    protected String getEncryptionUser() {
+        return encryptionUser;
+    }
+
+    /**
+     * @param encryptionUser The encryptionUser to set.
+     */
+    protected void setEncryptionUser(String encryptionUser) {
+        this.encryptionUser = encryptionUser;
     }
     
 }

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
Sun Apr 16 10:02:11 2006
@@ -19,6 +19,8 @@
 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
 import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.SOAPHeader;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.description.HandlerDescription;
@@ -27,9 +29,13 @@
 import org.apache.axis2.security.WSDoAllSender;
 import org.apache.axis2.security.trust.Constants;
 import org.apache.axis2.security.trust.Token;
+import org.apache.axis2.security.trust.TrustException;
+import org.apache.axis2.security.trust.TrustUtil;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.message.token.SecurityContextToken;
 import org.apache.ws.security.util.WSSecurityUtil;
@@ -38,6 +44,8 @@
 
 import javax.xml.namespace.QName;
 
+import java.security.cert.X509Certificate;
+
 /**
  * Rahas outflow handler
  */
@@ -58,36 +66,28 @@
                 return;
             }
             
-            //Parse the configuration
+            //Parse the rahas configuration
             RahasConfiguration config = RahasConfiguration.load(msgContext, true);
-
-            if(config.getMsgCtx().isServerSide()) {
-                this.constructMessage(config);
-                msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
-                        .getDocumentElement());
-            } else {
-                
-                if(config.getContextIdentifier() == null && config.getStsEPRAddress()
!= null && !config.getMsgCtx().isServerSide()) {
+            msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
+                    .getDocumentElement());
+            
+            if(!config.getMsgCtx().isServerSide()) {
+                if(config.getContextIdentifier() == null && !config.getMsgCtx().isServerSide())
{
     
                     String sts = config.getStsEPRAddress();
                     if(sts != null) {
                       //Use a security token service
                       STSRequester.issueRequest(config);
-                      this.constructMessage(config);
-                      msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
-                                .getDocumentElement());
                     } else {
-                        //Create a token
+                        //Create an an SCT, include it in an RSTR 
+                        // and add the RSTR to the header
+                        this.createRSTR(config);
                     }
                     
-                } else {
-                    this.constructMessage(config);
-                    msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
-                              .getDocumentElement());
                 }
             }
-            
-            
+            this.constructMessage(config);
+
         } catch (Exception e) {
             e.printStackTrace();
             if(e instanceof RahasException) {
@@ -99,6 +99,72 @@
         } finally {
             DocumentBuilderFactoryImpl.setDOOMRequired(false);
         }
+        
+    }
+    
+    /**
+     * Create the self created <code>wsc:SecurityContextToken</code> and 
+     * add it to a <code>wst:RequestSecurityTokenResponse</code>.
+     * 
+     * This is called in the case where the security context establishment 
+     * is done by one of the parties with out the use of an STS
+     * and the creted SCT is sent across to the other party in an unsolicited 
+     * <code>wst:RequestSecurityTokenResponse</code>
+     * 
+     * @param config
+     * @throws Exception
+     */
+    private void createRSTR(RahasConfiguration config) throws Exception {
+        
+        WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+        Crypto crypto = Util.getCryptoInstace(config);
+        X509Certificate cert = crypto.getCertificates(config.getEncryptionUser())[0];
+        
+        encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+        try {
+            encrKeyBuilder.setUseThisCert(cert);
+            encrKeyBuilder.prepare(config.getDocument(), crypto);
+        } catch (WSSecurityException e) {
+            throw new TrustException(
+                    "errorInBuildingTheEncryptedKeyForPrincipal",
+                    new String[] { cert.getSubjectDN().getName()});
+        }
+        
+        SecurityContextToken sct = new SecurityContextToken(config.getDocument());
+        config.resgisterContext(sct.getIdentifier());
+        Token token = new Token(sct.getIdentifier(), (OMElement)sct.getElement());
+        
+        config.getTokenStore().add(token);
+        
+        SOAPEnvelope env = config.getMsgCtx().getEnvelope();
+
+        SOAPHeader header = env.getHeader();
+        if(header == null) {
+            header = ((SOAPFactory)env.getOMFactory()).createSOAPHeader(env);
+        }
+        
+        OMElement rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(header);
+
+        OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(rstrElem);
+        
+        rstElem.addChild((OMElement)sct.getElement());
+        
+        TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(),
+                Constants.TOK_TYPE_SCT);
+
+        TrustUtil.createRequestedUnattachedRef(rstrElem, sct.getIdentifier(),
+                Constants.TOK_TYPE_SCT);
+        
+        Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+        Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+        
+        OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(rstrElem);
+
+        if(bstElem != null) {
+            reqProofTok.addChild((OMElement)bstElem);
+        }
+        
+        reqProofTok.addChild((OMElement)encryptedKeyElem);
         
     }
     

Added: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java?rev=394512&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java
(added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java
Sun Apr 16 10:02:11 2006
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.trust;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+
+public class TrustUtil {
+    
+    /**
+     * Create a wsse:Reference element with the given uri and the value type
+     * @param doc
+     * @param refUri
+     * @param refValueType
+     * @return
+     */
+    public static Element createSecurityTokenReference(Document doc,
+            String refUri, String refValueType) {
+        
+        Reference ref = new Reference(doc);
+        ref.setURI(refUri);
+        if(refValueType != null) {
+            ref.setValueType(refValueType);
+        }
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.setReference(ref);
+        
+        return str.getElement();
+    }
+    
+    public static OMElement createRequestSecurityTokenResponseElement(
+            OMElement parent) {
+        return createOMElement(parent,Constants.WST_NS,
+                Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN,
+                Constants.WST_PREFIX);
+    }
+
+    public static OMElement createRequestedSecurityTokenElement(OMElement parent) {
+        return createOMElement(parent,Constants.WST_NS,
+                Constants.REQUESTED_SECURITY_TOKEN_LN,
+                Constants.WST_PREFIX);
+    }
+
+    public static OMElement createRequestedProofTokenElement(OMElement parent) {
+        return createOMElement(parent, Constants.WST_NS,
+                Constants.REQUESTED_PROOF_TOKEN_LN, Constants.WST_PREFIX);
+    }
+    
+    public static OMElement createBinarySecretElement(OMElement parent) {
+        return createOMElement(parent, Constants.WST_NS,
+                Constants.BINARY_SECRET, Constants.WST_PREFIX);
+    }
+    
+    public static OMElement createRequestedUnattachedRef(OMElement parent,
+            String refUri, String refValueType) {
+        OMElement elem = createOMElement(parent, Constants.WST_NS,
+                            Constants.REQUESTED_UNATTACHED_REFERENCE,
+                            Constants.WST_PREFIX);
+        elem.addChild((OMElement) createSecurityTokenReference(
+                ((Element) parent).getOwnerDocument(), refUri, refValueType));
+        return elem;
+    }
+    
+    public static OMElement createRequestedAttachedRef(OMElement parent,
+            String refUri, String refValueType) {
+        OMElement elem = createOMElement(parent, Constants.WST_NS,
+                            Constants.REQUESTED_ATTACHED_REFERENCE,
+                            Constants.WST_PREFIX);
+        elem.addChild((OMElement) createSecurityTokenReference(
+                ((Element) parent).getOwnerDocument(), refUri, refValueType));
+        return elem;
+    }
+    
+    private static OMElement createOMElement(OMElement parent, String ns,
+            String ln, String prefix) {
+        return parent.getOMFactory().createOMElement(new QName(ns, ln, prefix),
+                parent);
+    }
+}

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
Sun Apr 16 10:02:11 2006
@@ -28,6 +28,7 @@
 import org.apache.axis2.security.trust.TokenIssuer;
 import org.apache.axis2.security.trust.TokenStorage;
 import org.apache.axis2.security.trust.TrustException;
+import org.apache.axis2.security.trust.TrustUtil;
 import org.apache.axis2.util.Base64;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
@@ -37,14 +38,10 @@
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityContextToken;
-import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import javax.xml.namespace.QName;
-
 import java.security.Principal;
 import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
@@ -167,47 +164,26 @@
         Document doc = ((Element)env).getOwnerDocument();
         
         SecurityContextToken sct = new SecurityContextToken(doc);
-        String sctId = "sctId-" + sct.getElement().hashCode();
-        sct.setID(sctId);
         
-        OMElement rstrElem = env.getOMFactory().createOMElement(
-                new QName(Constants.WST_NS,
-                        Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN,
-                        Constants.WST_PREFIX), env.getBody());
-
-        OMElement rstElem = env.getOMFactory().createOMElement(
-                new QName(Constants.WST_NS,
-                        Constants.REQUESTED_SECURITY_TOKEN_LN,
-                        Constants.WST_PREFIX), rstrElem);
+        OMElement rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(env.getBody());
+
+        OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(rstrElem);
         
         rstElem.addChild((OMElement)sct.getElement());
         
         if (config.addRequestedAttachedRef) {
-            OMElement reqAttRef = env.getOMFactory().createOMElement(
-                    new QName(Constants.WST_NS,
-                            Constants.REQUESTED_ATTACHED_REFERENCE,
-                            Constants.WST_PREFIX), rstrElem);
-            reqAttRef.addChild((OMElement) this.createSecurityTokenReference(
-                    doc, "#" + sctId, Constants.TOK_TYPE_SCT));
+            TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(),
+                    Constants.TOK_TYPE_SCT);
         }
 
         if (config.addRequestedUnattachedRef) {
-            OMElement reqUnattRef = env.getOMFactory().createOMElement(
-                    new QName(Constants.WST_NS,
-                            Constants.REQUESTED_UNATTACHED_REFERENCE,
-                            Constants.WST_PREFIX), rstrElem);
-
-            reqUnattRef.addChild((OMElement) this.createSecurityTokenReference(
-                    doc, sct.getIdentifier(), Constants.TOK_TYPE_SCT));
+            TrustUtil.createRequestedUnattachedRef(
+                    rstrElem, sct.getIdentifier(), Constants.TOK_TYPE_SCT);
         }
         
-        OMElement reqProofTok = env.getOMFactory().createOMElement(
-                new QName(Constants.WST_NS, Constants.REQUESTED_PROOF_TOKEN_LN,
-                        Constants.WST_PREFIX), rstrElem);
-        
-        OMElement binSecElem = env.getOMFactory().createOMElement(
-                new QName(Constants.WST_NS, Constants.BINARY_SECRET,
-                        Constants.WST_PREFIX), reqProofTok);
+        OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(rstrElem);
+        
+        OMElement binSecElem = TrustUtil.createBinarySecretElement(reqProofTok);
 
         byte[] secret = this.generateEphemeralKey();
         binSecElem.setText(Base64.encode(secret));
@@ -242,46 +218,30 @@
         }
         
         SecurityContextToken sct = new SecurityContextToken(doc);
-        String sctId = "sctId-" + sct.getElement().hashCode();
-        sct.setID(sctId);
         
-        OMElement rstrElem = env.getOMFactory().createOMElement(
-                new QName(Constants.WST_NS,
-                        Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN,
-                        Constants.WST_PREFIX), env.getBody());
-
-        OMElement rstElem = env.getOMFactory().createOMElement(
-                new QName(Constants.WST_NS,
-                        Constants.REQUESTED_SECURITY_TOKEN_LN,
-                        Constants.WST_PREFIX), rstrElem);
+        OMElement rstrElem = TrustUtil
+                .createRequestSecurityTokenResponseElement(env.getBody());
+
+        OMElement rstElem = TrustUtil
+                .createRequestedSecurityTokenElement(rstrElem);
         
         rstElem.addChild((OMElement)sct.getElement());
         
         if (config.addRequestedAttachedRef) {
-            OMElement reqAttRef = env.getOMFactory().createOMElement(
-                    new QName(Constants.WST_NS,
-                            Constants.REQUESTED_ATTACHED_REFERENCE,
-                            Constants.WST_PREFIX), rstrElem);
-            reqAttRef.addChild((OMElement) this.createSecurityTokenReference(
-                    doc, "#" + sctId, Constants.TOK_TYPE_SCT));
+            TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(),
+                    Constants.TOK_TYPE_SCT);
         }
 
         if (config.addRequestedUnattachedRef) {
-            OMElement reqUnattRef = env.getOMFactory().createOMElement(
-                    new QName(Constants.WST_NS,
-                            Constants.REQUESTED_UNATTACHED_REFERENCE,
-                            Constants.WST_PREFIX), rstrElem);
-
-            reqUnattRef.addChild((OMElement) this.createSecurityTokenReference(
-                    doc, sct.getIdentifier(), Constants.TOK_TYPE_SCT));
+            TrustUtil.createRequestedUnattachedRef(
+                    rstrElem, sct.getIdentifier(), Constants.TOK_TYPE_SCT);
         }
         
         Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
         Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
         
-        OMElement reqProofTok = env.getOMFactory().createOMElement(
-                new QName(Constants.WST_NS, Constants.REQUESTED_PROOF_TOKEN_LN,
-                        Constants.WST_PREFIX), rstrElem);
+        OMElement reqProofTok = TrustUtil
+                .createRequestedProofTokenElement(rstrElem);
 
         if(bstElem != null) {
             reqProofTok.addChild((OMElement)bstElem);
@@ -290,7 +250,8 @@
         reqProofTok.addChild((OMElement)encryptedKeyElem);
     
         //Store the tokens
-        Token sctToken = new Token(sct.getIdentifier(), (OMElement)sct.getElement());
+        Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
+                .getElement());
         sctToken.setSecret(encrKeyBuilder.getEphemeralKey());
         this.getTokenStore(msgCtx).add(sctToken);
         
@@ -369,15 +330,6 @@
         this.configParamName = configParamName;
     }
     
-    private Element createSecurityTokenReference(Document doc, String refUri, String refValueType)
{
-        
-        Reference ref = new Reference(doc);
-        ref.setURI(refUri);
-        ref.setValueType(refValueType);
-        SecurityTokenReference str = new SecurityTokenReference(doc);
-        str.setReference(ref);
-        
-        return str.getElement();
-    }
+
     
 }

Modified: webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd?rev=394512&r1=394511&r2=394512&view=diff
==============================================================================
--- webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd (original)
+++ webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd Sun Apr 16 10:02:11
2006
@@ -11,6 +11,7 @@
 				<xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
 				<xs:element name="signaturePropFile" type="xs:string" minOccurs="0"/>
 				<xs:element name="encryptionPropFile" type="xs:string" minOccurs="0"/>
+				<xs:element name="encryptionPropFile" type="xs:string" minOccurs="0"/>
 				<xs:element name="signatureKeyIdentifier" type="xs:string" minOccurs="0"/>
 				<xs:element name="encryptionKeyIdentifier" type="xs:string" minOccurs="0"/>
 				<xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
@@ -21,6 +22,7 @@
 				<xs:element name="EmbeddedKeyCallbackClass" type="xs:string" minOccurs="0"/>
 				<xs:element name="encryptionKeyTransportAlgorithm" type="xs:string" minOccurs="0"/>
 				<xs:element name="EmbeddedKeyName" type="xs:string" minOccurs="0"/>
+				<xs:element name="timeToLive" type="xs:string" minOccurs="0"/>
 			</xs:sequence>
 		</xs:complexType>
 	</xs:element>



Mime
View raw message