axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r437942 [1/2] - in /webservices/axis2/trunk/java/modules: integration/test/org/apache/rahas/ rahas/src/org/apache/rahas/ rahas/src/org/apache/rahas/impl/ rahas/test/org/apache/rahas/ secpolicy/src/org/apache/ws/secpolicy/model/
Date Tue, 29 Aug 2006 03:56:17 GMT
Author: ruchithf
Date: Mon Aug 28 20:56:16 2006
New Revision: 437942

URL: http://svn.apache.org/viewvc?rev=437942&view=rev
Log:
1.) Created RahasData to hold information on the request
2.) Moved processing of common elements in the RST to RahasData
3.) Changed the issuer interface to accept a RahasData instace
4.) Updated the SAMLTokenIssuer and SCTIssuer to use information from RahasData


Added:
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasData.java
Modified:
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenIssuer.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenRequestDispatcher.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
    webservices/axis2/trunk/java/modules/rahas/test/org/apache/rahas/TempIssuer.java
    webservices/axis2/trunk/java/modules/secpolicy/src/org/apache/ws/secpolicy/model/SignatureToken.java

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java Mon Aug 28 20:56:16 2006
@@ -84,7 +84,7 @@
             //KeyType
             TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
             
-            TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService");
+            TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
             
             rstElem = (OMElement)rstElem.detach();
             return rstElem;

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java Mon Aug 28 20:56:16 2006
@@ -21,7 +21,6 @@
 import org.apache.rampart.handler.config.InflowConfiguration;
 import org.apache.rampart.handler.config.OutflowConfiguration;
 import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.utils.EncryptionConstants;
 import org.opensaml.XML;
 
 import javax.xml.namespace.QName;
@@ -40,8 +39,9 @@
             reqTypeElem.setText(RahasConstants.V_05_12.REQ_TYPE_ISSUE);
             tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
             
-            TrustUtil.createAppliesToElement(rstElem,
-                    "http://207.200.37.116/Ping/Scenario4");
+            TrustUtil.createAppliesToElement(rstElem, 
+//                    "http://207.200.37.116/Ping/Scenario4", this.getWSANamespace());
+                    "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
             TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
                     rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
             TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenTest.java Mon Aug 28 20:56:16 2006
@@ -87,7 +87,7 @@
             //KeyType
             TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
             
-            TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService");
+            TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
             
             rstElem = (OMElement)rstElem.detach();
             return rstElem;

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java Mon Aug 28 20:56:16 2006
@@ -41,8 +41,7 @@
             reqTypeElem.setText(RahasConstants.V_05_12.REQ_TYPE_ISSUE);
             tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
             
-            TrustUtil.createAppliesToElement(rstElem,
-                    "http://localhost:5555/axis2/services/SecureService");
+            TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
             TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
                     rstElem, RahasConstants.KEY_TYPE_BEARER);
             TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java Mon Aug 28 20:56:16 2006
@@ -40,8 +40,7 @@
             reqTypeElem.setText(RahasConstants.V_05_12.REQ_TYPE_ISSUE);
             tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
             
-            TrustUtil.createAppliesToElement(rstElem,
-                    "http://localhost:5555/axis2/services/SecureService");
+            TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
             TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
                     rstElem, RahasConstants.KEY_TYPE_BEARER);
             TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java Mon Aug 28 20:56:16 2006
@@ -37,8 +37,7 @@
             reqTypeElem.setText(RahasConstants.V_05_12.REQ_TYPE_ISSUE);
             tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
             
-            TrustUtil.createAppliesToElement(rstElem,
-                    "http://localhost:5555/axis2/services/SecureService");
+            TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
             TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
                     rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
             TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java Mon Aug 28 20:56:16 2006
@@ -17,14 +17,44 @@
 package org.apache.rahas;
 
 import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DocumentImpl;
+import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.impl.dom.soap11.SOAP11Factory;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.OperationClient;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.AxisOperation;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.OutInAxisOperation;
 import org.apache.axis2.util.Base64;
+import org.apache.axis2.wsdl.WSDLConstants;
 import org.apache.rampart.handler.config.InflowConfiguration;
 import org.apache.rampart.handler.config.OutflowConfiguration;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.XML;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import java.util.Vector;
 
 public class RahasSAMLTokenUTForHoKV1205Test extends TestClient {
 
@@ -46,7 +76,8 @@
             tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
             
             TrustUtil.createAppliesToElement(rstElem,
-                    "http://localhost:5555/axis2/services/SecureService");
+//                    "https://207.200.37.116/Ping/Scenario1", this.getWSANamespace());
+                    "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
             TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
                     rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
             TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
@@ -99,33 +130,120 @@
         OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
         assertNotNull("Missing SAML Assertoin", elem);
         
-        OMElement attrStmtElem = elem.getFirstChildWithName(new QName(XML.SAML_NS, "AttributeStatement"));
-        OMElement kiElem = attrStmtElem.getFirstChildWithName(new QName(XML.SAML_NS,"Subject")).getFirstChildWithName(new QName(XML.SAML_NS,"SubjectConfirmation")).getFirstChildWithName(new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo"));
-        OMElement encrKey = kiElem.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"));
+        //Uncomment for inteorp - START
+//        String respEntrB64 = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.ENTROPY_LN)).getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.BINARY_SECRET_LN)).getText().trim();
+//
+//        
+//        
+//        OMElement attrStmtElem = elem.getFirstChildWithName(new QName(XML.SAML_NS, "AttributeStatement"));
+//        OMElement kiElem = attrStmtElem.getFirstChildWithName(new QName(XML.SAML_NS,"Subject")).getFirstChildWithName(new QName(XML.SAML_NS,"SubjectConfirmation")).getFirstChildWithName(new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo"));
+//        OMElement encrKey = kiElem.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"));
+//        
 //        
 //        String cipherValue = encrKey.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherData")).getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherValue")).getText();
-//        System.out.println(cipherValue);
+//        
+//        byte[] serviceEntr = Base64.decode(respEntrB64);
+        
+//      try {
+//          this.requestService(elem, clientEntr, serviceEntr);
+//      } catch (Exception e) {
+//          e.printStackTrace();
+//      }
+
+        //Uncomment for inteorp - END
+        
+        
+
+    }
+    
+//    private void requestService(OMElement assertion, byte[] reqEnt, byte[] respEnt) throws Exception {
+//        
+//        StAXOMBuilder builder = new StAXOMBuilder(new OMDOMFactory(), assertion.getXMLStreamReader());
+//        Element domAssertionElem = (Element)builder.getDocumentElement();
+//
+//        DocumentBuilderFactoryImpl.setDOOMRequired(true);
+//        Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+//        
+//        SOAPFactory fac = new SOAP11Factory((DocumentImpl)doc);
+//        SOAPEnvelope envelope = fac.getDefaultEnvelope();
+//        this.addPayload(envelope);
+//        
+//        WSSecHeader secHeader = new WSSecHeader();
+//        secHeader.insertSecurityHeader(doc);
+//        
+//        WSSecTimestamp ts = new WSSecTimestamp();
+//        ts.prepare(doc);
+//        ts.prependToHeader(secHeader);
+//        
+//        WSSecDKSign sig = new WSSecDKSign();
+//        sig.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+//        P_SHA1 p_sha1 = new P_SHA1();
+//        SecurityTokenReference ref = new SecurityTokenReference(doc);
+//        ref.setSAMLKeyIdentifier(assertion.getAttributeValue(new QName("AssertionID")));
+//        
+//        System.out.println("\nRequest Entropy: " + Base64.encode(reqEnt));
+//        System.out.println("Response Entropy: " + Base64.encode(respEnt));
+//        
+//        byte[] ephmeralKey = p_sha1.createKey(reqEnt, respEnt, 0, 32);
+//        
+//        System.out.println( ephmeralKey.length * 8 + " bit Key: " + Base64.encode(ephmeralKey));
+//        
+//        sig.setExternalKey(ephmeralKey, ref.getElement());
 //
+//        WSEncryptionPart part = new WSEncryptionPart(WSConstants.TIMESTAMP_TOKEN_LN, WSConstants.WSU_NS, "Element");
+//        Vector partsVector = new Vector();
+//        partsVector.add(part);
+//        sig.setParts(partsVector);
 //        
+//        sig.prepare(doc, secHeader);
+//        sig.addReferencesToSign(partsVector, secHeader);
+//        sig.computeSignature();
+//        
+//        Element importedAssertionElement = (Element) doc.importNode(domAssertionElem, true);
+//        WSSecurityUtil.appendChildElement(doc, secHeader.getSecurityHeader(), importedAssertionElement);
+//        sig.appendDKElementToHeader(secHeader);
+//        sig.appendSigToHeader(secHeader);
 //
-//        String serviceEntropyValue = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.ENTROPY_LN)).getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.BINARY_SECRET_LN)).getText();
 //        
-//        byte[] serviceEntr = Base64.decode(serviceEntropyValue);
+//        System.out.println(envelope);
 //        
-//        try {
-//            P_SHA1 p_sha1 = new P_SHA1();
-//            
-//            KeyStore ks = KeyStore.getInstance("JKS");
-//            FileInputStream ksfis = new FileInputStream("/home/ruchith/workspace/sx-interop-aug-06/config/rahas-sts.jks");
-//            BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
-//            ks.load(ksbufin, "password".toCharArray()); // Populate the keystore
-//          
-//            Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING", "BC");
-//            cipher.init(Cipher.ENCRYPT_MODE, ks.getKey("bob", "password".toCharArray()));
-//            System.out.println("\n\nCipherDataValue:\n" + Base64.encode(cipher.doFinal(serviceEntr)));
-//        } catch (Exception e) {
-//            e.printStackTrace();
-//        }
-    }
+//        
+//        //Create a service client and send the request
+//        AxisService service = new AxisService("ping");
+//        AxisOperation op = new OutInAxisOperation(new QName("Ping"));
+//        service.addChild(op);
+//        
+//        ServiceClient client = new ServiceClient(ConfigurationContextFactory.createConfigurationContextFromFileSystem(Constants.TESTING_PATH + "rahas_client_repo", null), service);
+//
+//        
+//        OperationClient opClient = client.createClient(new QName("Ping"));
+//        MessageContext mc = new MessageContext();
+//        mc.setEnvelope(envelope);
+//        
+//        client.engageModule(new QName("addressing"));
+//        client.engageModule(new QName("rampart"));
+//        
+//        opClient.addMessageContext(mc);
+////        opClient.getOptions().setTo(new EndpointReference("https://131.107.72.15/PingService/OasisScenario1"));
+//        opClient.getOptions().setTo(new EndpointReference("https://207.200.37.116/Ping/Scenario1"));
+//        
+//        opClient.getOptions().setAction("http://example.org/Ping");
+////        opClient.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, AddressingConstants.Submission.WSA_NAMESPACE);
+//        
+//        opClient.execute(true);
+//        MessageContext response = opClient.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
+//        System.out.println("------------------------------RESPONSE------------------------------\n" + response.getEnvelope());
+//        
+//    }
+//    
+//    private void addPayload(SOAPEnvelope env) {
+//        //<Ping xmlns="http://example.org/Ping">Ping</Ping>
+//        OMNamespace ns = env.getOMFactory().createOMNamespace("http://example.org/Ping", "");
+//        OMElement elem = env.getOMFactory().createOMElement("Ping", ns);
+//        elem.setText("Ping");
+//        
+//        env.getBody().addChild(elem);
+//    }
+    
 
 }

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/RahasSAMLTokenV1205Test.java Mon Aug 28 20:56:16 2006
@@ -44,8 +44,7 @@
             reqTypeElem.setText(RahasConstants.V_05_12.REQ_TYPE_ISSUE);
             tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
             
-            TrustUtil.createAppliesToElement(rstElem,
-                    "http://localhost:5555/axis2/services/SecureService");
+            TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
             TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
                     rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
             TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java Mon Aug 28 20:56:16 2006
@@ -77,6 +77,7 @@
             
 //            options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/MutualCertsSAMLHoK"));
 //            options.setTo(new EndpointReference("http://www-lk.wso2.com:8888/axis2/services/MutualCertsSAMLHoK"));
+//            options.setTo(new EndpointReference("https://131.107.72.15/trust/Addressing2004/UserName"));
 //            options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
 //            options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/trust/X509WSS10"));
 //            options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
@@ -86,7 +87,7 @@
             
             options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
             options.setAction(this.getRequestAction());
-            options.setProperty(AddressingConstants.WS_ADDRESSING_VERSION, AddressingConstants.Submission.WSA_NAMESPACE);
+//            options.setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.getWSANamespace());
 
 
             OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
@@ -112,6 +113,10 @@
             axisFault.printStackTrace();
             fail(axisFault.getMessage());
         }
+    }
+    
+    protected String getWSANamespace() {
+        return AddressingConstants.Submission.WSA_NAMESPACE;
     }
 
     public abstract OMElement getRequest();

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java Mon Aug 28 20:56:16 2006
@@ -16,6 +16,8 @@
 
 package org.apache.rahas;
 
+import org.apache.axis2.addressing.AddressingConstants;
+
 public class RahasConstants {
     
     public final static int VERSION_05_02 = 1;
@@ -36,12 +38,6 @@
     public final static String WSP_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
     public final static String WSP_PREFIX = "wsp";
     
-    public final static String WSA_NS = "http://schemas.xmlsoap.org/ws/2004/08/addressing";
-    public final static String WSA_PREFIX = "wsa";
-    
-    public final static String ENDPOINT_REFERENCE = "EndpointReference";
-    public final static String ADDRESS = "Address";
-
     //Local names
     public final static String REQUEST_TYPE_LN = "RequestType";
     public final static String TOKEN_TYPE_LN = "TokenType";

Added: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasData.java?rev=437942&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasData.java (added)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasData.java Mon Aug 28 20:56:16 2006
@@ -0,0 +1,383 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import javax.xml.namespace.QName;
+
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Vector;
+
+/**
+ * Common data items on WS-Trust request messages
+ */
+public class RahasData {
+
+    private MessageContext inMessageContext;
+
+    private OMElement rstElement;
+
+    private int version = -1;
+
+    private String wstNs;
+
+    private String requestType;
+
+    private String tokenType;
+
+    private int keysize = -1;
+
+    private String computedKeyAlgo;
+
+    private String keyType;
+
+    private String appliesToAddress;
+
+    private Principal principal;
+
+    private X509Certificate clientCert;
+
+    private byte[] ephmeralKey;
+
+    private byte[] requestEntropy;
+
+    private byte[] responseEntropy;
+
+    private String addressingNs;
+    
+    private String soapNs;
+
+    /**
+     * Create a new RahasData instance and populate it with the information from
+     * the request.
+     * 
+     * @throws TrustException
+     *             <code>RequestSecurityToken</code> element is invalid.
+     */
+    public RahasData(MessageContext inMessageContext) throws TrustException {
+
+        this.inMessageContext = inMessageContext;
+
+        //Check for an authenticated Principal
+        this.processWSS4JSecurityResults();
+
+        // Find out the incoming addressing version
+        this.addressingNs = (String) this.inMessageContext
+                .getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+
+        this.rstElement = this.inMessageContext.getEnvelope().getBody()
+                .getFirstElement();
+        
+        this.soapNs = this.inMessageContext.getEnvelope().getNamespace()
+                .getNamespaceURI();
+
+        this.wstNs = this.rstElement.getNamespace().getNamespaceURI();
+
+        int ver = TrustUtil.getWSTVersion(this.wstNs);
+
+        if (ver == -1) {
+            throw new TrustException(TrustException.INVALID_REQUEST);
+        } else {
+            this.version = ver;
+        }
+
+        this.processRequestType();
+
+        this.processTokenType();
+
+        this.processKeyType();
+
+        this.processKeySize();
+
+        this.processAppliesTo();
+
+    }
+
+    /**
+     * Processes the authenticated user information from the WSS4J security
+     * resutls.
+     * 
+     * @throws TrustException
+     */
+    private void processWSS4JSecurityResults() throws TrustException {
+
+        /*
+         * User can be identifier using a UsernameToken or a certificate - If a
+         * certificate is found then we use that to - identify the user and -
+         * encrypt the response (if required) - If a UsernameToken is found then
+         * we will not be encrypting the response
+         */
+
+        Vector results = null;
+        if ((results = (Vector) this.inMessageContext
+                .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+            throw new TrustException(TrustException.REQUEST_FAILED);
+        } else {
+
+            for (int i = 0; i < results.size(); i++) {
+                WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+                Vector wsSecEngineResults = rResult.getResults();
+
+                for (int j = 0; j < wsSecEngineResults.size(); j++) {
+                    WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+                            .get(j);
+                    if (wser.getAction() == WSConstants.SIGN
+                            && wser.getPrincipal() != null) {
+                        this.clientCert = wser.getCertificate();
+                        this.principal = wser.getPrincipal();
+                    } else if (wser.getAction() == WSConstants.UT
+                            && wser.getPrincipal() != null) {
+                        this.principal = wser.getPrincipal();
+                    }
+                }
+            }
+            // If the principal is missing
+            if (principal == null) {
+                throw new TrustException(TrustException.REQUEST_FAILED);
+            }
+        }
+    }
+
+    private void processAppliesTo() throws TrustException {
+
+        OMElement appliesToElem = this.rstElement
+                .getFirstChildWithName(new QName(RahasConstants.WSP_NS,
+                        RahasConstants.APPLIES_TO_LN));
+
+        if (appliesToElem != null) {
+            OMElement eprElem = appliesToElem.getFirstElement();
+            // If there were no addressing headers
+            // The find the addressing version using the EPR element
+            if (this.addressingNs == null) {
+                this.addressingNs = eprElem.getNamespace()
+                        .getNamespaceURI();
+            }
+
+            if (eprElem != null) {
+                OMElement addrElem = eprElem
+                        .getFirstChildWithName(new QName(
+                                this.addressingNs,
+                                AddressingConstants.EPR_ADDRESS));
+                if (addrElem != null && addrElem.getText() != null
+                        && !"".equals(addrElem.getText().trim())) {
+                    this.appliesToAddress = addrElem.getText().trim();
+                } else {
+                    throw new TrustException("invalidAppliesToElem");
+                }
+            } else {
+                throw new TrustException("invalidAppliesToElem");
+            }
+        }
+    }
+    
+    private void processRequestType() throws TrustException {
+        OMElement reqTypeElem = this.rstElement
+                .getFirstChildWithName(new QName(this.wstNs,
+                        RahasConstants.REQUEST_TYPE_LN));
+
+        if (reqTypeElem == null
+                || (reqTypeElem != null && reqTypeElem.getText() != null && ""
+                        .equals(reqTypeElem.getText().trim()))) {
+            throw new TrustException(TrustException.INVALID_REQUEST);
+        } else {
+            this.requestType = reqTypeElem.getText().trim();
+        }        
+       
+    }
+    
+    private void processTokenType() {
+        OMElement tokTypeElem = this.rstElement
+                .getFirstChildWithName(new QName(this.wstNs,
+                        RahasConstants.TOKEN_TYPE_LN));
+
+        if (tokTypeElem != null && tokTypeElem.getText() != null
+                && !"".equals(tokTypeElem.getText().trim())) {
+            this.tokenType = tokTypeElem.getText().trim();
+        }
+    }
+
+    /**
+     * Find the value of the KeyType element of the RST
+     */
+    private void processKeyType() {
+        OMElement keyTypeElem = this.rstElement
+                .getFirstChildWithName(new QName(this.wstNs,
+                        RahasConstants.KEY_TYPE_LN));
+        if (keyTypeElem != null) {
+            String text = keyTypeElem.getText();
+            if (text != null && !"".equals(text.trim())) {
+                this.keyType = text.trim();
+            }
+        }
+    }
+    
+    /**
+     * Finds the KeySize and creates an empty ephmeral key.
+     * 
+     * @throws TrustException
+     */
+    private void processKeySize() throws TrustException {
+        OMElement keySizeElem = this.rstElement
+                .getFirstChildWithName(new QName(this.wstNs,
+                        RahasConstants.KEY_SIZE_LN));
+        if (keySizeElem != null) {
+            String text = keySizeElem.getText();
+            if (text != null && !"".equals(text.trim())) {
+                try {
+                    //Set key size
+                    this.keysize = Integer.parseInt(text.trim());
+                    
+                    //Create an empty array to hold the key
+                    this.ephmeralKey = new byte[this.keysize];
+                } catch (NumberFormatException e) {
+                    throw new TrustException(TrustException.INVALID_REQUEST,
+                            new String[] { "invalid wst:Keysize value" }, e);
+                }
+            }
+        }
+        this.keysize = -1;
+    }
+
+    /**
+     * @return Returns the appliesToAddress.
+     */
+    public String getAppliesToAddress() {
+        return appliesToAddress;
+    }
+
+    /**
+     * @return Returns the clientCert.
+     */
+    public X509Certificate getClientCert() {
+        return clientCert;
+    }
+
+    /**
+     * @return Returns the computedKeyAlgo.
+     */
+    public String getComputedKeyAlgo() {
+        return computedKeyAlgo;
+    }
+
+    /**
+     * @return Returns the ephmeralKey.
+     */
+    public byte[] getEphmeralKey() {
+        return ephmeralKey;
+    }
+
+    /**
+     * @return Returns the inMessageContext.
+     */
+    public MessageContext getInMessageContext() {
+        return inMessageContext;
+    }
+
+    /**
+     * @return Returns the keysize.
+     */
+    public int getKeysize() {
+        return keysize;
+    }
+
+    /**
+     * @return Returns the keyType.
+     */
+    public String getKeyType() {
+        return keyType;
+    }
+
+    /**
+     * @return Returns the principal.
+     */
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    /**
+     * @return Returns the requestEntropy.
+     */
+    public byte[] getRequestEntropy() {
+        return requestEntropy;
+    }
+
+    /**
+     * @return Returns the requestType.
+     */
+    public String getRequestType() {
+        return requestType;
+    }
+
+    /**
+     * @return Returns the responseEntropy.
+     */
+    public byte[] getResponseEntropy() {
+        return responseEntropy;
+    }
+
+    /**
+     * @return Returns the rstElement.
+     */
+    public OMElement getRstElement() {
+        return rstElement;
+    }
+
+    /**
+     * @return Returns the tokenType.
+     */
+    public String getTokenType() {
+        return tokenType;
+    }
+
+    /**
+     * @return Returns the version.
+     */
+    public int getVersion() {
+        return version;
+    }
+
+    /**
+     * @return Returns the addressingNs.
+     */
+    public String getAddressingNs() {
+        return addressingNs;
+    }
+
+    /**
+     * @return Returns the wstNs.
+     */
+    public String getWstNs() {
+        return wstNs;
+    }
+
+    /**
+     * @return Returns the soapNs.
+     */
+    public String getSoapNs() {
+        return soapNs;
+    }
+
+    
+}

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenIssuer.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenIssuer.java Mon Aug 28 20:56:16 2006
@@ -18,11 +18,10 @@
 
 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.soap.SOAPEnvelope;
-import org.apache.axis2.context.MessageContext;
 
 /**
- * The <code>TokenIssuer</code> 
- *
+ * The <code>TokenIssuer</code>
+ * 
  */
 public interface TokenIssuer {
 
@@ -30,61 +29,55 @@
      * Create the response <code>soap:Envelope</code> for the given issue
      * request.
      * 
-     * @param request
-     *            The contents of the <code>soap:Body</code> as an
-     *            <code>OMElement</code>
-     * @param inMsgCtx
-     *            The incoming messagge context
+     * @param data
+     *            A populated <code>RahasData</code> instance
      * @return The response <code>soap:Envelope</code> for the given issue
      *         request.
      * @throws TrustException
      */
-    public SOAPEnvelope issue(OMElement request, MessageContext inMsgCtx)
-            throws TrustException;
+    public SOAPEnvelope issue(RahasData data) throws TrustException;
 
     /**
-     * Returns the <code>wsa:Action</code> of the response
+     * Returns the <code>wsa:Action</code> of the response.
      * 
-     * @param request
-     *            The contents of the <code>soap:Body</code> as an
-     *            <code>OMElement</code>
-     * @param inMsgCtx
-     *            The incoming messagge context
+     * @param data
+     *            A populated <code>RahasData</code> instance
      * @return Returns the <code>wsa:Action</code> of the response
      * @throws TrustException
      */
-    public String getResponseAction(OMElement request, MessageContext inMsgCtx)
-            throws TrustException;
-    
+    public String getResponseAction(RahasData data) throws TrustException;
+
     /**
      * Set the configuration file of this TokenIssuer.
      * 
-     * This is the text value of the &lt;configuration-file&gt; element of the 
+     * This is the text value of the &lt;configuration-file&gt; element of the
      * token-dispatcher-configuration
+     * 
      * @param configFile
      */
     public void setConfigurationFile(String configFile);
-    
+
     /**
      * Set the configuration element of this TokenIssuer.
      * 
-     * This is the &lt;configuration&gt; element of the 
+     * This is the &lt;configuration&gt; element of the
      * token-dispatcher-configuration
      * 
-     * @param configElement <code>OMElement</code> representing the configuation
+     * @param configElement
+     *            <code>OMElement</code> representing the configuation
      */
     public void setConfigurationElement(OMElement configElement);
-    
+
     /**
      * Set the name of the configuration parameter.
      * 
-     * If this is used then there must be a 
-     * <code>org.apache.axis2.description.Parameter</code> object available in 
+     * If this is used then there must be a
+     * <code>org.apache.axis2.description.Parameter</code> object available in
      * the via the messageContext when the <code>TokenIssuer</code> is called.
      * 
      * @see org.apache.axis2.description.Parameter
      * @param configParamName
      */
-    public void setConfigurationParamName(String configParamName); 
-    
+    public void setConfigurationParamName(String configParamName);
+
 }

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenRequestDispatcher.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenRequestDispatcher.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenRequestDispatcher.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenRequestDispatcher.java Mon Aug 28 20:56:16 2006
@@ -19,8 +19,6 @@
 import org.apache.axiom.soap.SOAPEnvelope;
 import org.apache.axis2.context.MessageContext;
 
-import javax.xml.namespace.QName;
-
 public class TokenRequestDispatcher {
 
     private TokenRequestDispatcherConfig config;
@@ -47,52 +45,11 @@
      */
     public SOAPEnvelope handle(MessageContext inMsgCtx, MessageContext outMsgCtx)
             throws TrustException {
-
-        //figureout the WS-Trust version and get the RST element
-        int version;
-        String ns;
-        
-        OMElement rstElem = inMsgCtx.getEnvelope().getBody()
-                .getFirstChildWithName(
-                        new QName(RahasConstants.WST_NS_05_02,
-                                RahasConstants.REQUEST_SECURITY_TOKEN_LN));
-        if(rstElem != null) {
-            version = RahasConstants.VERSION_05_02;
-        } else {
-            rstElem = inMsgCtx.getEnvelope().getBody().getFirstChildWithName(
-                    new QName(RahasConstants.WST_NS_05_12,
-                            RahasConstants.REQUEST_SECURITY_TOKEN_LN));
-            if(rstElem != null) {
-                version = RahasConstants.VERSION_05_12;
-            } else {
-                throw new TrustException(TrustException.INVALID_REQUEST);
-            }
-        }
         
-        ns = TrustUtil.getWSTNamespace(version);
-
-        // Get the req type
-        OMElement reqTypeElem = rstElem.getFirstChildWithName(new QName(ns,
-                RahasConstants.REQUEST_TYPE_LN));
-        String reqType = null;
-
-        if (reqTypeElem == null
-                || (reqTypeElem != null && reqTypeElem.getText() != null && ""
-                        .equals(reqTypeElem.getText().trim()))) {
-            throw new TrustException(TrustException.INVALID_REQUEST);
-        } else {
-            reqType = reqTypeElem.getText().trim();
-        }
+        RahasData data = new RahasData(inMsgCtx);
         
-        // Get the token type
-        OMElement tokTypeElem = rstElem.getFirstChildWithName(new QName(ns,
-                RahasConstants.TOKEN_TYPE_LN));
-        String tokenType = null;
-
-        if (tokTypeElem != null && tokTypeElem.getText() != null
-                && !"".equals(tokTypeElem.getText().trim())) {
-            tokenType = tokTypeElem.getText().trim();
-        }
+        String reqType = data.getRequestType();
+        String tokenType = data.getTokenType();
         
         if (RahasConstants.V_05_02.REQ_TYPE_ISSUE.equals(reqType) ||
                 RahasConstants.V_05_12.REQ_TYPE_ISSUE.equals(reqType)) {
@@ -104,11 +61,11 @@
                 issuer = config.getIssuer(tokenType.toString());
             }
             
-            SOAPEnvelope response = issuer.issue(rstElem, inMsgCtx);
+            SOAPEnvelope response = issuer.issue(data);
             
             //set the response wsa/soap action in teh out message context
             outMsgCtx.getOptions().setAction(
-                    issuer.getResponseAction(rstElem, inMsgCtx));
+                    issuer.getResponseAction(data));
             
             return response;
         } else if(RahasConstants.V_05_02.REQ_TYPE_VALIDATE.equals(reqType) ||

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java Mon Aug 28 20:56:16 2006
@@ -22,6 +22,7 @@
 import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
 import org.apache.axiom.soap.SOAP11Constants;
 import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.addressing.AddressingConstants;
 import org.apache.axis2.context.MessageContext;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.message.token.Reference;
@@ -31,6 +32,8 @@
 
 import javax.xml.namespace.QName;
 
+import java.security.SecureRandom;
+
 public class TrustUtil {
     
     /**
@@ -215,15 +218,19 @@
         return ltElem;
     }
 
-    public static OMElement createAppliesToElement(OMElement parent, String address) {
-        OMElement appliesToElem = createOMElement(parent, RahasConstants.WSP_NS,
-                RahasConstants.APPLIES_TO_LN,
+    public static OMElement createAppliesToElement(OMElement parent,
+            String address, String addressingNs) {
+        OMElement appliesToElem = createOMElement(parent,
+                RahasConstants.WSP_NS, RahasConstants.APPLIES_TO_LN,
                 RahasConstants.WSP_PREFIX);
-        
-        OMElement eprElem = createOMElement(appliesToElem, RahasConstants.WSA_NS, RahasConstants.ENDPOINT_REFERENCE, RahasConstants.WSA_PREFIX);
-        OMElement addressElem = createOMElement(eprElem, RahasConstants.WSA_NS, RahasConstants.ADDRESS, RahasConstants.WSA_PREFIX);
+
+        OMElement eprElem = createOMElement(appliesToElem, addressingNs,
+                "EndpointReference", AddressingConstants.WSA_DEFAULT_PREFIX);
+        OMElement addressElem = createOMElement(eprElem, addressingNs,
+                AddressingConstants.EPR_ADDRESS,
+                AddressingConstants.WSA_DEFAULT_PREFIX);
         addressElem.setText(address);
-        
+
         return appliesToElem;
     }
     
@@ -249,45 +256,6 @@
                 parent);
     }
 
-    /**
-     * Find the value of the KeyType element of the RST
-     * @param version WS-Trsut version
-     * @param rst RequestSecurityToken element
-     * @return The value of the KeyType element of the RST. If there's no 
-     * KeyType element null will be returned.
-     * @throws TrustException
-     */
-    public static String findKeyType(OMElement rst) throws TrustException {
-        OMElement keyTypeElem = rst.getFirstChildWithName(new QName(rst.getNamespace().getNamespaceURI(), RahasConstants.KEY_TYPE_LN));
-        if(keyTypeElem != null) {
-            String text = keyTypeElem.getText();
-            if(text != null && !"".equals(text.trim())) {
-                return text.trim();
-            } 
-        }
-        return null;
-    }
-    
-    /**
-     * Find the KeySize
-     * @param rst
-     * @return Value of KeySize if available, otherwise -1
-     * @throws TrustException
-     */
-    public static int findKeySize(OMElement rst) throws TrustException {
-        OMElement keySizeElem = rst.getFirstChildWithName(new QName(rst.getNamespace().getNamespaceURI(), RahasConstants.KEY_SIZE_LN));
-        if(keySizeElem != null) {
-            String text = keySizeElem.getText();
-            if(text != null && !"".equals(text.trim())) {
-                try {
-                    return Integer.parseInt(text.trim());
-                } catch (NumberFormatException e) {
-                    throw new TrustException(TrustException.INVALID_REQUEST, new String[] { "invalid wst:Keysize value" }, e);
-                }
-            } 
-        }
-        return -1;
-    }
     
     
     public static String getWSTNamespace(int version) throws TrustException {
@@ -304,8 +272,10 @@
     public static int getWSTVersion(String ns) {
         if(RahasConstants.WST_NS_05_02.equals(ns)) {
             return RahasConstants.VERSION_05_02;
-        } else {
+        } else if(RahasConstants.WST_NS_05_12.equals(ns)) {
             return RahasConstants.VERSION_05_12;
+        } else {
+            return -1;
         }
     }
     
@@ -326,6 +296,44 @@
             msgCtx.getConfigurationContext().setProperty(tempKey, storage);
         }
         return storage;
+    }
+    
+    
+    /**
+     * Create an ephemeral key
+     * 
+     * @return
+     * @throws WSSecurityException
+     */
+    protected byte[] generateEphemeralKey(int keySize) throws TrustException {
+        try {
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            byte[] temp = new byte[keySize / 8];
+            random.nextBytes(temp);
+            return temp;
+        } catch (Exception e) {
+            throw new TrustException(
+                    "Error in creating the ephemeral key", e);
+        }
+    }
+    
+    /**
+     * Create an ephemeral key
+     * 
+     * @return
+     * @throws WSSecurityException
+     */
+    protected byte[] generateEphemeralKey(byte[] reqEnt, byte[] respEnt,
+            String algo, int keySize) throws TrustException {
+        try {
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            byte[] temp = new byte[keySize / 8];
+            random.nextBytes(temp);
+            return temp;
+        } catch (Exception e) {
+            throw new TrustException(
+                    "Error in creating the ephemeral key", e);
+        }
     }
     
 }

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties Mon Aug 28 20:56:16 2006
@@ -33,6 +33,7 @@
 invalidKeysize = Invalid key size
 unsupportedWSTVersion = Unsupported WS-Trust version
 unsupportedKeyType = Upsupported KeyType
+invalidAppliesToElem = Invalid AppliesTo element
 
 #SCTIssuer specific error messages
 sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
@@ -44,6 +45,6 @@
 samlConverstionError = Error in converting a SAML token to DOOM 
 samlAssertionCreationError = Error in creating a SAMLToken using opensaml library
 aliasMissingForService = Certificate alias missing for service : \"{0}\"
-samlInvalidAppliesToElem = Invalid AppliesTo element
+
 samlIssuerNameMissing = issuerName value missing in the SAMLTokenIssuer configuration
 samlUnsupportedPrincipal = Unsupported principal : \"{0}\"

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java Mon Aug 28 20:56:16 2006
@@ -23,18 +23,16 @@
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.description.Parameter;
 import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
 import org.apache.rahas.Token;
 import org.apache.rahas.TokenIssuer;
 import org.apache.rahas.TrustException;
 import org.apache.rahas.TrustUtil;
 import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.WSUsernameTokenPrincipal;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -53,15 +51,13 @@
 import org.w3c.dom.Node;
 import org.w3c.dom.Text;
 
-import javax.xml.namespace.QName;
-
 import java.security.Principal;
+import java.security.SecureRandom;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.util.Arrays;
 import java.util.Date;
-import java.util.Vector;
 
 /**
  * Issuer to issue SAMl tokens
@@ -71,58 +67,11 @@
     private String configParamName;
     private OMElement configElement;
     private String configFile;
-    
-    /*
-     * (non-Javadoc)
-     * 
-     * @see org.apache.rahas.TokenIssuer#issue(org.apache.axiom.om.OMElement,
-     *      org.apache.axis2.context.MessageContext)
-     */
-    public SOAPEnvelope issue(OMElement request, MessageContext inMsgCtx)
+        
+    public SOAPEnvelope issue(RahasData data)
             throws TrustException {
 
-
-        /*
-         * User can be identifier using a UsernameToken or a certificate
-         *  - If a certificate is found then we use that to 
-         *      - identify the user and 
-         *      - encrypt the response (if required)
-         *  - If a UsernameToken is found then we will not be encrypting the 
-         *    response 
-         */
-        
-        //Flag to identify whether we found a cert or not
-        Principal principal = null;
-        X509Certificate clientCert = null;
-        
-        Vector results = null;
-        if ((results = (Vector) inMsgCtx
-                .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
-            throw new TrustException(TrustException.REQUEST_FAILED);
-        } else {
-
-            for (int i = 0; i < results.size(); i++) {
-                WSHandlerResult rResult = (WSHandlerResult) results.get(i);
-                Vector wsSecEngineResults = rResult.getResults();
-
-                for (int j = 0; j < wsSecEngineResults.size(); j++) {
-                    WSSecurityEngineResult wser = 
-                        (WSSecurityEngineResult) wsSecEngineResults.get(j);
-                    if (wser.getAction() == WSConstants.SIGN
-                            && wser.getPrincipal() != null) {
-                        clientCert = wser.getCertificate();
-                        principal = wser.getPrincipal();
-                    } else if(wser.getAction() == WSConstants.UT
-                            && wser.getPrincipal() != null){
-                        principal = wser.getPrincipal();
-                    }
-                }
-            }
-            //If the principal is missing
-            if(principal == null) {
-                throw new TrustException(TrustException.REQUEST_FAILED);
-            }
-        }
+        MessageContext inMsgCtx = data.getInMessageContext();
         
         SAMLTokenIssuerConfig config = null;
         if(this.configElement != null) {
@@ -168,11 +117,11 @@
         Document doc = ((Element) env).getOwnerDocument();
         
         //Get the key size and create a new byte array of that size
-        int keySize = TrustUtil.findKeySize(request);
+        int keySize = data.getKeysize();
         
         keySize = (keySize == -1) ? config.keySize : keySize;
         
-        byte[] secret = new byte[keySize/8]; 
+        
         
         /*
          * Find the KeyType
@@ -186,9 +135,8 @@
          * If the key type is missing we will issue a HoK asserstion
          */ 
         
-        String keyType = TrustUtil.findKeyType(request);
-        String appliesToAddress = this.getServiceAddress(request);
-        
+        String keyType = data.getKeyType();
+
         SAMLAssertion assertion = null;
         
         if(keyType == null) {
@@ -197,17 +145,16 @@
         
         if(keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY) || 
                          keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) {
-            assertion = createHoKAssertion(config, request, doc, crypto,
-                    creationTime, expirationTime, keyType, secret, principal, clientCert);
+            assertion = createHoKAssertion(config, doc, crypto, creationTime, expirationTime, data);
         } else  if(keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
-            assertion = createBearerAssertion(config, request, doc, crypto, creationTime, expirationTime, principal);
+            assertion = createBearerAssertion(config, doc, crypto, creationTime, expirationTime, data);
         } else {
             throw new TrustException("unsupportedKeyType");
         }
         
         OMElement rstrElem = null; 
         
-        int version = TrustUtil.getWSTVersion(request.getNamespace().getNamespaceURI());
+        int version = data.getVersion();
         
         if(RahasConstants.VERSION_05_02 == version) {
             rstrElem = TrustUtil
@@ -239,8 +186,9 @@
                     .getId(), RahasConstants.TOK_TYPE_SAML_10);
         }
 
-        if(appliesToAddress != null) {
-            TrustUtil.createAppliesToElement(rstrElem, appliesToAddress);
+        if(data.getAppliesToAddress() != null) {
+            TrustUtil.createAppliesToElement(rstrElem, data
+                    .getAppliesToAddress(), data.getAddressingNs());
         }
         
         // Use GMT time in milliseconds
@@ -259,12 +207,12 @@
                     .getOwnerDocument().importNode(tempNode, true));
 
             // Store the token
-            Token sctToken = new Token(assertion.getId(), (OMElement) assertion
+            Token assertionToken = new Token(assertion.getId(), (OMElement) assertion
                     .toDOM());
             // At this point we definitely have the secret
             // Otherwise it should fail with an exception earlier
-            sctToken.setSecret(secret);
-            TrustUtil.getTokenStore(inMsgCtx).add(sctToken);
+            assertionToken.setSecret(data.getEphmeralKey());
+            TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
             
         } catch (SAMLException e) {
             throw new TrustException("samlConverstionError", e);
@@ -276,32 +224,33 @@
                     .createRequestedProofTokenElement(version, rstrElem);
             OMElement binSecElem = TrustUtil.createBinarySecretElement(version,
                     reqProofTokElem, null);
-            binSecElem.setText(Base64.encode(secret));
+            binSecElem.setText(Base64.encode(data.getEphmeralKey()));
         }
         
         // Unet the DOM impl to DOOM
         DocumentBuilderFactoryImpl.setDOOMRequired(false);
         
-        System.out.println("---------------ISSUED SOAP Env : START---------------");
-        System.out.println(env);
-        System.out.println("---------------ISSUED SOAP Env : END---------------");
         return env;
     }
     
 
     private SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig config,
-            OMElement request, Document doc, Crypto crypto, Date creationTime,
-            Date expirationTime, Principal principal) throws TrustException {
+            Document doc, Crypto crypto, Date creationTime,
+            Date expirationTime, RahasData data) throws TrustException {
         try {
-            //In the case where the principal is a UT
-            if(principal instanceof WSUsernameTokenPrincipal) {
-                WSUsernameTokenPrincipal utPrincipal = (WSUsernameTokenPrincipal)principal;
-                //TODO: Find the email address
-                String subjectNameId = "rcuhtihf@apache.org";
-                SAMLNameIdentifier nameId = new SAMLNameIdentifier(subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
-                return createAuthAssertion(doc, SAMLSubject.CONF_BEARER, nameId, null, config, crypto, creationTime, expirationTime);
+            Principal principal = data.getPrincipal();
+            // In the case where the principal is a UT
+            if (principal instanceof WSUsernameTokenPrincipal) {
+                // TODO: Find the email address
+                String subjectNameId = "ruchithf@apache.org";
+                SAMLNameIdentifier nameId = new SAMLNameIdentifier(
+                        subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+                return createAuthAssertion(doc, SAMLSubject.CONF_BEARER,
+                        nameId, null, config, crypto, creationTime,
+                        expirationTime);
             } else {
-                throw new TrustException("samlUnsupportedPrincipal", new String[]{principal.getClass().getName()});
+                throw new TrustException("samlUnsupportedPrincipal",
+                        new String[] { principal.getClass().getName() });
             }
         } catch (SAMLException e) {
             throw new TrustException("samlAssertionCreationError", e);
@@ -309,19 +258,18 @@
     }
 
     private SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig config,
-            OMElement request, Document doc, Crypto crypto, Date creationTime,
-            Date expirationTime, String keyType, byte[] secret,
-            Principal principal, X509Certificate clientCert)
-            throws TrustException {
+            Document doc, Crypto crypto, Date creationTime,
+            Date expirationTime, RahasData data) throws TrustException {
         
         
-        if(keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+        if(data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
             Element encryptedKeyElem = null;
             X509Certificate serviceCert = null;
             try {
                 
                 //Get ApliesTo to figureout which service to issue the token for
-                serviceCert = getServiceCert(request, config, crypto);
+                serviceCert = getServiceCert(data.getRstElement(), config,
+                        crypto, data.getAppliesToAddress());
     
                 //Ceate the encrypted key
                 WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
@@ -333,7 +281,9 @@
                 encrKeyBuilder.setUseThisCert(serviceCert);
                 
                 //set keysize
-                encrKeyBuilder.setKeySize(secret.length*8);
+                int keysize = data.getKeysize();
+                keysize = (keysize != -1) ? keysize : config.keySize;
+                encrKeyBuilder.setKeySize(keysize);
                 
                 //Set key encryption algo
                 encrKeyBuilder.setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
@@ -342,7 +292,7 @@
                 encrKeyBuilder.prepare(doc, crypto);
                 
                 //Extract the base64 encoded secret value
-                System.arraycopy(encrKeyBuilder.getEphemeralKey(), 0, secret, 0, secret.length);
+                System.arraycopy(encrKeyBuilder.getEphemeralKey(), 0, data.getEphmeralKey(), 0, keysize/8);
                 
                 //Extract the Encryptedkey DOM element 
                 encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
@@ -355,11 +305,11 @@
                     config, crypto, creationTime, expirationTime);
         } else {
             try {
-                String subjectNameId = principal.getName();
+                String subjectNameId = data.getPrincipal().getName();
                 SAMLNameIdentifier nameId = new SAMLNameIdentifier(subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
                 
                 //Create the ds:KeyValue element with the ds:X509Data
-                byte[] clientCertBytes = clientCert.getEncoded();
+                byte[] clientCertBytes = data.getClientCert().getEncoded();
                 String base64Cert = Base64.encode(clientCertBytes);
                 
                 Text base64CertText = doc.createTextNode(base64Cert);
@@ -385,18 +335,18 @@
      * @param request
      * @param config
      * @param crypto
+     * @param serviceAddress The address of the service
      * @throws WSSecurityException
      * @return
      */
     private X509Certificate getServiceCert(OMElement request,
-            SAMLTokenIssuerConfig config, Crypto crypto)
+            SAMLTokenIssuerConfig config, Crypto crypto, String serviceAddress)
             throws WSSecurityException, TrustException {
 
 //        return (X509Certificate)crypto.getCertificates("bob")[0];
-        String address = this.getServiceAddress(request);
-        
-        if(address != null && !"".equals(address)) {
-            String alias = (String)config.trustedServices.get(address);;
+
+        if(serviceAddress != null && !"".equals(serviceAddress)) {
+            String alias = (String)config.trustedServices.get(serviceAddress);;
             if(alias != null) {
                 return (X509Certificate)crypto.getCertificates(alias)[0];
             } else {
@@ -410,29 +360,6 @@
         
     }
 
-    
-    private String getServiceAddress(OMElement request) throws TrustException {
-        OMElement appliesToElem = request.getFirstChildWithName(
-                new QName(RahasConstants.WSP_NS, RahasConstants.APPLIES_TO_LN));
-        if(appliesToElem != null) {
-            OMElement eprElem = appliesToElem.getFirstChildWithName(new QName(
-                    RahasConstants.WSA_NS, RahasConstants.ENDPOINT_REFERENCE));
-            if (eprElem != null) {
-                OMElement addrElem = eprElem.getFirstChildWithName(new QName(
-                        RahasConstants.WSA_NS, RahasConstants.ADDRESS));
-                if (addrElem != null && addrElem.getText() != null && !"".equals(addrElem.getText().trim())) {
-                    return addrElem.getText().trim();
-                } else {
-                    throw new TrustException("samlInvalidAppliesToElem");
-                }
-            } else {
-                throw new TrustException("samlInvalidAppliesToElem");
-            }
-        }
-        //If the AppliesTo element is missing
-        return null;
-    }    
-
     /**
      * Create the SAML assertion with the secret held in an 
      * <code>xenc:EncryptedKey</code>
@@ -560,12 +487,31 @@
      * @see org.apache.rahas.TokenIssuer#getResponseAction(org.apache.axiom.om.OMElement,
      *      org.apache.axis2.context.MessageContext)
      */
-    public String getResponseAction(OMElement request, MessageContext inMsgCtx)
+    public String getResponseAction(RahasData data)
             throws TrustException {
-        if(RahasConstants.WST_NS_05_02.equals(request.getNamespace().getNamespaceURI())) {
+        if(RahasConstants.VERSION_05_02 == data.getVersion()) {
             return RahasConstants.V_05_02.RSTR_ACTON_ISSUE;
         } else {
             return RahasConstants.V_05_12.RSTR_ACTON_ISSUE;    
+        }
+    }
+    
+    
+    /**
+     * Create an ephemeral key
+     * 
+     * @return
+     * @throws WSSecurityException
+     */
+    protected byte[] generateEphemeralKey(int keySize) throws TrustException {
+        try {
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            byte[] temp = new byte[keySize / 8];
+            random.nextBytes(temp);
+            return temp;
+        } catch (Exception e) {
+            throw new TrustException(
+                    "Error in creating the ephemeral key", e);
         }
     }
 

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java?rev=437942&r1=437941&r2=437942&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java Mon Aug 28 20:56:16 2006
@@ -18,282 +18,240 @@
 
 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.soap.SOAPEnvelope;
-import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.description.Parameter;
 import org.apache.axis2.util.Base64;
 import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
 import org.apache.rahas.Token;
 import org.apache.rahas.TokenIssuer;
 import org.apache.rahas.TrustException;
 import org.apache.rahas.TrustUtil;
 import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.token.SecurityContextToken;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import java.security.Principal;
 import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.Vector;
 
 public class SCTIssuer implements TokenIssuer {
 
     public final static String ENCRYPTED_KEY = "EncryptedKey";
+
     public final static String COMPUTED_KEY = "ComputedKey";
+
     public final static String BINARY_SECRET = "BinarySecret";
-    
+
     private String configFile;
-    
+
     private OMElement configElement;
-    
+
     private String configParamName;
-    
+
     /**
-     * Issue a SecuritycontextToken based on the wsse:Signature or 
+     * Issue a SecuritycontextToken based on the wsse:Signature or
      * wsse:UsernameToken
      * 
-     * This will support returning the SecurityContextToken with the following 
+     * This will support returning the SecurityContextToken with the following
      * types of wst:RequestedProof tokens:
      * <ul>
-     *  <li>xenc:EncryptedKey</li>
-     *  <li>wst:ComputedKey</li>
-     *  <li>wst:BinarySecret (for secure transport)</li>
-     * </ul> 
+     * <li>xenc:EncryptedKey</li>
+     * <li>wst:ComputedKey</li>
+     * <li>wst:BinarySecret (for secure transport)</li>
+     * </ul>
      */
-    public SOAPEnvelope issue(OMElement request, MessageContext inMsgCtx)
-            throws TrustException {
+    public SOAPEnvelope issue(RahasData data) throws TrustException {
 
-        Vector results = null;
-        if ((results = (Vector) inMsgCtx
-                .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
-            throw new TrustException(TrustException.REQUEST_FAILED);
-        } else {
-            Principal principal = null;
-            X509Certificate cert = null;
-            for (int i = 0; i < results.size(); i++) {
-                WSHandlerResult rResult = (WSHandlerResult) results.get(i);
-                Vector wsSecEngineResults = rResult.getResults();
-
-                for (int j = 0; j < wsSecEngineResults.size(); j++) {
-                    WSSecurityEngineResult wser = 
-                        (WSSecurityEngineResult) wsSecEngineResults.get(j);
-                    if (wser.getAction() != WSConstants.ENCR
-                            && wser.getPrincipal() != null) {
-                        cert = wser.getCertificate();
-                        principal = wser.getPrincipal();
-                    }
-                }
-            }
-            //If the principal is missing
-            if(principal == null) {
-                throw new TrustException(TrustException.REQUEST_FAILED);
-            }
-            
-            SCTIssuerConfig config = null;
-            if(this.configElement != null) {
-                config = SCTIssuerConfig
-                        .load(configElement
-                                .getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
-            } 
-
-            //Look for the file
-            if(config == null && this.configFile != null) {
-                config = SCTIssuerConfig.load(this.configFile);
-            }
-            
-            //Look for the param
-            if(config == null && this.configParamName != null) {
-                Parameter param = inMsgCtx.getParameter(this.configParamName);
-                if(param != null && param.getParameterElement() != null) {
-                    config = SCTIssuerConfig.load(param.getParameterElement()
-                            .getFirstChildWithName(
-                                    SCTIssuerConfig.SCT_ISSUER_CONFIG));
-                } else {
-                    throw new TrustException("expectedParameterMissing",
-                            new String[] { this.configParamName });
-                }
-            }
-            
-            if(config == null) {
-                throw new TrustException("missingConfiguration",
-                        new String[] { SCTIssuerConfig.SCT_ISSUER_CONFIG
-                                .getLocalPart() });
-            }
+        SCTIssuerConfig config = null;
+        if (this.configElement != null) {
+            config = SCTIssuerConfig
+                    .load(configElement
+                            .getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+        }
 
-            //Get WST Version
-            int wstVersion = TrustUtil.getWSTVersion(request.getNamespace().getNamespaceURI());
-            
-            parseEntropyInfo(inMsgCtx.getEnvelope(), config);
-            
-            if(ENCRYPTED_KEY.equals(config.proofTokenType)) {
-                SOAPEnvelope responseEnv = this.doEncryptedKey(config,
-                        inMsgCtx, cert, wstVersion);
-                return responseEnv;
-            } else if(BINARY_SECRET.equals(config.proofTokenType)) {
-                SOAPEnvelope responseEnv = this.doBinarySecret(config,
-                        inMsgCtx, wstVersion);
-                return responseEnv;
-            } else if(COMPUTED_KEY.equals(config.proofTokenType)) {
-                // TODO 
-                throw new UnsupportedOperationException("TODO");
+        // Look for the file
+        if (config == null && this.configFile != null) {
+            config = SCTIssuerConfig.load(this.configFile);
+        }
+
+        // Look for the param
+        if (config == null && this.configParamName != null) {
+            Parameter param = data.getInMessageContext().getParameter(this.configParamName);
+            if (param != null && param.getParameterElement() != null) {
+                config = SCTIssuerConfig.load(param.getParameterElement()
+                        .getFirstChildWithName(
+                                SCTIssuerConfig.SCT_ISSUER_CONFIG));
             } else {
-                // TODO 
-                throw new UnsupportedOperationException("TODO: Default");
+                throw new TrustException("expectedParameterMissing",
+                        new String[] { this.configParamName });
             }
         }
 
+        if (config == null) {
+            throw new TrustException("missingConfiguration",
+                    new String[] { SCTIssuerConfig.SCT_ISSUER_CONFIG
+                            .getLocalPart() });
+        }
 
-    }
-    
-    /**
-     * @param envelope
-     * @param config
-     */
-    private void parseEntropyInfo(SOAPEnvelope envelope, SCTIssuerConfig config) {
-//        OMElement elem = envelope.getBody().getFirstChildWithName(new QName(RahasConstants.WST_NS, RahasConstants.REQUEST_SECURITY_TOKEN_LN));
-//        if(elem != null) {
-//            //TODO get the entropy and keysize info
-//        }
+        if (ENCRYPTED_KEY.equals(config.proofTokenType)) {
+            SOAPEnvelope responseEnv = this.doEncryptedKey(config,data);
+            return responseEnv;
+        } else if (BINARY_SECRET.equals(config.proofTokenType)) {
+            SOAPEnvelope responseEnv = this.doBinarySecret(config, data);
+            return responseEnv;
+        } else if (COMPUTED_KEY.equals(config.proofTokenType)) {
+            // TODO
+            throw new UnsupportedOperationException("TODO");
+        } else {
+            // TODO
+            throw new UnsupportedOperationException("TODO: Default");
+        }
     }
 
-    /**
-     * @param config
-     * @param inMsgCtx
-     * @param cert
-     * @return
-     */
-    private SOAPEnvelope doBinarySecret(SCTIssuerConfig config, MessageContext msgCtx, int wstVersion) throws TrustException {
-        
-        SOAPEnvelope env = TrustUtil.createSOAPEnvelope(msgCtx.getEnvelope()
-                .getNamespace().getNamespaceURI());
-        //Get the document
-        Document doc = ((Element)env).getOwnerDocument();
+    private SOAPEnvelope doBinarySecret(SCTIssuerConfig config, RahasData data)
+            throws TrustException {
+
+        SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
+        int wstVersion = data.getVersion();
         
+        // Get the document
+        Document doc = ((Element) env).getOwnerDocument();
+
         SecurityContextToken sct = new SecurityContextToken(doc);
-        
-        OMElement rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(wstVersion, env.getBody());
 
-        OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
-        
-        rstElem.addChild((OMElement)sct.getElement());
-        
+        OMElement rstrElem = TrustUtil
+                .createRequestSecurityTokenResponseElement(wstVersion, env
+                        .getBody());
+
+        OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(
+                wstVersion, rstrElem);
+
+        rstElem.addChild((OMElement) sct.getElement());
+
         if (config.addRequestedAttachedRef) {
-            if(wstVersion == RahasConstants.VERSION_05_02) {
-                TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#" + sct.getID(),
-                    RahasConstants.V_05_02.TOK_TYPE_SCT);
+            if (wstVersion == RahasConstants.VERSION_05_02) {
+                TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+                        + sct.getID(), RahasConstants.V_05_02.TOK_TYPE_SCT);
             } else {
-                TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#" + sct.getID(),
-                        RahasConstants.V_05_12.TOK_TYPE_SCT);
+                TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+                        + sct.getID(), RahasConstants.V_05_12.TOK_TYPE_SCT);
             }
         }
 
         if (config.addRequestedUnattachedRef) {
-            if(wstVersion == RahasConstants.VERSION_05_02) {
-                TrustUtil.createRequestedUnattachedRef(wstVersion, 
-                    rstrElem, sct.getIdentifier(), RahasConstants.V_05_02.TOK_TYPE_SCT);
+            if (wstVersion == RahasConstants.VERSION_05_02) {
+                TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+                        sct.getIdentifier(),
+                        RahasConstants.V_05_02.TOK_TYPE_SCT);
             } else {
-                TrustUtil.createRequestedUnattachedRef(wstVersion, 
-                        rstrElem, sct.getIdentifier(), RahasConstants.V_05_12.TOK_TYPE_SCT);
+                TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+                        sct.getIdentifier(),
+                        RahasConstants.V_05_12.TOK_TYPE_SCT);
             }
         }
-        
-        OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(wstVersion, rstrElem);
-        
-        OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion, reqProofTok, null);
+
+        OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
+                wstVersion, rstrElem);
+
+        OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+                reqProofTok, null);
 
         byte[] secret = this.generateEphemeralKey();
         binSecElem.setText(Base64.encode(secret));
-    
-        //Store the tokens
-        Token sctToken = new Token(sct.getIdentifier(), (OMElement)sct.getElement());
+
+        // Store the tokens
+        Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
+                .getElement());
         sctToken.setSecret(secret);
-        TrustUtil.getTokenStore(msgCtx).add(sctToken);
-        
+        TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
+
         return env;
     }
 
-    private SOAPEnvelope doEncryptedKey(SCTIssuerConfig config,
-            MessageContext msgCtx, X509Certificate cert, int wstVersion) throws TrustException {
-        
-        SOAPEnvelope env = TrustUtil.createSOAPEnvelope(msgCtx.getEnvelope()
-                .getNamespace().getNamespaceURI());
-        //Get the document
-        Document doc = ((Element)env).getOwnerDocument();
+    private SOAPEnvelope doEncryptedKey(SCTIssuerConfig config, RahasData data)
+            throws TrustException {
+
+        int wstVersion = data.getVersion();
         
+        SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
+        // Get the document
+        Document doc = ((Element) env).getOwnerDocument();
+
         WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
         Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
-                msgCtx.getAxisService().getClassLoader());
+                data.getInMessageContext().getAxisService().getClassLoader());
 
         encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
         try {
-            encrKeyBuilder.setUseThisCert(cert);
+            encrKeyBuilder.setUseThisCert(data.getClientCert());
             encrKeyBuilder.prepare(doc, crypto);
         } catch (WSSecurityException e) {
             throw new TrustException(
                     "errorInBuildingTheEncryptedKeyForPrincipal",
-                    new String[] { cert.getSubjectDN().getName()});
+                    new String[] { data.getClientCert().getSubjectDN()
+                            .getName() });
         }
-        
+
         SecurityContextToken sct = new SecurityContextToken(doc);
-        
+
         OMElement rstrElem = TrustUtil
-                .createRequestSecurityTokenResponseElement(wstVersion, env.getBody());
+                .createRequestSecurityTokenResponseElement(wstVersion, env
+                        .getBody());
+
+        OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(
+                wstVersion, rstrElem);
+
+        rstElem.addChild((OMElement) sct.getElement());
 
-        OMElement rstElem = TrustUtil
-                .createRequestedSecurityTokenElement(wstVersion, rstrElem);
-        
-        rstElem.addChild((OMElement)sct.getElement());
-        
         if (config.addRequestedAttachedRef) {
-            if(wstVersion == RahasConstants.VERSION_05_02) {
-                TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#" + sct.getID(),
-                    RahasConstants.V_05_02.TOK_TYPE_SCT);
+            if (wstVersion == RahasConstants.VERSION_05_02) {
+                TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+                        + sct.getID(), RahasConstants.V_05_02.TOK_TYPE_SCT);
             } else {
-                TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#" + sct.getID(),
-                        RahasConstants.V_05_12.TOK_TYPE_SCT);
+                TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+                        + sct.getID(), RahasConstants.V_05_12.TOK_TYPE_SCT);
             }
         }
 
         if (config.addRequestedUnattachedRef) {
-            if(wstVersion == RahasConstants.VERSION_05_02) {
-                TrustUtil.createRequestedUnattachedRef(wstVersion, 
-                    rstrElem, sct.getIdentifier(), RahasConstants.V_05_02.TOK_TYPE_SCT);
+            if (wstVersion == RahasConstants.VERSION_05_02) {
+                TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+                        sct.getIdentifier(),
+                        RahasConstants.V_05_02.TOK_TYPE_SCT);
             } else {
-                TrustUtil.createRequestedUnattachedRef(wstVersion, 
-                        rstrElem, sct.getIdentifier(), RahasConstants.V_05_12.TOK_TYPE_SCT);
+                TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+                        sct.getIdentifier(),
+                        RahasConstants.V_05_12.TOK_TYPE_SCT);
             }
         }
-        
+
         Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
         Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
-        
-        OMElement reqProofTok = TrustUtil
-                .createRequestedProofTokenElement(wstVersion, rstrElem);
 
-        if(bstElem != null) {
-            reqProofTok.addChild((OMElement)bstElem);
+        OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
+                wstVersion, rstrElem);
+
+        if (bstElem != null) {
+            reqProofTok.addChild((OMElement) bstElem);
         }
-        
-        reqProofTok.addChild((OMElement)encryptedKeyElem);
-    
-        //Store the tokens
+
+        reqProofTok.addChild((OMElement) encryptedKeyElem);
+
+        // Store the tokens
         Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
                 .getElement());
         sctToken.setSecret(encrKeyBuilder.getEphemeralKey());
-        TrustUtil.getTokenStore(msgCtx).add(sctToken);
-        
+        TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
+
         return env;
     }
 
-    public String getResponseAction(OMElement request, MessageContext inMsgCtx) throws TrustException {
-        if(RahasConstants.WST_NS_05_02.equals(request.getNamespace().getNamespaceURI())) {
+    public String getResponseAction(RahasData data) throws TrustException {
+        if (RahasConstants.WST_NS_05_02.equals(data.getRstElement()
+                .getNamespace().getNamespaceURI())) {
             return RahasConstants.V_05_02.RSTR_ACTON_SCT;
         } else {
             return RahasConstants.V_05_12.RSTR_ACTON_SCT;
@@ -327,17 +285,12 @@
             random.nextBytes(temp);
             return temp;
         } catch (Exception e) {
-            throw new TrustException ("errorCreatingSymmKey", e);
+            throw new TrustException("errorCreatingSymmKey", e);
         }
     }
-    
-    /* (non-Javadoc)
-     * @see org.apache.rahas.TokenIssuer#setConfigurationParamName(java.lang.String)
-     */
+
     public void setConfigurationParamName(String configParamName) {
         this.configParamName = configParamName;
     }
-    
 
-    
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message