WSSCContractpublic class WSSCContract extends Object
| Fields Summary |
|---|
| private static final Logger | log | | private long | currentTime | | private static WSSCElementFactory | eleFac | | private static final int | DEFAULT_KEY_SIZE | | private static final long | TIMEOUT | | private static final SimpleDateFormat | calendarFormatter |
| Methods Summary |
|---|
| public com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse | cancel(com.sun.xml.ws.security.trust.elements.RequestSecurityToken request, com.sun.xml.ws.security.IssuedTokenContext context, java.util.Map issuedTokCtxMap)Cancel a SecurityContextToken
final CancelTarget cancelTgt = request.getCancelTarget();
final SecurityTokenReference str = cancelTgt.getSecurityTokenReference();
String id = null;
final Reference ref = str.getReference();
if (ref.getType().equals("Reference")){
id = ((DirectReference)ref).getURIAttr().toString();
}
final IssuedTokenContext cxt = (IssuedTokenContext)issuedTokCtxMap.get(id);
if (cxt == null || cxt.getSecurityToken() == null){
log.log(Level.SEVERE,
LogStringsMessages.WSSC_0015_UNKNOWN_CONTEXT(id));
throw new WSSecureConversationException(LogStringsMessages.WSSC_0015_UNKNOWN_CONTEXT(id));
}
final RequestSecurityTokenResponse rstr = eleFac.createRSTRForCancel();
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WSSC_0014_RSTR_RESPONSE(elemToString(rstr)));
}
return rstr;
| | private com.sun.xml.ws.security.trust.elements.Lifetime | createLifetime()
final Calendar cal = new GregorianCalendar();
int offset = cal.get(Calendar.ZONE_OFFSET);
if (cal.getTimeZone().inDaylightTime(cal.getTime())) {
offset += cal.getTimeZone().getDSTSavings();
}
synchronized (calendarFormatter) {
calendarFormatter.setTimeZone(cal.getTimeZone());
// always send UTC/GMT time
final long beforeTime = cal.getTimeInMillis();
currentTime = beforeTime - offset;
cal.setTimeInMillis(currentTime);
final AttributedDateTime created = new AttributedDateTime();
created.setValue(calendarFormatter.format(cal.getTime()));
final AttributedDateTime expires = new AttributedDateTime();
cal.setTimeInMillis(currentTime + TIMEOUT);
expires.setValue(calendarFormatter.format(cal.getTime()));
final Lifetime lifetime = eleFac.createLifetime(created, expires);
return lifetime;
}
| | private com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse | createRSTR(java.net.URI computeKeyAlgo, com.sun.xml.ws.security.policy.SecureConversationToken scToken, com.sun.xml.ws.security.trust.elements.RequestSecurityToken request, com.sun.xml.ws.policy.impl.bindings.AppliesTo scopes, byte[] clientEntr, com.sun.xml.ws.security.trust.elements.RequestedProofToken proofToken, java.net.URI tokenType, com.sun.xml.ws.security.trust.elements.Entropy clientEntropy, com.sun.xml.ws.security.IssuedTokenContext context, java.net.URI con)
Trust10 trust10 = null;
SymmetricBinding symBinding = null;
final NestedPolicy wsPolicy = scToken.getBootstrapPolicy();
final AssertionSet assertionSet = wsPolicy.getAssertionSet();
for(PolicyAssertion policyAssertion : assertionSet){
if(PolicyUtil.isTrust10(policyAssertion)){
trust10 = (Trust10)policyAssertion;
}else if(PolicyUtil.isSymmetricBinding(policyAssertion)){
symBinding = (SymmetricBinding)policyAssertion;
}
}
boolean reqServerEntr = true;
boolean reqClientEntr=false;
if(trust10 != null){
final Set trustReqdProps = trust10.getRequiredProperties();
reqServerEntr = trustReqdProps.contains(Constants.REQUIRE_SERVER_ENTROPY);
reqClientEntr = trustReqdProps.contains(Constants.REQUIRE_CLIENT_ENTROPY);
if(clientEntropy == null){
if(reqClientEntr){
log.log(Level.SEVERE,
LogStringsMessages.WSSC_0010_CLIENT_ENTROPY_CANNOT_NULL());
throw new WSSecureConversationException(LogStringsMessages.WSSC_0010_CLIENT_ENTROPY_CANNOT_NULL());
}else{
reqServerEntr = true;
}
}
}
int keySize = (int)request.getKeySize();
if (keySize < 1 && symBinding!=null ){
final AlgorithmSuite algoSuite = symBinding.getAlgorithmSuite();
keySize = algoSuite.getMinSKLAlgorithm();
}
if (keySize < 1){
keySize = DEFAULT_KEY_SIZE;
}
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WSSC_0011_KEY_SIZE_VALUE(keySize, this.DEFAULT_KEY_SIZE));
}
byte[] secret = WSTrustUtil.generateRandomSecret(keySize/8);
final String proofTokenType = (clientEntr == null ||clientEntr.length ==0)
? BinarySecret.SYMMETRIC_KEY_TYPE :BinarySecret.NONCE_KEY_TYPE;
Entropy serverEntropy = null;
if(reqServerEntr){
final BinarySecret serverBS = eleFac.createBinarySecret(secret, proofTokenType);
if (proofTokenType.equals(BinarySecret.NONCE_KEY_TYPE)){
serverEntropy = eleFac.createEntropy(serverBS);
proofToken.setProofTokenType(RequestedProofToken.COMPUTED_KEY_TYPE);
proofToken.setComputedKey(computeKeyAlgo);
// compute the secret key
try {
secret = SecurityUtil.P_SHA1(clientEntr, secret, keySize/8);
} catch (Exception ex){
log.log(Level.SEVERE,
LogStringsMessages.WSSC_0012_COMPUTE_SECKEY(), ex);
throw new WSSecureConversationException(LogStringsMessages.WSSC_0012_COMPUTE_SECKEY(), ex);
}
} else {
proofToken.setProofTokenType(RequestedProofToken.BINARY_SECRET_TYPE);
proofToken.setBinarySecret(serverBS);
}
}else if (clientEntropy != null){
secret = clientEntr;
proofToken.setProofTokenType(RequestedProofToken.BINARY_SECRET_TYPE);
proofToken.setBinarySecret(clientEntropy.getBinarySecret());
}
return createResponse(serverEntropy, con, scopes, secret, proofToken, context, tokenType);
| | private com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse | createResponse(com.sun.xml.ws.security.trust.elements.Entropy serverEntropy, java.net.URI con, com.sun.xml.ws.policy.impl.bindings.AppliesTo scopes, byte[] secret, com.sun.xml.ws.security.trust.elements.RequestedProofToken proofToken, com.sun.xml.ws.security.IssuedTokenContext context, java.net.URI tokenType)
// Create Security Context and SecurityContextToken
final SecurityContextToken token = WSTrustUtil.createSecurityContextToken(eleFac);
final RequestedSecurityToken rst = eleFac.createRequestedSecurityToken(token);
// Create references
final SecurityTokenReference attachedReference = createSecurityTokenReference(token.getWsuId(),false);
final RequestedAttachedReference rar = eleFac.createRequestedAttachedReference(attachedReference);
final SecurityTokenReference unattachedRef = createSecurityTokenReference(token.getIdentifier().toString(), true);
final RequestedUnattachedReference rur = eleFac.createRequestedUnattachedReference(unattachedRef);
// Create Lifetime
final Lifetime lifetime = createLifetime();
RequestSecurityTokenResponse response = null;
try {
response =
eleFac.createRSTRForIssue(tokenType, con, rst, scopes, rar, rur, proofToken, serverEntropy, lifetime);
} catch (WSTrustException ex){
log.log(Level.SEVERE,
LogStringsMessages.WSSC_0020_PROBLEM_CREATING_RSTR(), ex);
throw new WSSecureConversationException(LogStringsMessages.WSSC_0020_PROBLEM_CREATING_RSTR(), ex);
}
final Session session =
SessionManager.getSessionManager().createSession(token.getIdentifier().toString());
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WSSC_1010_CREATING_SESSION(token.getIdentifier()));
}
populateITC(session, secret, token, attachedReference, context, unattachedRef);
return response;
| | private com.sun.xml.ws.security.trust.elements.str.SecurityTokenReference | createSecurityTokenReference(java.lang.String id, boolean unattached)
final String uri = (unattached?id:"#"+id);
final Reference ref = eleFac.createDirectReference(WSSCConstants.SECURITY_CONTEXT_TOKEN_TYPE, uri);
return eleFac.createSecurityTokenReference(ref);
| | private java.lang.String | elemToString(com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse rstr)
try {
final javax.xml.bind.Marshaller marshaller = eleFac.getContext().createMarshaller();
final JAXBElement<RequestSecurityTokenResponseType> rstrElement = (new ObjectFactory()).createRequestSecurityTokenResponse((RequestSecurityTokenResponseType)rstr);
marshaller.setProperty(javax.xml.bind.Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
final java.io.StringWriter writer = new java.io.StringWriter();
marshaller.marshal(rstrElement, writer);
return writer.toString();
} catch (Exception e) {
log.log(Level.SEVERE,
LogStringsMessages.WSSC_0001_ERROR_MARSHAL_LOG());
throw new RuntimeException(LogStringsMessages.WSSC_0001_ERROR_MARSHAL_LOG(), e);
}
| | public void | handleUnsolicited(com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse rstr, com.sun.xml.ws.security.IssuedTokenContext context)handle an unsolicited RSTR like in the case of
Client Initiated Secure Conversation.
//final AppliesTo scope = rstr.getAppliesTo();
final RequestedSecurityToken rqSecToken = rstr.getRequestedSecurityToken();
final Token token = rqSecToken.getToken();
final RequestedProofToken rqProofToken = rstr.getRequestedProofToken();
final String proofTokenType = rqProofToken.getProofTokenType();
if(proofTokenType.equals(RequestedProofToken.BINARY_SECRET_TYPE)){
final BinarySecret binarySecret = rqProofToken.getBinarySecret();
if(binarySecret.getType().equals(BinarySecret.SYMMETRIC_KEY_TYPE)){
final byte [] secret = binarySecret.getRawValue();
context.setProofKey(secret);
}
}else if(proofTokenType.equals(RequestedProofToken.ENCRYPTED_KEY_TYPE)){
//ToDo
}
context.setSecurityToken(token);
final long curTime = System.currentTimeMillis();
final Date creationTime = new Date(curTime);
final Date expirationTime = new Date(curTime + TIMEOUT);
context.setCreationTime(creationTime);
context.setExpirationTime(expirationTime);
if (log.isLoggable(Level.FINER)) {
log.log(Level.FINER,
LogStringsMessages.WSSC_1003_SETTING_TIMES(creationTime.toString(), expirationTime.toString()));
}
| | public final void | init(com.sun.xml.ws.security.trust.Configuration config)
//this.config = config;
| | public com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse | issue(com.sun.xml.ws.security.trust.elements.RequestSecurityToken request, com.sun.xml.ws.security.IssuedTokenContext context, com.sun.xml.ws.security.policy.SecureConversationToken scToken)Issue a SecurityContextToken
// TokenType and context
URI tokenType = null;
URI con = null;
URI computeKeyAlgo = null;
tokenType = URI.create(WSSCConstants.SECURITY_CONTEXT_TOKEN_TYPE);
final String conStr = request.getContext();
if (conStr != null) {
try {
con = new URI(conStr);
} catch (URISyntaxException ex){
log.log(Level.SEVERE,
LogStringsMessages.WSSC_0008_URISYNTAX_EXCEPTION(request.getContext()), ex);
throw new WSSecureConversationException(LogStringsMessages.WSSC_0008_URISYNTAX_EXCEPTION(request.getContext()), ex);
}
}
computeKeyAlgo = URI.create(WSTrustConstants.CK_PSHA1);
// AppliesTo
final AppliesTo scopes = request.getAppliesTo();
final RequestedProofToken proofToken = eleFac.createRequestedProofToken();
// Get client entropy
byte[] clientEntr = null;
final Entropy clientEntropy = request.getEntropy();
if (clientEntropy != null){
final BinarySecret clientBS = clientEntropy.getBinarySecret();
if (clientBS == null){
//ToDo
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WSSC_0009_CLIENT_ENTROPY_VALUE("null"));
}
}else {
clientEntr = clientBS.getRawValue();
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WSSC_0009_CLIENT_ENTROPY_VALUE(clientEntropy.toString()));
}
}
}
final RequestSecurityTokenResponse response = createRSTR(computeKeyAlgo, scToken, request, scopes, clientEntr, proofToken, tokenType, clientEntropy, context, con);
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WSSC_0014_RSTR_RESPONSE(elemToString(response)));
}
return response;
| | public com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponseCollection | issueMultiple(com.sun.xml.ws.security.trust.elements.RequestSecurityToken request, com.sun.xml.ws.security.IssuedTokenContext context)Issue a Collection of Token(s) possibly for different scopes
return null;
| | private void | populateITC(com.sun.xml.ws.runtime.util.Session session, byte[] secret, com.sun.xml.ws.security.SecurityContextToken token, com.sun.xml.ws.security.trust.elements.str.SecurityTokenReference attachedReference, com.sun.xml.ws.security.IssuedTokenContext context, com.sun.xml.ws.security.trust.elements.str.SecurityTokenReference unattachedRef)
// Populate the IssuedTokenContext
context.setSecurityToken(token);
context.setAttachedSecurityTokenReference(attachedReference);
context.setUnAttachedSecurityTokenReference(unattachedRef);
context.setProofKey(secret);
context.setCreationTime(new Date(currentTime));
context.setExpirationTime(new Date(currentTime + TIMEOUT));
final SecurityContextTokenInfo sctinfo =
new SecurityContextTokenInfoImpl();
sctinfo.setIdentifier(token.getIdentifier().toString());
sctinfo.setExternalId(token.getWsuId());
sctinfo.addInstance(null, secret);
sctinfo.setCreationTime(new Date(currentTime));
sctinfo.setExpirationTime(new Date(currentTime + TIMEOUT));
session.setSecurityInfo(sctinfo);
| | public com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse | renew(com.sun.xml.ws.security.trust.elements.RequestSecurityToken request, com.sun.xml.ws.security.IssuedTokenContext context)Renew a SecurityContextToken
return null;
| | public com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse | validate(com.sun.xml.ws.security.trust.elements.RequestSecurityToken request, com.sun.xml.ws.security.IssuedTokenContext context)Validate a SecurityContextToken
return null;
|
|
