Return-Path: Delivered-To: apmail-ws-axis-dev-archive@www.apache.org Received: (qmail 18101 invoked from network); 16 Apr 2006 17:02:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 16 Apr 2006 17:02:38 -0000 Received: (qmail 30871 invoked by uid 500); 16 Apr 2006 17:02:37 -0000 Delivered-To: apmail-ws-axis-dev-archive@ws.apache.org Received: (qmail 30825 invoked by uid 500); 16 Apr 2006 17:02:36 -0000 Mailing-List: contact axis-cvs-help@ws.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-cvs@ws.apache.org Received: (qmail 30814 invoked by uid 500); 16 Apr 2006 17:02:36 -0000 Delivered-To: apmail-ws-axis2-cvs@ws.apache.org Received: (qmail 30810 invoked by uid 99); 16 Apr 2006 17:02:36 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Apr 2006 10:02:36 -0700 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Sun, 16 Apr 2006 10:02:35 -0700 Received: (qmail 17997 invoked by uid 65534); 16 Apr 2006 17:02:15 -0000 Message-ID: <20060416170215.17996.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r394512 - in /webservices/axis2/trunk/java: modules/integration/test-resources/security/rahas/ modules/security/src/org/apache/axis2/security/rahas/ modules/security/src/org/apache/axis2/security/trust/ modules/security/src/org/apache/axis2... Date: Sun, 16 Apr 2006 17:02:13 -0000 To: axis2-cvs@ws.apache.org From: ruchithf@apache.org X-Mailer: svnmailer-1.0.7 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: ruchithf Date: Sun Apr 16 10:02:11 2006 New Revision: 394512 URL: http://svn.apache.org/viewcvs?rev=394512&view=rev Log: - Updating the out-action.xsd - Moved some common code to TrustUtil Added: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml?rev=394512&r1=394511&r2=394512&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml (original) +++ webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/s1-services.xml Sun Apr 16 10:02:11 2006 @@ -23,7 +23,7 @@ org.apache.axis2.security.rahas.PWCallback sctIssuer.properties - + Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java?rev=394512&r1=394511&r2=394512&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java Sun Apr 16 10:02:11 2006 @@ -135,6 +135,8 @@ private byte[] issuerEntropy; + private String encryptionUser; + public static RahasConfiguration load(MessageContext msgCtx, boolean sender) throws Exception { Parameter param = msgCtx.getParameter(RAHAS_CONFIG); @@ -604,6 +606,20 @@ */ protected void setRequesterEntropy(byte[] requesterEntropy) { this.requesterEntropy = requesterEntropy; + } + + /** + * @return Returns the encryptionUser. + */ + protected String getEncryptionUser() { + return encryptionUser; + } + + /** + * @param encryptionUser The encryptionUser to set. + */ + protected void setEncryptionUser(String encryptionUser) { + this.encryptionUser = encryptionUser; } } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java?rev=394512&r1=394511&r2=394512&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java Sun Apr 16 10:02:11 2006 @@ -19,6 +19,8 @@ import org.apache.axiom.om.OMElement; import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl; import org.apache.axiom.soap.SOAPEnvelope; +import org.apache.axiom.soap.SOAPFactory; +import org.apache.axiom.soap.SOAPHeader; import org.apache.axis2.AxisFault; import org.apache.axis2.context.MessageContext; import org.apache.axis2.description.HandlerDescription; @@ -27,9 +29,13 @@ import org.apache.axis2.security.WSDoAllSender; import org.apache.axis2.security.trust.Constants; import org.apache.axis2.security.trust.Token; +import org.apache.axis2.security.trust.TrustException; +import org.apache.axis2.security.trust.TrustUtil; import org.apache.ws.security.WSConstants; +import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.message.WSSecDKEncrypt; +import org.apache.ws.security.message.WSSecEncryptedKey; import org.apache.ws.security.message.WSSecHeader; import org.apache.ws.security.message.token.SecurityContextToken; import org.apache.ws.security.util.WSSecurityUtil; @@ -38,6 +44,8 @@ import javax.xml.namespace.QName; +import java.security.cert.X509Certificate; + /** * Rahas outflow handler */ @@ -58,36 +66,28 @@ return; } - //Parse the configuration + //Parse the rahas configuration RahasConfiguration config = RahasConfiguration.load(msgContext, true); - - if(config.getMsgCtx().isServerSide()) { - this.constructMessage(config); - msgContext.setEnvelope((SOAPEnvelope) config.getDocument() - .getDocumentElement()); - } else { - - if(config.getContextIdentifier() == null && config.getStsEPRAddress() != null && !config.getMsgCtx().isServerSide()) { + msgContext.setEnvelope((SOAPEnvelope) config.getDocument() + .getDocumentElement()); + + if(!config.getMsgCtx().isServerSide()) { + if(config.getContextIdentifier() == null && !config.getMsgCtx().isServerSide()) { String sts = config.getStsEPRAddress(); if(sts != null) { //Use a security token service STSRequester.issueRequest(config); - this.constructMessage(config); - msgContext.setEnvelope((SOAPEnvelope) config.getDocument() - .getDocumentElement()); } else { - //Create a token + //Create an an SCT, include it in an RSTR + // and add the RSTR to the header + this.createRSTR(config); } - } else { - this.constructMessage(config); - msgContext.setEnvelope((SOAPEnvelope) config.getDocument() - .getDocumentElement()); } } - - + this.constructMessage(config); + } catch (Exception e) { e.printStackTrace(); if(e instanceof RahasException) { @@ -99,6 +99,72 @@ } finally { DocumentBuilderFactoryImpl.setDOOMRequired(false); } + + } + + /** + * Create the self created wsc:SecurityContextToken and + * add it to a wst:RequestSecurityTokenResponse. + * + * This is called in the case where the security context establishment + * is done by one of the parties with out the use of an STS + * and the creted SCT is sent across to the other party in an unsolicited + * wst:RequestSecurityTokenResponse + * + * @param config + * @throws Exception + */ + private void createRSTR(RahasConfiguration config) throws Exception { + + WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(); + Crypto crypto = Util.getCryptoInstace(config); + X509Certificate cert = crypto.getCertificates(config.getEncryptionUser())[0]; + + encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); + try { + encrKeyBuilder.setUseThisCert(cert); + encrKeyBuilder.prepare(config.getDocument(), crypto); + } catch (WSSecurityException e) { + throw new TrustException( + "errorInBuildingTheEncryptedKeyForPrincipal", + new String[] { cert.getSubjectDN().getName()}); + } + + SecurityContextToken sct = new SecurityContextToken(config.getDocument()); + config.resgisterContext(sct.getIdentifier()); + Token token = new Token(sct.getIdentifier(), (OMElement)sct.getElement()); + + config.getTokenStore().add(token); + + SOAPEnvelope env = config.getMsgCtx().getEnvelope(); + + SOAPHeader header = env.getHeader(); + if(header == null) { + header = ((SOAPFactory)env.getOMFactory()).createSOAPHeader(env); + } + + OMElement rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(header); + + OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(rstrElem); + + rstElem.addChild((OMElement)sct.getElement()); + + TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(), + Constants.TOK_TYPE_SCT); + + TrustUtil.createRequestedUnattachedRef(rstrElem, sct.getIdentifier(), + Constants.TOK_TYPE_SCT); + + Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement(); + Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement(); + + OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(rstrElem); + + if(bstElem != null) { + reqProofTok.addChild((OMElement)bstElem); + } + + reqProofTok.addChild((OMElement)encryptedKeyElem); } Added: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java?rev=394512&view=auto ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java (added) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustUtil.java Sun Apr 16 10:02:11 2006 @@ -0,0 +1,98 @@ +/* + * Copyright 2004,2005 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.axis2.security.trust; + +import org.apache.axiom.om.OMElement; +import org.apache.ws.security.message.token.Reference; +import org.apache.ws.security.message.token.SecurityTokenReference; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import javax.xml.namespace.QName; + +public class TrustUtil { + + /** + * Create a wsse:Reference element with the given uri and the value type + * @param doc + * @param refUri + * @param refValueType + * @return + */ + public static Element createSecurityTokenReference(Document doc, + String refUri, String refValueType) { + + Reference ref = new Reference(doc); + ref.setURI(refUri); + if(refValueType != null) { + ref.setValueType(refValueType); + } + SecurityTokenReference str = new SecurityTokenReference(doc); + str.setReference(ref); + + return str.getElement(); + } + + public static OMElement createRequestSecurityTokenResponseElement( + OMElement parent) { + return createOMElement(parent,Constants.WST_NS, + Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN, + Constants.WST_PREFIX); + } + + public static OMElement createRequestedSecurityTokenElement(OMElement parent) { + return createOMElement(parent,Constants.WST_NS, + Constants.REQUESTED_SECURITY_TOKEN_LN, + Constants.WST_PREFIX); + } + + public static OMElement createRequestedProofTokenElement(OMElement parent) { + return createOMElement(parent, Constants.WST_NS, + Constants.REQUESTED_PROOF_TOKEN_LN, Constants.WST_PREFIX); + } + + public static OMElement createBinarySecretElement(OMElement parent) { + return createOMElement(parent, Constants.WST_NS, + Constants.BINARY_SECRET, Constants.WST_PREFIX); + } + + public static OMElement createRequestedUnattachedRef(OMElement parent, + String refUri, String refValueType) { + OMElement elem = createOMElement(parent, Constants.WST_NS, + Constants.REQUESTED_UNATTACHED_REFERENCE, + Constants.WST_PREFIX); + elem.addChild((OMElement) createSecurityTokenReference( + ((Element) parent).getOwnerDocument(), refUri, refValueType)); + return elem; + } + + public static OMElement createRequestedAttachedRef(OMElement parent, + String refUri, String refValueType) { + OMElement elem = createOMElement(parent, Constants.WST_NS, + Constants.REQUESTED_ATTACHED_REFERENCE, + Constants.WST_PREFIX); + elem.addChild((OMElement) createSecurityTokenReference( + ((Element) parent).getOwnerDocument(), refUri, refValueType)); + return elem; + } + + private static OMElement createOMElement(OMElement parent, String ns, + String ln, String prefix) { + return parent.getOMFactory().createOMElement(new QName(ns, ln, prefix), + parent); + } +} Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java?rev=394512&r1=394511&r2=394512&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java Sun Apr 16 10:02:11 2006 @@ -28,6 +28,7 @@ import org.apache.axis2.security.trust.TokenIssuer; import org.apache.axis2.security.trust.TokenStorage; import org.apache.axis2.security.trust.TrustException; +import org.apache.axis2.security.trust.TrustUtil; import org.apache.axis2.util.Base64; import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSSecurityEngineResult; @@ -37,14 +38,10 @@ import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.ws.security.handler.WSHandlerResult; import org.apache.ws.security.message.WSSecEncryptedKey; -import org.apache.ws.security.message.token.Reference; import org.apache.ws.security.message.token.SecurityContextToken; -import org.apache.ws.security.message.token.SecurityTokenReference; import org.w3c.dom.Document; import org.w3c.dom.Element; -import javax.xml.namespace.QName; - import java.security.Principal; import java.security.SecureRandom; import java.security.cert.X509Certificate; @@ -167,47 +164,26 @@ Document doc = ((Element)env).getOwnerDocument(); SecurityContextToken sct = new SecurityContextToken(doc); - String sctId = "sctId-" + sct.getElement().hashCode(); - sct.setID(sctId); - OMElement rstrElem = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, - Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN, - Constants.WST_PREFIX), env.getBody()); - - OMElement rstElem = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, - Constants.REQUESTED_SECURITY_TOKEN_LN, - Constants.WST_PREFIX), rstrElem); + OMElement rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(env.getBody()); + + OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(rstrElem); rstElem.addChild((OMElement)sct.getElement()); if (config.addRequestedAttachedRef) { - OMElement reqAttRef = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, - Constants.REQUESTED_ATTACHED_REFERENCE, - Constants.WST_PREFIX), rstrElem); - reqAttRef.addChild((OMElement) this.createSecurityTokenReference( - doc, "#" + sctId, Constants.TOK_TYPE_SCT)); + TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(), + Constants.TOK_TYPE_SCT); } if (config.addRequestedUnattachedRef) { - OMElement reqUnattRef = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, - Constants.REQUESTED_UNATTACHED_REFERENCE, - Constants.WST_PREFIX), rstrElem); - - reqUnattRef.addChild((OMElement) this.createSecurityTokenReference( - doc, sct.getIdentifier(), Constants.TOK_TYPE_SCT)); + TrustUtil.createRequestedUnattachedRef( + rstrElem, sct.getIdentifier(), Constants.TOK_TYPE_SCT); } - OMElement reqProofTok = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, Constants.REQUESTED_PROOF_TOKEN_LN, - Constants.WST_PREFIX), rstrElem); - - OMElement binSecElem = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, Constants.BINARY_SECRET, - Constants.WST_PREFIX), reqProofTok); + OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(rstrElem); + + OMElement binSecElem = TrustUtil.createBinarySecretElement(reqProofTok); byte[] secret = this.generateEphemeralKey(); binSecElem.setText(Base64.encode(secret)); @@ -242,46 +218,30 @@ } SecurityContextToken sct = new SecurityContextToken(doc); - String sctId = "sctId-" + sct.getElement().hashCode(); - sct.setID(sctId); - OMElement rstrElem = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, - Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN, - Constants.WST_PREFIX), env.getBody()); - - OMElement rstElem = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, - Constants.REQUESTED_SECURITY_TOKEN_LN, - Constants.WST_PREFIX), rstrElem); + OMElement rstrElem = TrustUtil + .createRequestSecurityTokenResponseElement(env.getBody()); + + OMElement rstElem = TrustUtil + .createRequestedSecurityTokenElement(rstrElem); rstElem.addChild((OMElement)sct.getElement()); if (config.addRequestedAttachedRef) { - OMElement reqAttRef = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, - Constants.REQUESTED_ATTACHED_REFERENCE, - Constants.WST_PREFIX), rstrElem); - reqAttRef.addChild((OMElement) this.createSecurityTokenReference( - doc, "#" + sctId, Constants.TOK_TYPE_SCT)); + TrustUtil.createRequestedAttachedRef(rstrElem, "#" + sct.getID(), + Constants.TOK_TYPE_SCT); } if (config.addRequestedUnattachedRef) { - OMElement reqUnattRef = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, - Constants.REQUESTED_UNATTACHED_REFERENCE, - Constants.WST_PREFIX), rstrElem); - - reqUnattRef.addChild((OMElement) this.createSecurityTokenReference( - doc, sct.getIdentifier(), Constants.TOK_TYPE_SCT)); + TrustUtil.createRequestedUnattachedRef( + rstrElem, sct.getIdentifier(), Constants.TOK_TYPE_SCT); } Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement(); Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement(); - OMElement reqProofTok = env.getOMFactory().createOMElement( - new QName(Constants.WST_NS, Constants.REQUESTED_PROOF_TOKEN_LN, - Constants.WST_PREFIX), rstrElem); + OMElement reqProofTok = TrustUtil + .createRequestedProofTokenElement(rstrElem); if(bstElem != null) { reqProofTok.addChild((OMElement)bstElem); @@ -290,7 +250,8 @@ reqProofTok.addChild((OMElement)encryptedKeyElem); //Store the tokens - Token sctToken = new Token(sct.getIdentifier(), (OMElement)sct.getElement()); + Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct + .getElement()); sctToken.setSecret(encrKeyBuilder.getEphemeralKey()); this.getTokenStore(msgCtx).add(sctToken); @@ -369,15 +330,6 @@ this.configParamName = configParamName; } - private Element createSecurityTokenReference(Document doc, String refUri, String refValueType) { - - Reference ref = new Reference(doc); - ref.setURI(refUri); - ref.setValueType(refValueType); - SecurityTokenReference str = new SecurityTokenReference(doc); - str.setReference(ref); - - return str.getElement(); - } + } Modified: webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd?rev=394512&r1=394511&r2=394512&view=diff ============================================================================== --- webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd (original) +++ webservices/axis2/trunk/java/xdocs/latest/sec-conf/out-action.xsd Sun Apr 16 10:02:11 2006 @@ -11,6 +11,7 @@ + @@ -21,6 +22,7 @@ +