TokenProcessorpublic class TokenProcessor extends Object
| Fields Summary |
|---|
| protected boolean | isServer | | protected boolean | isIncoming | | private PolicyID | pid |
| Constructors Summary |
|---|
public TokenProcessor(boolean isServer, boolean isIncoming, PolicyID pid)Creates a new instance of TokenProcessor
this.isServer =isServer;
this.isIncoming = isIncoming;
this.pid = pid;
|
| Methods Summary |
|---|
| public void | addKeyBinding(com.sun.xml.wss.impl.policy.mls.WSSPolicy policy, com.sun.xml.ws.security.policy.Token token, boolean ignoreDK)
PolicyAssertion tokenAssertion = (PolicyAssertion)token;
if(PolicyUtil.isX509Token(tokenAssertion)){
AuthenticationTokenPolicy.X509CertificateBinding x509CB =new AuthenticationTokenPolicy.X509CertificateBinding();
// (AuthenticationTokenPolicy.X509CertificateBinding)policy.newX509CertificateKeyBinding();
x509CB.setUUID(token.getTokenId());
setX509TokenRefType(x509CB, (X509Token) token);
setTokenInclusion(x509CB,(Token) tokenAssertion);
setTokenValueType(x509CB, tokenAssertion);
//x509CB.setPolicyToken(token);
if(!ignoreDK && ((X509Token)token).isRequireDerivedKeys()){
DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
dtKB.setOriginalKeyBinding(x509CB);
policy.setKeyBinding(dtKB);
dtKB.setUUID(pid.generateID());
}else{
policy.setKeyBinding(x509CB);
}
}else if(PolicyUtil.isSamlToken(tokenAssertion)){
AuthenticationTokenPolicy.SAMLAssertionBinding sab = new AuthenticationTokenPolicy.SAMLAssertionBinding();
//(AuthenticationTokenPolicy.SAMLAssertionBinding)policy.newSAMLAssertionKeyBinding();
sab.setUUID(token.getTokenId());
sab.setSTRID(token.getTokenId());
sab.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
setTokenInclusion(sab,(Token) tokenAssertion);
//sab.setPolicyToken((Token) tokenAssertion);
if(((SamlToken)token).isRequireDerivedKeys()){
DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
dtKB.setOriginalKeyBinding(sab);
policy.setKeyBinding(dtKB);
dtKB.setUUID(pid.generateID());
}else{
policy.setKeyBinding(sab);
}
}else if(PolicyUtil.isIssuedToken(tokenAssertion)){
IssuedTokenKeyBinding itkb = new IssuedTokenKeyBinding();
setTokenInclusion(itkb,(Token) tokenAssertion);
//itkb.setPolicyToken((Token) tokenAssertion);
itkb.setUUID(((Token)tokenAssertion).getTokenId());
IssuedToken it = (IssuedToken)tokenAssertion;
if(it.isRequireDerivedKeys()){
DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
dtKB.setOriginalKeyBinding(itkb);
policy.setKeyBinding(dtKB);
dtKB.setUUID(pid.generateID());
}else{
policy.setKeyBinding(itkb);
}
}else if(PolicyUtil.isSecureConversationToken(tokenAssertion)){
SecureConversationTokenKeyBinding sct = new SecureConversationTokenKeyBinding();
SecureConversationToken sctPolicy = (SecureConversationToken)tokenAssertion;
if(sctPolicy.isRequireDerivedKeys()){
DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
dtKB.setOriginalKeyBinding(sct);
policy.setKeyBinding(dtKB);
dtKB.setUUID(pid.generateID());
}else{
policy.setKeyBinding(sct);
}
setTokenInclusion(sct,(Token) tokenAssertion);
//sct.setPolicyToken((Token)tokenAssertion);
sct.setUUID(((Token)tokenAssertion).getTokenId());
}else{
throw new UnsupportedOperationException("addKeyBinding for "+ token + "is not supported");
}
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST,"KeyBinding type "+policy.getKeyBinding()+ "has been added to policy"+policy);
}
| | public com.sun.xml.wss.impl.policy.mls.WSSPolicy | getWSSToken(com.sun.xml.ws.security.policy.Token token)
//TODO: IncludeToken
if(PolicyUtil.isUsernameToken((PolicyAssertion) token)){
AuthenticationTokenPolicy.UsernameTokenBinding key = null;
key = new AuthenticationTokenPolicy.UsernameTokenBinding();
key.setUUID(token.getTokenId());
setTokenInclusion(key,token);
UserNameToken ut = (UserNameToken)token;
if(!ut.hasPassword()){
key.setNoPassword(true);
}
//key.setPolicyToken(token);
return key;
}else if(PolicyUtil.isSamlToken((PolicyAssertion) token)){
AuthenticationTokenPolicy.SAMLAssertionBinding key = null;
key = new AuthenticationTokenPolicy.SAMLAssertionBinding();
setTokenInclusion(key,token);
key.setAssertionType(AuthenticationTokenPolicy.SAMLAssertionBinding.SV_ASSERTION);
//key.setPolicyToken(token);
key.setUUID(token.getTokenId());
key.setSTRID(token.getTokenId());
return key;
}else if(PolicyUtil.isIssuedToken((PolicyAssertion) token)){
IssuedTokenKeyBinding key = new IssuedTokenKeyBinding();
setTokenInclusion(key,token);
//key.setPolicyToken(token);
key.setUUID(token.getTokenId());
return key;
}else if(PolicyUtil.isSecureConversationToken((PolicyAssertion) token)){
SecureConversationTokenKeyBinding key = new SecureConversationTokenKeyBinding();
setTokenInclusion(key,token);
//key.setPolicyToken(token);
key.setUUID(token.getTokenId());
return key;
}else if(PolicyUtil.isX509Token((PolicyAssertion) token)){
AuthenticationTokenPolicy.X509CertificateBinding xt = new AuthenticationTokenPolicy.X509CertificateBinding();
xt.setUUID(token.getTokenId());
//xt.setPolicyToken(token);
setTokenInclusion(xt,token);
setX509TokenRefType(xt, (X509Token) token);
return xt;
}
if(logger.isLoggable(Level.SEVERE)){
logger.log(Level.SEVERE,LogStringsMessages.SP_0107_UNKNOWN_TOKEN_TYPE(token));
}
throw new UnsupportedOperationException("Unsupported "+ token + "format");
| | protected void | setTokenInclusion(com.sun.xml.wss.impl.policy.mls.KeyBindingBase xwssToken, com.sun.xml.ws.security.policy.Token token)
boolean change = false;
if(this.isServer && !isIncoming){
if(!Token.INCLUDE_ALWAYS.equals(token.getIncludeToken())){
xwssToken.setIncludeToken(Token.INCLUDE_NEVER);
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST,"Token Inclusion value of INCLUDE NEVER has been set to Token"+ xwssToken);
}
return;
}
}else if(!this.isServer && isIncoming){
if(Token.INCLUDE_ALWAYS_TO_RECIPIENT.equals(token.getIncludeToken()) ||
Token.INCLUDE_ONCE.equals(token.getIncludeToken())){
xwssToken.setIncludeToken(Token.INCLUDE_NEVER);
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST,"Token Inclusion value of INCLUDE NEVER has been set to Token"+ xwssToken);
}
return;
}
}
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST,"Token Inclusion value of"+token.getIncludeToken()+" has been set to Token"+ xwssToken);
}
xwssToken.setIncludeToken(token.getIncludeToken());
| | public void | setTokenValueType(AuthenticationTokenPolicy.X509CertificateBinding x509CB, com.sun.xml.ws.policy.PolicyAssertion tokenAssertion)
NestedPolicy policy = tokenAssertion.getNestedPolicy();
if(policy==null){
return;
}
AssertionSet as = policy.getAssertionSet();
Iterator<PolicyAssertion> itr = as.iterator();
while(itr.hasNext()){
PolicyAssertion policyAssertion = (PolicyAssertion)itr.next();
if(policyAssertion.getName().getLocalPart().equals(Constants.WssX509V1Token11)||policyAssertion.getName().getLocalPart().equals(Constants.WssX509V1Token10)){
x509CB.setValueType(MessageConstants.X509v1_NS);
}else if(policyAssertion.getName().getLocalPart().equals(Constants.WssX509V3Token10)||policyAssertion.getName().getLocalPart().equals(Constants.WssX509V3Token11)){
x509CB.setValueType(MessageConstants.X509v3_NS);
}
}
| | protected void | setX509TokenRefType(AuthenticationTokenPolicy.X509CertificateBinding x509CB, com.sun.xml.ws.security.policy.X509Token token)
Set tokenRefTypes = token.getTokenRefernceType();
if(!tokenRefTypes.isEmpty()){
if(tokenRefTypes.contains(Token.REQUIRE_THUMBPRINT_REFERENCE)){
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST," ReferenceType set to KeyBinding"+x509CB+" is Thumbprint");
}
x509CB.setReferenceType(SecurityPolicyUtil.convertToXWSSConstants(Token.REQUIRE_THUMBPRINT_REFERENCE));
}else if(tokenRefTypes.contains(Token.REQUIRE_KEY_IDENTIFIER_REFERENCE)){
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST," ReferenceType set to KeyBinding"+x509CB+" is KeyIdentifier");
}
x509CB.setReferenceType(SecurityPolicyUtil.convertToXWSSConstants(Token.REQUIRE_KEY_IDENTIFIER_REFERENCE));
}else if(tokenRefTypes.contains(Token.REQUIRE_ISSUER_SERIAL_REFERENCE)){
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST," ReferenceType set to KeyBinding "+x509CB+" is IssuerSerial");
}
x509CB.setReferenceType(SecurityPolicyUtil.convertToXWSSConstants(Token.REQUIRE_ISSUER_SERIAL_REFERENCE));
}else{
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST," ReferenceType "+x509CB+" set is DirectReference");
}
x509CB.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
}
}else{
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST," ReferenceType set is REQUIRE_THUMBPRINT_REFERENCE");
}
x509CB.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
}
|
|
