axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r425809 - in /webservices/axis2/trunk/java/modules: integration/ integration/test-resources/rahas/ integration/test/org/apache/rahas/ rahas/src/org/apache/rahas/ rahas/src/org/apache/rahas/impl/ samples/src/sample/security/
Date Wed, 26 Jul 2006 19:20:38 GMT
Author: ruchithf
Date: Wed Jul 26 12:20:37 2006
New Revision: 425809

URL: http://svn.apache.org/viewvc?rev=425809&view=rev
Log:
- Updated the SAMLTokenIssuer to issue bearer tokens
- Updated the sts cert  to the standard STS cert used for interop scenarios
- Added a test to test the STS issuing a SAML bearer token authenticating the requester using
a UsernameToken


Added:
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/issuer.properties
      - copied, changed from r425731, webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sctIssuer.properties
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sec.properties
      - copied, changed from r425785, webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sec.properties
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sts.jks
      - copied, changed from r425731, webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sts.jks
Removed:
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sctIssuer.properties
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sec.properties
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sts.jks
Modified:
    webservices/axis2/trunk/java/modules/integration/maven.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sec.jks
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/PWCallback.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
    webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java
    webservices/axis2/trunk/java/modules/samples/src/sample/security/Service.java

Modified: webservices/axis2/trunk/java/modules/integration/maven.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/maven.xml?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/maven.xml Wed Jul 26 12:20:37 2006
@@ -296,12 +296,12 @@
 			<copy overwrite="yes" file="target/test-classes/org/apache/rahas/Service.class"
                   tofile="target/temp-rahas/org/apache/rahas/Service.class"/>
 			<copy overwrite="yes" file="target/test-classes/org/apache/rahas/PWCallback.class"
-                  tofile="target/temp-sc/org/apache/rahas/PWCallback.class"/>
+                  tofile="target/temp-rahas/org/apache/rahas/PWCallback.class"/>
 				  
 			<copy overwrite="yes" todir="target/temp-rahas">
             	<fileset dir="test-resources/rahas">
-					<include name="sctIssuer.properties"/>
-					<include name="sts.jks"/>
+					<include name="issuer.properties"/>
+					<include name="rahas-sts.jks"/>
 				</fileset>
 			</copy>
 
@@ -349,8 +349,6 @@
 			<!-- copy the services.xml and create the aar -->
 			<copy overwrite="yes" file="test-resources/rahas/s1-services.xml"
                   tofile="target/temp-rahas/META-INF/services.xml"/>
-			<copy overwrite="yes" file="test-resources/rahas/saml.s1.properties"
-                  tofile="target/temp-rahas/saml.s1.properties"/>
 
 		    <jar  overwrite="yes" jarfile="target/test-resources/rahas_service_repo_1/services/SecureService.aar"
                  basedir="target/temp-rahas"/>
@@ -375,8 +373,6 @@
 			<!-- copy the services.xml and create the aar -->
 			<copy overwrite="yes" file="test-resources/rahas/s3-services.xml"
                   tofile="target/temp-rahas/META-INF/services.xml"/>
-			<copy overwrite="yes" file="test-resources/rahas/sctIssuer.properties"
-                  tofile="target/temp-rahas/sctIssuer.properties"/>
 
 		    <jar  overwrite="yes" jarfile="target/test-resources/rahas_service_repo_3/services/SecureService.aar"
                  basedir="target/temp-rahas"/>

Copied: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/issuer.properties
(from r425731, webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sctIssuer.properties)
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/issuer.properties?p2=webservices/axis2/trunk/java/modules/integration/test-resources/rahas/issuer.properties&p1=webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sctIssuer.properties&r1=425731&r2=425809&rev=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sctIssuer.properties
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/issuer.properties
Wed Jul 26 12:20:37 2006
@@ -1,4 +1,4 @@
 org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
 org.apache.ws.security.crypto.merlin.keystore.type=jks
 org.apache.ws.security.crypto.merlin.keystore.password=password
-org.apache.ws.security.crypto.merlin.file=sts.jks
+org.apache.ws.security.crypto.merlin.file=rahas-sts.jks

Copied: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sec.properties
(from r425785, webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sec.properties)
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sec.properties?p2=webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sec.properties&p1=webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sec.properties&r1=425785&r2=425809&rev=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sec.properties (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sec.properties
Wed Jul 26 12:20:37 2006
@@ -1,5 +1,5 @@
 org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
 org.apache.ws.security.crypto.merlin.keystore.type=jks
 org.apache.ws.security.crypto.merlin.keystore.password=password
-org.apache.ws.security.crypto.merlin.file=sec.jks
+org.apache.ws.security.crypto.merlin.file=rahas-sts.jks
 

Copied: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sts.jks
(from r425731, webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sts.jks)
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sts.jks?p2=webservices/axis2/trunk/java/modules/integration/test-resources/rahas/rahas-sts.jks&p1=webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sts.jks&r1=425731&r2=425809&rev=425809&view=diff
==============================================================================
Binary files - no diff available.

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
Wed Jul 26 12:20:37 2006
@@ -13,9 +13,9 @@
     <parameter name="saml-issuer-config">
 		<saml-issuer-config>
 			<issuerName>Test_STS</issuerName>
-			<issuerKeyAlias>sts</issuerKeyAlias>
+			<issuerKeyAlias>ip</issuerKeyAlias>
 			<issuerKeyPassword>password</issuerKeyPassword>
-			<cryptoProperties>sctIssuer.properties</cryptoProperties>
+			<cryptoProperties>issuer.properties</cryptoProperties>
 			<timeToLive>300000</timeToLive>
 			<keySize>256</keySize>
 			<addRequestedAttachedRef />
@@ -32,16 +32,16 @@
 	<parameter name="InflowSecurity">
       <action>
         <items>Timestamp Signature</items>
-        <signaturePropFile>sctIssuer.properties</signaturePropFile>
+        <signaturePropFile>issuer.properties</signaturePropFile>
       </action>
     </parameter>
 
     <parameter name="OutflowSecurity">
       <action>
         <items>Timestamp Signature</items>
-        <user>sts</user>
-        <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
-	    <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+        <user>ip</user>
+        <signaturePropFile xmlns="">issuer.properties</signaturePropFile>
+	    <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
       </action>
     </parameter>
     

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
Wed Jul 26 12:20:37 2006
@@ -13,9 +13,9 @@
     <parameter name="saml-issuer-config">
 		<saml-issuer-config>
 			<issuerName>Test_STS</issuerName>
-			<issuerKeyAlias>sts</issuerKeyAlias>
+			<issuerKeyAlias>ip</issuerKeyAlias>
 			<issuerKeyPassword>password</issuerKeyPassword>
-			<cryptoProperties>sctIssuer.properties</cryptoProperties>
+			<cryptoProperties>issuer.properties</cryptoProperties>
 			<timeToLive>300000</timeToLive>
 			<keySize>256</keySize>
 			<addRequestedAttachedRef />
@@ -32,15 +32,15 @@
 	<parameter name="InflowSecurity">
       <action>
         <items>Timestamp UsernameToken</items>
-		<passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+		<passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
       </action>
     </parameter>
 
     <parameter name="OutflowSecurity">
       <action>
         <items>Timestamp</items>
-        <user>sts</user>
-	    <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+        <user>ip</user>
+	    <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
 		<enableSignatureConfirmation>false</enableSignatureConfirmation>
       </action>
     </parameter>

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sec.jks
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/sec.jks?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
Binary files - no diff available.

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/PWCallback.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/PWCallback.java?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/PWCallback.java
(original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/PWCallback.java
Wed Jul 26 12:20:37 2006
@@ -160,7 +160,7 @@
 
                     pc.setPassword("noR");
 
-                } else if(pc.getIdentifer().equals("sts")) {
+                } else if(pc.getIdentifer().equals("ip")) {
                     
                     pc.setPassword("password");
                     

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java
(original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java
Wed Jul 26 12:20:37 2006
@@ -45,7 +45,7 @@
 
         ofc.setActionItems("Timestamp Signature");
         ofc.setUser("alice");
-        ofc.setSignaturePropFile("sec.properties");
+        ofc.setSignaturePropFile("rahas-sec.properties");
         ofc.setPasswordCallbackClass(PWCallback.class.getName());
         return ofc;
     }
@@ -55,7 +55,7 @@
 
         ifc.setActionItems("Timestamp Signature");
         ifc.setPasswordCallbackClass(PWCallback.class.getName());
-        ifc.setSignaturePropFile("sec.properties");
+        ifc.setSignaturePropFile("rahas-sec.properties");
         
         return ifc;
     }

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
(original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
Wed Jul 26 12:20:37 2006
@@ -17,7 +17,7 @@
 package org.apache.rahas;
 
 import org.apache.axiom.om.OMElement;
-import org.apache.axis2.security.sc.PWCallback;
+import org.apache.rahas.PWCallback;
 import org.apache.rampart.handler.config.InflowConfiguration;
 import org.apache.rampart.handler.config.OutflowConfiguration;
 import org.opensaml.XML;

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java
(original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java
Wed Jul 26 12:20:37 2006
@@ -17,7 +17,7 @@
 package org.apache.rahas;
 
 import org.apache.axiom.om.OMElement;
-import org.apache.axis2.security.sc.PWCallback;
+import org.apache.rahas.PWCallback;
 import org.apache.rampart.handler.config.InflowConfiguration;
 import org.apache.rampart.handler.config.OutflowConfiguration;
 import org.opensaml.XML;
@@ -61,7 +61,7 @@
 
         ofc.setActionItems("Timestamp Signature");
         ofc.setUser("alice");
-        ofc.setSignaturePropFile("sec.properties");
+        ofc.setSignaturePropFile("rahas-sec.properties");
         ofc.setPasswordCallbackClass(PWCallback.class.getName());
         return ofc;
     }
@@ -71,7 +71,7 @@
 
         ifc.setActionItems("Timestamp Signature");
         ifc.setPasswordCallbackClass(PWCallback.class.getName());
-        ifc.setSignaturePropFile("sec.properties");
+        ifc.setSignaturePropFile("rahas-sec.properties");
         
         return ifc;
     }

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties Wed
Jul 26 12:20:37 2006
@@ -45,4 +45,5 @@
 samlAssertionCreationError = Error in creating a SAMLToken using opensaml library
 aliasMissingForService = Certificate alias missing for service : \"{0}\"
 samlInvalidAppliesToElem = Invalid wst:AppliesTo element, Rahas SAML token issuer expects
the service epr to be the child
-samlIssuerNameMissing = issuerName value missing in the SAMLTokenIssuer configuration
\ No newline at end of file
+samlIssuerNameMissing = issuerName value missing in the SAMLTokenIssuer configuration
+samlUnsupportedPrincipal = Unsupported principal : \"{0}\"
\ No newline at end of file

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
(original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
Wed Jul 26 12:20:37 2006
@@ -30,6 +30,7 @@
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.WSHandlerConstants;
@@ -42,7 +43,9 @@
 import org.opensaml.SAMLAssertion;
 import org.opensaml.SAMLAttribute;
 import org.opensaml.SAMLAttributeStatement;
+import org.opensaml.SAMLAuthenticationStatement;
 import org.opensaml.SAMLException;
+import org.opensaml.SAMLNameIdentifier;
 import org.opensaml.SAMLStatement;
 import org.opensaml.SAMLSubject;
 import org.w3c.dom.Document;
@@ -192,9 +195,9 @@
         if(keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY) || 
                          keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
             assertion = createHoKAssertion(config, request, doc, crypto,
-                    creationTime, expirationTime, keyType, secret);
+                    creationTime, expirationTime, keyType, secret, principal);
         } else  if(keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
-            //TODO Create bearer token
+            assertion = createBearerAssertion(config, request, doc, crypto, creationTime,
expirationTime, principal);
         } else {
             throw new TrustException("unsupportedKeyType");
         }
@@ -218,8 +221,10 @@
         TrustUtil.createtTokenTypeElement(version, rstrElem).setText(
                 RahasConstants.TOK_TYPE_SAML_10);
 
-        
-        TrustUtil.createKeySizeElement(version, rstrElem, keySize);
+
+        if(keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+            TrustUtil.createKeySizeElement(version, rstrElem, keySize);
+        }
         
         if (config.addRequestedAttachedRef) {
             TrustUtil.createRequestedAttachedRef(version, rstrElem, "#"
@@ -262,12 +267,14 @@
             throw new TrustException("samlConverstionError", e);
         }
 
-        //Add the RequestedProofToken
-        OMElement reqProofTokElem = TrustUtil
-                .createRequestedProofTokenElement(version, rstrElem);
-        OMElement binSecElem = TrustUtil.createBinarySecretElement(version,
-                reqProofTokElem, null);
-        binSecElem.setText(Base64.encode(secret));
+        if(keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+            //Add the RequestedProofToken
+            OMElement reqProofTokElem = TrustUtil
+                    .createRequestedProofTokenElement(version, rstrElem);
+            OMElement binSecElem = TrustUtil.createBinarySecretElement(version,
+                    reqProofTokElem, null);
+            binSecElem.setText(Base64.encode(secret));
+        }
         
         // Unet the DOM impl to DOOM
         DocumentBuilderFactoryImpl.setDOOMRequired(false);
@@ -276,56 +283,37 @@
     
 
     /**
-     * Uses the <code>wst:AppliesTo</code> to figure out the certificate to 
-     * encrypt the secret in the SAML token 
-     * @param request
      * @param config
+     * @param request
+     * @param doc
      * @param crypto
-     * @throws WSSecurityException
+     * @param creationTime
+     * @param expirationTime
+     * @param principal
      * @return
      */
-    private X509Certificate getServiceCert(OMElement request,
-            SAMLTokenIssuerConfig config, Crypto crypto)
-            throws WSSecurityException, TrustException {
-
-        String address = this.getServiceAddress(request);
-        
-        if(address != null && !"".equals(address)) {
-            String alias = (String)config.trustedServices.get(address);;
-            return (X509Certificate)crypto.getCertificates(alias)[0];
-        } else {
-            //Return the STS cert
-            return (X509Certificate)crypto.getCertificates(config.issuerKeyAlias)[0];
-        }
-        
-    }
-
-    
-    private String getServiceAddress(OMElement request) throws TrustException {
-        OMElement appliesToElem = request.getFirstChildWithName(
-                new QName(RahasConstants.WSP_NS, RahasConstants.APPLIES_TO_LN));
-        if(appliesToElem != null) {
-            OMElement eprElem = appliesToElem.getFirstChildWithName(new QName(
-                    RahasConstants.WSA_NS, RahasConstants.ENDPOINT_REFERENCE));
-            if (eprElem != null) {
-                OMElement addrElem = eprElem.getFirstChildWithName(new QName(
-                        RahasConstants.WSA_NS, RahasConstants.ADDRESS));
-                if (addrElem != null && addrElem.getText() != null && !"".equals(addrElem.getText().trim()))
{
-                    return addrElem.getText().trim();
-                } else {
-                    throw new TrustException("samlInvalidAppliesToElem");
-                }
+    private SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig config,
+            OMElement request, Document doc, Crypto crypto, Date creationTime,
+            Date expirationTime, Principal principal) throws TrustException {
+        try {
+            //In the case where the principal is a UT
+            if(principal instanceof WSUsernameTokenPrincipal) {
+                WSUsernameTokenPrincipal utPrincipal = (WSUsernameTokenPrincipal)principal;
+                //TODO: Find the email address
+                String subjectNameId = "rcuhtihf@apache.org";
+                SAMLNameIdentifier nameId = new SAMLNameIdentifier(subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+                return createAuthAssertion(SAMLSubject.CONF_BEARER, nameId, config, crypto,
creationTime, expirationTime);
             } else {
-                throw new TrustException("samlInvalidAppliesToElem");
+                throw new TrustException("samlUnsupportedPrincipal", new String[]{principal.getClass().getName()});
             }
+        } catch (SAMLException e) {
+            throw new TrustException("samlAssertionCreationError", e);
         }
-        //If the AppliesTo element is missing
-        return null;
     }
-    
+
     private SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig config,
             OMElement request, Document doc, Crypto crypto, Date creationTime,
-            Date expirationTime, String keyType, byte[] secret)
+            Date expirationTime, String keyType, byte[] secret, Principal principal)
             throws TrustException {
         
         Element encryptedKeyElem = null;
@@ -363,9 +351,58 @@
                     "errorInBuildingTheEncryptedKeyForPrincipal",
                     new String[] { serviceCert.getSubjectDN().getName()}, e);
         }
-        return this.createAssertion(doc, encryptedKeyElem, 
+        return this.createAttributeAssertion(doc, encryptedKeyElem, 
                 config, crypto, creationTime, expirationTime);
     }
+    
+    /**
+     * Uses the <code>wst:AppliesTo</code> to figure out the certificate to 
+     * encrypt the secret in the SAML token 
+     * @param request
+     * @param config
+     * @param crypto
+     * @throws WSSecurityException
+     * @return
+     */
+    private X509Certificate getServiceCert(OMElement request,
+            SAMLTokenIssuerConfig config, Crypto crypto)
+            throws WSSecurityException, TrustException {
+
+        String address = this.getServiceAddress(request);
+        
+        if(address != null && !"".equals(address)) {
+            String alias = (String)config.trustedServices.get(address);;
+            return (X509Certificate)crypto.getCertificates(alias)[0];
+        } else {
+            //Return the STS cert
+            return (X509Certificate)crypto.getCertificates(config.issuerKeyAlias)[0];
+        }
+        
+    }
+
+    
+    private String getServiceAddress(OMElement request) throws TrustException {
+        OMElement appliesToElem = request.getFirstChildWithName(
+                new QName(RahasConstants.WSP_NS, RahasConstants.APPLIES_TO_LN));
+        if(appliesToElem != null) {
+            OMElement eprElem = appliesToElem.getFirstChildWithName(new QName(
+                    RahasConstants.WSA_NS, RahasConstants.ENDPOINT_REFERENCE));
+            if (eprElem != null) {
+                OMElement addrElem = eprElem.getFirstChildWithName(new QName(
+                        RahasConstants.WSA_NS, RahasConstants.ADDRESS));
+                if (addrElem != null && addrElem.getText() != null && !"".equals(addrElem.getText().trim()))
{
+                    return addrElem.getText().trim();
+                } else {
+                    throw new TrustException("samlInvalidAppliesToElem");
+                }
+            } else {
+                throw new TrustException("samlInvalidAppliesToElem");
+            }
+        }
+        //If the AppliesTo element is missing
+        return null;
+    }    
+
     /**
      * Create the SAML assertion with the secret held in an 
      * <code>xenc:EncryptedKey</code>
@@ -378,7 +415,7 @@
      * @return
      * @throws TrustException
      */
-    private SAMLAssertion createAssertion(Document doc, 
+    private SAMLAssertion createAttributeAssertion(Document doc, 
                 Element keyInfoContent, 
                 SAMLTokenIssuerConfig config, 
                 Crypto crypto,
@@ -431,7 +468,51 @@
         }
     }
 
-    
+    /**
+     * @param conf_bearer
+     * @param subjectNameId
+     * @param creationTime
+     * @param expirationTime
+     * @return
+     */
+    private SAMLAssertion createAuthAssertion(String confMethod,
+            SAMLNameIdentifier subjectNameId, SAMLTokenIssuerConfig config,
+            Crypto crypto, Date notBefore, Date notAfter) throws TrustException {
+        try {
+            String[] confirmationMethods = new String[]{confMethod};
+            
+            SAMLSubject subject = new SAMLSubject(subjectNameId, Arrays.asList(confirmationMethods),
null, null);
+            
+            SAMLAuthenticationStatement authStmt = new SAMLAuthenticationStatement(
+                    subject,
+                    SAMLAuthenticationStatement.AuthenticationMethod_Password,
+                    notBefore, null, null, null);
+            SAMLStatement[] statements = {authStmt};
+            
+            SAMLAssertion assertion = new SAMLAssertion(config.issuerName, notBefore,
+                    notAfter, null, null, Arrays.asList(statements));
+            
+            //sign the assertion
+            X509Certificate[] issuerCerts =
+                crypto.getCertificates(config.issuerKeyAlias);
+
+            String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+            String pubKeyAlgo =
+                    issuerCerts[0].getPublicKey().getAlgorithm();
+            if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+                sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+            }
+            java.security.Key issuerPK =
+                    crypto.getPrivateKey(config.issuerKeyAlias,
+                            config.issuerKeyPassword);
+            assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+            
+            
+            return assertion;
+        } catch (Exception e) {
+            throw new TrustException("samlAssertionCreationError", e);
+        }
+    }    
 
     
     /*

Modified: webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java (original)
+++ webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java Wed Jul 26
12:20:37 2006
@@ -42,10 +42,10 @@
 
             // Get the repository location from the args
             String repo = args[0];
-            String port = args[1];
+            String port = "9080";
 
             OMElement payload = getEchoElement();
-            ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
null);
+            ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
repo + "/conf/axis2.xml");
             ServiceClient serviceClient = new ServiceClient(configContext, null);
             Options options = new Options();
             options.setTo(new EndpointReference("http://127.0.0.1:" + port + "/axis2/services/SecureService"));
@@ -55,6 +55,7 @@
             serviceClient.setOptions(options);
             
             //Blocking invocation
+            System.out.println(payload);
             OMElement result = serviceClient.sendReceive(payload);
 
             StringWriter writer = new StringWriter();

Modified: webservices/axis2/trunk/java/modules/samples/src/sample/security/Service.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/samples/src/sample/security/Service.java?rev=425809&r1=425808&r2=425809&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/samples/src/sample/security/Service.java (original)
+++ webservices/axis2/trunk/java/modules/samples/src/sample/security/Service.java Wed Jul
26 12:20:37 2006
@@ -1,28 +1,36 @@
 /*
-* Copyright 2004,2005 The Apache Software Foundation.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package sample.security;
 
 import org.apache.axiom.om.OMElement;
 
 public class Service {
 
-	public OMElement echo(OMElement elem) {
-		elem.build();
-		elem.detach();
-		return elem;
-	}
-	
+    public OMElement echo(OMElement elem) {
+        elem.build();
+        elem.detach();
+
+//        for (int i = 0; i < 17; i++) {
+//            OMElement chldElem = elem.getOMFactory().createOMElement("child",
+//                    null);
+//            chldElem.setText("Fixing Roy's problem " + i);
+//            elem.addChild(chldElem);
+//        }
+
+        return elem;
+    }
+
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message