ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1149202 - in /webservices/wss4j/trunk/src/main/java/org/apache/ws/security: ./ message/token/ processor/
Date Thu, 21 Jul 2011 14:46:00 GMT
Author: coheigea
Date: Thu Jul 21 14:45:57 2011
New Revision: 1149202

URL: http://svn.apache.org/viewvc?rev=1149202&view=rev
Log:
[WSS-251] - Support WSS Kerberos Token Profile
 - Made a start on this. Added a KerberosSecurity extension of the BinarySecurity class.
 - Also added a TokenElementCallback for use with the BinarySecurity class

Added:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/TokenElementCallback.java
Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java?rev=1149202&r1=1149201&r2=1149202&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java Thu Jul
21 14:45:57 2011
@@ -233,6 +233,18 @@ public class WSConstants {
         new QName (WSSE_NS, "MessageExpired");
 
     //
+    // Kerberos ValueTypes
+    //
+    public static final String WSS_KRB_V5_AP_REQ = KERBEROS_NS11 + "#Kerberosv5_AP_REQ";
+    public static final String WSS_GSS_KRB_V5_AP_REQ = KERBEROS_NS11 + "#GSS_Kerberosv5_AP_REQ";
+    public static final String WSS_KRB_V5_AP_REQ1510 = KERBEROS_NS11 + "#Kerberosv5_AP_REQ1510";
+    public static final String WSS_GSS_KRB_V5_AP_REQ1510 = 
+        KERBEROS_NS11 + "#GSS_Kerberosv5_AP_REQ1510";
+    public static final String WSS_KRB_V5_AP_REQ4120 = KERBEROS_NS11 + "#Kerberosv5_AP_REQ4120";
+    public static final String WSS_GSS_KRB_V5_AP_REQ4120 = 
+        KERBEROS_NS11 + "#GSS_Kerberosv5_AP_REQ4120";
+    
+    //
     // Misc
     //
     public static final String WSS_SAML_KI_VALUE_TYPE = SAMLTOKEN_NS + "#" + SAML_ASSERTION_ID;

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java?rev=1149202&r1=1149201&r2=1149202&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java
Thu Jul 21 14:45:57 2011
@@ -19,6 +19,7 @@
 
 package org.apache.ws.security.message.token;
 
+import java.io.IOException;
 import java.util.Arrays;
 
 import org.apache.ws.security.WSConstants;
@@ -31,6 +32,8 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.Text;
 
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.xml.namespace.QName;
 
 /**
@@ -105,6 +108,36 @@ public class BinarySecurity {
     }
     
     /**
+     * Create a BinarySecurityToken via a CallbackHandler
+     * @param callbackHandler
+     * @throws WSSecurityException
+     */
+    public BinarySecurity(CallbackHandler callbackHandler) throws WSSecurityException {
+        if (callbackHandler == null) {
+            LOG.debug("Trying to create a BinarySecurityToken via a null CallbackHandler");
+            throw new WSSecurityException(WSSecurityException.FAILURE);
+        }
+        TokenElementCallback[] callback = new TokenElementCallback[] { new TokenElementCallback()
};
+
+        try {
+            callbackHandler.handle(callback);
+        } catch (IOException e) {
+            throw new IllegalStateException(
+                "IOException while creating a token element", e
+            );
+        } catch (UnsupportedCallbackException e) {
+            throw new IllegalStateException(
+                "UnsupportedCallbackException while creating a token element", e
+            );
+        }
+        element = callback[0].getTokenElement();
+        if (element == null) {
+            LOG.debug("CallbackHandler did not return a token element");
+            throw new WSSecurityException(WSSecurityException.FAILURE);
+        }
+    }
+    
+    /**
      * Add the WSSE Namespace to this BST. The namespace is not added by default for
      * efficiency purposes.
      */

Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java?rev=1149202&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
(added)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
Thu Jul 21 14:45:57 2011
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.message.token;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Kerberos Security Token.
+ */
+public class KerberosSecurity extends BinarySecurity {
+    
+    /**
+     * This constructor creates a new Kerberos token object and initializes
+     * it from the data contained in the element.
+     *
+     * @param elem the element containing the Kerberos token data
+     * @throws WSSecurityException
+     */
+    public KerberosSecurity(Element elem) throws WSSecurityException {
+        this(elem, true);
+    }
+    
+    /**
+     * This constructor creates a new Kerberos token object and initializes
+     * it from the data contained in the element.
+     *
+     * @param elem the element containing the Kerberos token data
+     * @param bspCompliant Whether the token is processed according to the BSP spec
+     * @throws WSSecurityException
+     */
+    public KerberosSecurity(Element elem, boolean bspCompliant) throws WSSecurityException
{
+        super(elem, bspCompliant);
+    }
+
+    /**
+     * This constructor creates a new Kerberos element.
+     *
+     * @param doc
+     */
+    public KerberosSecurity(Document doc) {
+        super(doc);
+    }
+    
+    /**
+     * Return true if this token is a Kerberos V5 AP REQ token
+     */
+    public boolean isV5ApReq() {
+        String type = getValueType();
+        if (WSConstants.WSS_KRB_V5_AP_REQ.equals(type)
+            || WSConstants.WSS_KRB_V5_AP_REQ1510.equals(type)
+            || WSConstants.WSS_KRB_V5_AP_REQ4120.equals(type)) {
+            return true;
+        }
+        return false;
+    }
+    
+    /**
+     * Return true if this token is a Kerberos GSS V5 AP REQ token
+     */
+    public boolean isGssV5ApReq() {
+        String type = getValueType();
+        if (WSConstants.WSS_GSS_KRB_V5_AP_REQ.equals(type)
+            || WSConstants.WSS_GSS_KRB_V5_AP_REQ1510.equals(type)
+            || WSConstants.WSS_GSS_KRB_V5_AP_REQ4120.equals(type)) {
+            return true;
+        }
+        return false;
+    }
+
+}

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java?rev=1149202&r1=1149201&r2=1149202&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
Thu Jul 21 14:45:57 2011
@@ -84,6 +84,9 @@ public class PKIPathSecurity extends Bin
         if (data == null) {
             return null;
         }
+        if (crypto == null) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "noSigCryptoFile");
+        }
         return crypto.getCertificatesFromBytes(data);
     }
 

Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/TokenElementCallback.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/TokenElementCallback.java?rev=1149202&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/TokenElementCallback.java
(added)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/TokenElementCallback.java
Thu Jul 21 14:45:57 2011
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.message.token;
+
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * This class is a callback to obtain a DOM Element representing a security token.
+ */
+public class TokenElementCallback implements Callback {
+    
+    /**
+     * A DOM Element representing a security token
+     */
+    private Element element;
+    
+    /**
+     * Get the token element
+     * @return the token element
+     */
+    public Element getTokenElement() {
+        return element;
+    }
+
+    /**
+     * Set the token element
+     * @param the token element
+     */
+    public void setTokenElement(Element element) {
+        this.element = element;
+    }
+    
+}

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java?rev=1149202&r1=1149201&r2=1149202&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java
Thu Jul 21 14:45:57 2011
@@ -96,6 +96,9 @@ public class X509Security extends Binary
         if (cachedCert != null) {
             return cachedCert;
         }
+        if (crypto == null) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "noSigCryptoFile");
+        }
         byte[] data = getToken();
         if (data == null) {
             throw new WSSecurityException(

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java?rev=1149202&r1=1149201&r2=1149202&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
Thu Jul 21 14:45:57 2011
@@ -28,6 +28,7 @@ import org.apache.ws.security.WSSecurity
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.KerberosSecurity;
 import org.apache.ws.security.message.token.PKIPathSecurity;
 import org.apache.ws.security.message.token.X509Security;
 import org.apache.ws.security.validate.Credential;
@@ -86,6 +87,8 @@ public class BinarySecurityTokenProcesso
                 SAMLTokenPrincipal samlPrincipal = 
                     new SAMLTokenPrincipal(credential.getTransformedToken());
                 result.put(WSSecurityEngineResult.TAG_PRINCIPAL, samlPrincipal);
+            } else if (credential.getPrincipal() != null) {
+                result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal());
             } else if (certs != null && certs[0] != null) {
                 result.put(WSSecurityEngineResult.TAG_PRINCIPAL, certs[0].getSubjectX500Principal());
             }
@@ -105,9 +108,6 @@ public class BinarySecurityTokenProcesso
      */
     private X509Certificate[] getCertificatesTokenReference(BinarySecurity token, Crypto
crypto)
         throws WSSecurityException {
-        if (crypto == null) {
-            throw new WSSecurityException(WSSecurityException.FAILURE, "noSigCryptoFile");
-        }
         if (token instanceof PKIPathSecurity) {
             return ((PKIPathSecurity) token).getX509Certificates(crypto);
         } else if (token instanceof X509Security) {
@@ -136,10 +136,29 @@ public class BinarySecurityTokenProcesso
             token = new X509Security(element, config.isWsiBSPCompliant());
         } else if (PKIPathSecurity.getType().equals(type)) {
             token = new PKIPathSecurity(element, config.isWsiBSPCompliant());
+        } else if (isKerberosToken(type)) {
+            token = new KerberosSecurity(element, config.isWsiBSPCompliant());
         } else {
             token = new BinarySecurity(element, config.isWsiBSPCompliant());
         }
         return token;
     }
+    
+    /**
+     * Return true if the valueType represents a Kerberos Token
+     * @param valueType the valueType of the token
+     * @return true if the valueType represents a Kerberos Token
+     */
+    private boolean isKerberosToken(String valueType) {
+        if (WSConstants.WSS_KRB_V5_AP_REQ.equals(valueType)
+            || WSConstants.WSS_GSS_KRB_V5_AP_REQ.equals(valueType)
+            || WSConstants.WSS_KRB_V5_AP_REQ1510.equals(valueType)
+            || WSConstants.WSS_GSS_KRB_V5_AP_REQ1510.equals(valueType)
+            || WSConstants.WSS_KRB_V5_AP_REQ4120.equals(valueType)
+            || WSConstants.WSS_GSS_KRB_V5_AP_REQ4120.equals(valueType)) {
+            return true;
+        }
+        return false;
+    }
 
 }



Mime
View raw message