ws-axis-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r390996 - in /webservices/axis2/trunk/java/modules: addressing/src/META-INF/ core/conf/ core/src/org/apache/axis2/deployment/ security/src/META-INF/ security/src/org/apache/axis2/security/trust/ security/src/org/apache/axis2/security/trust/...
Date Mon, 03 Apr 2006 10:37:08 GMT
Author: ruchithf
Date: Mon Apr  3 03:37:03 2006
New Revision: 390996

URL: http://svn.apache.org/viewcvs?rev=390996&view=rev
Log:
- Use sct-issuer-config parameter to configure the rahas module
- The SCTIssuer now can issue tokens with wst:BinarySecret carrying the secret
- Added the INFaultflow to the addressing module.xml and updated the axis2.xml s to include
the dispatchers in the INFaultflow


Modified:
    webservices/axis2/trunk/java/modules/addressing/src/META-INF/module.xml
    webservices/axis2/trunk/java/modules/core/conf/axis2.xml
    webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/deployment/axis2_default.xml
    webservices/axis2/trunk/java/modules/security/src/META-INF/rahas-module.xml
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcherConfig.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustException.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java

Modified: webservices/axis2/trunk/java/modules/addressing/src/META-INF/module.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/addressing/src/META-INF/module.xml?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/addressing/src/META-INF/module.xml (original)
+++ webservices/axis2/trunk/java/modules/addressing/src/META-INF/module.xml Mon Apr  3 03:37:03
2006
@@ -21,4 +21,13 @@
             <order phase="MessageOut"/>
         </handler>
     </Outfaultflow>
+    
+    <INfaultflow>
+        <handler name="AddressingFinalInHandler" class="org.apache.axis2.handlers.addressing.AddressingFinalInHandler">
+            <order phase="PreDispatch"/>
+        </handler>
+        <handler name="AddressingSubmissionInHandler" class="org.apache.axis2.handlers.addressing.AddressingSubmissionInHandler">
+            <order phase="PreDispatch"/>
+        </handler>
+    </INfaultflow>
 </module>

Modified: webservices/axis2/trunk/java/modules/core/conf/axis2.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/core/conf/axis2.xml?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/core/conf/axis2.xml (original)
+++ webservices/axis2/trunk/java/modules/core/conf/axis2.xml Mon Apr  3 03:37:03 2006
@@ -152,8 +152,34 @@
         <phase name="MessageOut"/>
     </phaseOrder>
     <phaseOrder type="INfaultflow">
+        <phase name="PreDispatch"/>
+        <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+            <handler name="RequestURIBasedDispatcher"
+                     class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+                <order phase="Dispatch"/>
+            </handler>
+
+            <handler name="SOAPActionBasedDispatcher"
+                     class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+                <order phase="Dispatch"/>
+            </handler>
+
+            <handler name="AddressingBasedDispatcher"
+                     class="org.apache.axis2.engine.AddressingBasedDispatcher">
+                <order phase="Dispatch"/>
+            </handler>
+
+            <handler name="SOAPMessageBodyBasedDispatcher"
+                     class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+                <order phase="Dispatch"/>
+            </handler>
+            <handler name="InstanceDispatcher"
+                     class="org.apache.axis2.engine.InstanceDispatcher">
+                <order phase="PostDispatch"/>
+            </handler>
+        </phase>
         <!--      user can add his own phases to this area  -->
-        <phase name="OperationFaultInPhase"/>
+        <phase name="OperationInFaultPhase"/>
     </phaseOrder>
     <phaseOrder type="Outfaultflow">
         <!--      user can add his own phases to this area  -->

Modified: webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/deployment/axis2_default.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/deployment/axis2_default.xml?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/deployment/axis2_default.xml
(original)
+++ webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/deployment/axis2_default.xml
Mon Apr  3 03:37:03 2006
@@ -110,6 +110,32 @@
         <phase name="MessageOut"/>
     </phaseOrder>
     <phaseOrder type="INfaultflow">
+        <phase name="PreDispatch"/>
+        <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+            <handler name="RequestURIBasedDispatcher"
+                     class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+                <order phase="Dispatch"/>
+            </handler>
+
+            <handler name="SOAPActionBasedDispatcher"
+                     class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+                <order phase="Dispatch"/>
+            </handler>
+
+            <handler name="AddressingBasedDispatcher"
+                     class="org.apache.axis2.engine.AddressingBasedDispatcher">
+                <order phase="Dispatch"/>
+            </handler>
+
+            <handler name="SOAPMessageBodyBasedDispatcher"
+                     class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+                <order phase="Dispatch"/>
+            </handler>
+            <handler name="InstanceDispatcher"
+                     class="org.apache.axis2.engine.InstanceDispatcher">
+                <order phase="PostDispatch"/>
+            </handler>
+        </phase>
         <!--      user can add his own phases to this area  -->
         <phase name="OperationInFaultPhase"/>
     </phaseOrder>

Modified: webservices/axis2/trunk/java/modules/security/src/META-INF/rahas-module.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/META-INF/rahas-module.xml?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/META-INF/rahas-module.xml (original)
+++ webservices/axis2/trunk/java/modules/security/src/META-INF/rahas-module.xml Mon Apr  3
03:37:03 2006
@@ -26,12 +26,7 @@
 		<parameter name="token-dispatcher-configuration">
 			<token-dispatcher-configuration>
 				<issuer class="org.apache.axis2.security.trust.impl.SCTIssuer" default="true">
-					<configuration>
-						<sct-issuer-config>
-							<proofToken>EncryptedKey</proofToken>
-							<cryptoProperties>sctIssuer.properties</cryptoProperties>
-						</sct-issuer-config>
-					</configuration>
+					<configuration-param>sct-issuer-config</configuration-param>
 					<tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
 				</issuer>
 			</token-dispatcher-configuration>

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/STSMessageReceiver.java
Mon Apr  3 03:37:03 2006
@@ -60,6 +60,7 @@
                 throw new TrustException("missingDispatcherConfiguration");
             }
         } catch (TrustException e) {
+            e.printStackTrace();
             //Log the exception
             log.error(e);
             throw new AxisFault(e.getFaultString(), e.getFaultCode());

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcherConfig.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcherConfig.java?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcherConfig.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenRequestDispatcherConfig.java
Mon Apr  3 03:37:03 2006
@@ -90,9 +90,9 @@
             }
 
             //Process configuration parameter name information
-            OMElement issuerParamNameElem = element.getFirstChildWithName(CONFIGURATION_ELEMENT);
+            OMElement issuerParamNameElem = element.getFirstChildWithName(CONFIGURATION_PARAM);
             String issuerParamName = (issuerParamNameElem != null) ? issuerParamNameElem.getText()
: null;
-            if(issuerConfigElement != null) {
+            if(issuerParamName != null) {
                 conf.configParamNames.put(issuerClass, issuerParamName);    
             }
             

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustException.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustException.java?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustException.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TrustException.java
Mon Apr  3 03:37:03 2006
@@ -106,7 +106,11 @@
         } catch (MissingResourceException e) {
             throw new RuntimeException("Undefined '" + faultCode + "' resource property");
         }
-        return msg;
+        if(msg != null) {
+            return msg;
+        } else {
+            return faultCode;
+        }
     }
 
     /**

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
Mon Apr  3 03:37:03 2006
@@ -26,4 +26,5 @@
 expectedParameterMissing = Expected parameter missing : \"{0}\" 
 reqestedSecTokMissing = RequestedSecurityToken missing in the response
 rptMissing = RequestedProofToken missing in the response
-notSupported = Not supported: {0}
\ No newline at end of file
+notSupported = Not supported: {0}
+errorCreatingSymmKey = Error in creating the ephemeral key
\ No newline at end of file

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java?rev=390996&r1=390995&r2=390996&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
Mon Apr  3 03:37:03 2006
@@ -28,6 +28,7 @@
 import org.apache.axis2.security.trust.TokenIssuer;
 import org.apache.axis2.security.trust.TokenStorage;
 import org.apache.axis2.security.trust.TrustException;
+import org.apache.axis2.util.Base64;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
@@ -43,6 +44,7 @@
 import javax.xml.namespace.QName;
 
 import java.security.Principal;
+import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
 import java.util.Vector;
 
@@ -113,10 +115,11 @@
             
             //Look for the file
             if(config == null && this.configParamName != null) {
-                Parameter param = inMsgCtx
-                        .getParameter(SCTIssuerConfig.SCT_ISSUER_CONFIG_PARAM);
+                Parameter param = inMsgCtx.getParameter(this.configParamName);
                 if(param != null && param.getParameterElement() != null) {
-                    config = SCTIssuerConfig.load(param.getParameterElement());
+                    config = SCTIssuerConfig.load(param.getParameterElement()
+                            .getFirstChildWithName(
+                                    SCTIssuerConfig.SCT_ISSUER_CONFIG));
                 } else {
                     throw new TrustException("expectedParameterMissing",
                             new String[] { this.configParamName });
@@ -134,8 +137,9 @@
                         inMsgCtx, cert);
                 return responseEnv;
             } else if(BINARY_SECRET.equals(config.proofTokenType)) {
-                // TODO 
-                throw new UnsupportedOperationException("TODO");
+                SOAPEnvelope responseEnv = this.doBinarySecret(config,
+                        inMsgCtx);
+                return responseEnv;
             } else if(COMPUTED_KEY.equals(config.proofTokenType)) {
                 // TODO 
                 throw new UnsupportedOperationException("TODO");
@@ -148,6 +152,52 @@
 
     }
     
+    /**
+     * @param config
+     * @param inMsgCtx
+     * @param cert
+     * @return
+     */
+    private SOAPEnvelope doBinarySecret(SCTIssuerConfig config, MessageContext msgCtx) throws
TrustException {
+        
+        SOAPEnvelope env = this.getSOAPEnvelope(msgCtx);
+        //Get the document
+        Document doc = ((Element)env).getOwnerDocument();
+        
+        SecurityContextToken sct = new SecurityContextToken(doc);
+        sct.setID("sctId-" + sct.getElement().hashCode());
+        
+        OMElement rstrElem = env.getOMFactory().createOMElement(
+                new QName(Constants.WST_NS,
+                        Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN,
+                        Constants.WST_PREFIX), env.getBody());
+
+        OMElement rstElem = env.getOMFactory().createOMElement(
+                new QName(Constants.WST_NS,
+                        Constants.REQUESTED_SECURITY_TOKEN_LN,
+                        Constants.WST_PREFIX), rstrElem);
+        
+        rstElem.addChild((OMElement)sct.getElement());
+        
+        OMElement reqProofTok = env.getOMFactory().createOMElement(
+                new QName(Constants.WST_NS, Constants.REQUESTED_PROOF_TOKEN_LN,
+                        Constants.WST_PREFIX), rstrElem);
+        
+        OMElement binSecElem = env.getOMFactory().createOMElement(
+                new QName(Constants.WST_NS, Constants.BINARY_SECRET,
+                        Constants.WST_PREFIX), reqProofTok);
+
+        byte[] secret = this.generateEphemeralKey();
+        binSecElem.setText(Base64.encode(secret));
+    
+        //Store the tokens
+        Token sctToken = new Token(sct.getIdentifier(), (OMElement)sct.getElement());
+        sctToken.setSecret(secret);
+        this.getTokenStore(msgCtx).add(sctToken);
+        
+        return env;
+    }
+
     private SOAPEnvelope doEncryptedKey(SCTIssuerConfig config,
             MessageContext msgCtx, X509Certificate cert) throws TrustException {
         
@@ -255,6 +305,23 @@
         return storage;
     }
 
+    /**
+     * Create an ephemeral key
+     * 
+     * @return
+     * @throws WSSecurityException
+     */
+    private byte[] generateEphemeralKey() throws TrustException {
+        try {
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            byte[] temp = new byte[16];
+            random.nextBytes(temp);
+            return temp;
+        } catch (Exception e) {
+            throw new TrustException ("errorCreatingSymmKey", e);
+        }
+    }
+    
     /* (non-Javadoc)
      * @see org.apache.axis2.security.trust.TokenIssuer#setConfigurationParamName(java.lang.String)
      */



Mime
View raw message