WSSUtils.java revision 272ac8a1a482b3baeff7293aac5de828cfd1ee69
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: WSSUtils.java,v 1.23 2010/01/23 00:20:26 mrudul_uchil Exp $
*
* Portions Copyrighted 2012-2014 ForgeRock AS
*/
/**
* This class provides util methods for the web services security.
*/
public class WSSUtils {
private static final String WSS_CACHE_REPO_PLUGIN =
"com.sun.identity.wss.security.cacherepository.plugin";
static {
"com.sun.identity.liberty.ws.trustedca.certaliases");
if (debug.messageEnabled()) {
tmpStr);
}
while(stz.hasMoreTokens()) {
if (index == -1) {
} else {
}
}
}
}
}
}
}
/**
* Returns the certificate present in the security token.
* @param securityToken the security token.
* @return the certificate.
*/
throws SecurityException {
if(!assertionToken.isSenderVouches()) {
return getCertificate(keyInfo);
}
try {
" certificate from the binary token", ex);
throw new SecurityException(
}
}
return null;
}
try {
if (statements == null) {
"Assertion does not contain any Statement.");
}
if (!(statements.isEmpty())) {
if (statement.getStatementType()==
break;
} else if (statement.getStatementType()==
}
}
}
return subConfirm.getKeyInfo();
} catch (Exception e) {
}
return null;
}
if (debug.messageEnabled()) {
}
if(encryptedKey != null) {
return null;
}
try {
} catch (Exception e) {
}
} else {
}
return cert;
}
throws XMLSignatureException {
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
p = v;
q = v;
g = v;
y = v;
} else {
throw new XMLSignatureException(
}
}
}
try {
} catch (XMLSecurityException xse) {
" DSA key value.");
throw new XMLSignatureException(
}
}
} else {
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
e = v;
}
m = v;
} else {
throw new XMLSignatureException
("Invalid reference");
}
}
}
}
new RSAKeyValue(doc,m, e);
try {
} catch (XMLSecurityException ex) {
" RSA key value.");
throw new XMLSignatureException(
}
}
}
return pubKey;
}
/**
* Get the X509Certificate from the provided string representation
* @param certString The certificate in string form
* @param format The format that the certificate is in, supports PKCS7 and X509:v3
* @return a X509Certificate
*/
{
try {
if (debug.messageEnabled()) {
}
while (i.hasNext()) {
}
} else { //X509:v3 format
}
}
} catch (Exception e) {
}
return cert;
}
try {
}
return null;
}
}
try {
return null;
}
}
public static Element prependChildElement(
boolean addWhitespace,
if (firstChild == null) {
} else {
}
if (addWhitespace) {
}
return child;
}
return currentChild;
}
}
return null;
}
// Returns WSSEncryptionProvider
public static XMLEncryptionManager getXMLEncryptionManager() {
try {
} catch (Exception e) {
"get keyprovider error", e);
throw new RuntimeException(e.getMessage());
}
if (xmlEncManager == null) {
synchronized (XMLEncryptionManager.class) {
if (xmlEncManager == null) {
new WSSEncryptionProvider(),
}
}
}
return xmlEncManager;
}
// Returns WSSSignatureProvider
public static XMLSignatureManager getXMLSignatureManager() {
try {
} catch (Exception e) {
"get keystore error", e);
throw new RuntimeException(e.getMessage());
}
if (xmlSigManager == null) {
synchronized (XMLSignatureManager.class) {
if (xmlSigManager == null) {
new WSSSignatureProvider());
}
}
}
return xmlSigManager;
}
/**
* Returns corresponding Authentication method URI to be set in Assertion.
* @param authModuleName name of the authentication module used to
* authenticate the user.
* @return String corresponding Authentication Method URI to be set in
* Assertion.
*/
if (authModuleName == null) {
return null;
}
return SAMLConstants.AUTH_METHOD_CERT_URI;
}
{
}
{
}
{
} else {
}
}
/**
* Sets the memberships for a given user into the JAAS Subject.
* @param subject the JAAS subject where the role memberships need
* to be set.
* @param user the user's universal dn
*/
if(debug.messageEnabled()) {
"There are no memberships for this user");
}
return;
}
if(debug.messageEnabled()) {
}
}
}
try {
if(adminToken == null) {
"Admin Token is null");
return roles;
}
if(debug.messageEnabled()) {
"unable to get the user");
}
return roles;
}
{
if(!canHaveMembers.isEmpty()) {
}
}
if(enrolledTypes.isEmpty()) {
if(debug.messageEnabled()) {
"Can have enrolled types are empty");
}
return roles;
}
}
}
return roles;
} catch (SSOException se) {
"SSOException : " + se);
} catch (IdRepoException ire) {
"IdRepoException : " + ire);
}
return roles;
}
public static Map getAgentAttributes(
try {
control.setAllReturnAttributes(true);
"*", control);
} else {
}
return agentConfig;
}
return new HashMap();
return new HashMap();
}
}
public static SSOToken getAdminToken() {
try {
if(adminToken != null) {
if (debug.messageEnabled()) {
+ "AdminTokenAction returned "
+ "expired or invalid token, trying again...");
}
}
}
"Trying second time ....");
}
return adminToken;
}
/**
* Returns the message certificate from the security token reference
* especially for KeyIdentifier and X509IssuerSerial case.
* @param sigElement the signature element where the security token
* ref is present
* @return the X509Certificate
*/
if(sigElement == null) {
return null;
}
return null;
}
try {
// This should not come here since the certificate is in
// message and should have been already resolved.
return null;
if(keyIdentifier != null) {
return keyIdentifier.getX509Certificate();
}
}
} catch (SecurityException se) {
}
return null;
}
public static WSSCacheRepository getWSSCacheRepository() {
if (cacheRepository == null) {
synchronized (WSSUtils.class) {
return null;
}
try {
"Failed in obtaining class", ex);
return null;
}
}
}
return cacheRepository;
}
/**
* Returns the SAML Attribute Map<QName, List<String>>. The attribute map
* is generated from the given SSOToken first and if not found, then it
* will try to find from the repository.
* @param subjectName the principal to be used for retrieving the user
* attributes.
* @param attributeNames set of attribute names for the attribute map
* @param namespace the name space for the saml attribute name
* @param ssoToken the user's SSOToken.
* @return the saml attributes for the SAML Token specification.
*/
try {
if(debug.messageEnabled()) {
}
return map;
}
} catch (IdRepoException ex) {
if(debug.warningEnabled()) {
"Attributes: IdRepo exception: ", ex);
}
return map;
} catch (SSOException se) {
if(debug.warningEnabled()) {
"Attributes: SSOException", se);
}
return map;
}
continue;
}
boolean attributeFoundInSSOToken = false;
try {
if(attributeValue != null) {
attributeFoundInSSOToken = true;
}
} catch (SSOException se) {
if(debug.warningEnabled()) {
"SAMLAttributes: SSOException", se);
}
}
}
if(!attributeFoundInSSOToken) {
try {
} catch (IdRepoException ex) {
if(debug.warningEnabled()) {
"Attributes: IdRepoException", ex);
}
} catch (SSOException se) {
if(debug.warningEnabled()) {
"Attributes: SSOException", se);
}
}
}
if(debug.messageEnabled()) {
"SAMLAttributes: attribute value not found for" +
}
continue;
}
}
}
return map;
}
/**
* Returns the user pseduo name from the given nameid mapper.
* @param userName the authenticated user name.
* @param nameIDImpl the nameid mapper implementation class
* @return the user psueduo name.
*/
if(nameIDImpl == null) {
return userName;
}
try {
" Exception", ex);
}
return userName;
}
/**
* Returns the membership attributes for the given subject.
* @param subjectName the authenticated subject
* @param namespace the saml attribute namespace.
* @return the SAML attributes for the user memberships.
*/
return map;
}
return map;
}
public static long getTimeSkew() {
"com.sun.identity.wss.security.timeskew", "5000"));
}
final String keyWrapAlgorithm) {
try {
if(keyWrapAlgorithm != null){
} else {
}
return encKey;
return null;
}
}
/**
* Returns the secret key from the security token from SAML1 Assertion.
*/
if(samlToken.isSenderVouches()) {
return null;
}
}
/**
* Returns the trusted certificate alias from the issuer.
*/
}
/**
* Returns the list of requested claims for the given subject
* @param subjectName the subject name
* @param claimNames the set of requested claims
* @param ssoToken the user's single sign-on token.
* @return the hashmap of requested claims.
*/
try {
if(debug.messageEnabled()) {
}
return map;
}
} catch (IdRepoException ex) {
if(debug.warningEnabled()) {
" IdRepo exception: ", ex);
}
return map;
} catch (SSOException se) {
if(debug.warningEnabled()) {
"SSOException", se);
}
return map;
}
boolean attributeFoundInSSOToken = false;
try {
if(attributeValue != null) {
attributeFoundInSSOToken = true;
}
} catch (SSOException se) {
if(debug.warningEnabled()) {
" SSOException", se);
}
}
}
if(!attributeFoundInSSOToken) {
try {
} catch (IdRepoException ex) {
if(debug.warningEnabled()) {
" IdRepoException", ex);
}
} catch (SSOException se) {
if(debug.warningEnabled()) {
" SSOException", se);
}
}
}
if(debug.messageEnabled()) {
" attribute value not found for" +
attrName);
}
continue;
}
}
return map;
}
try {
control.setAllReturnAttributes(true);
"*", control);
if(agentTypes != null) {
}
}
return null;
return null;
}
}
/**
* Gets input Node Canonicalized
*
* @param node Node
* @return Canonical element if the operation succeeded.
* Otherwise, return null.
*/
try {
new ByteArrayInputStream(outputBytes));
return result;
} catch (Exception e) {
"Error while performing canonicalization on " +
"the input Node." , e);
return null;
}
}
}