a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: DiscoveryClient.java,v 1.5 2008/12/16 01:48:31 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.soapbinding.Message;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.soapbinding.ProviderHeader;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.soapbinding.Client;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.soapbinding.SOAPBindingConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.soapbinding.SOAPBindingException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.soapbinding.Utils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.common.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.configuration.SystemPropertiesManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>DiscoveryClient</code> provides methods to send
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Discovery Service query and modify.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Note: Current implementation uses <code>JAXB</code> objects and no wrapper
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * classes are used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String wsfVersion = Utils.getDefaultWSFVersion();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor, connects to Discovery Service without web service security
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param soapURI URI of the SOAP end point for this discovery
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * service instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID ID of the web service client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public DiscoveryClient (String soapURI, String providerID) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor, connects to Discovery Service using <code>WSS</code> SAML
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param assertion <code>WSS</code> SAML Token
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param soapURI URI of the SOAP end point for this discovery
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * service instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID ID of the web service client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public DiscoveryClient (SecurityAssertion assertion,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((assertion != null) && (assertion.isBearer())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor, connects to Discovery Service using <code>WSS X509</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param token <code>WSS X.509</code> Certificate Token
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param soapURI URI of the SOAP end point for this discovery
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * service instance.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID ID of the web service client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public DiscoveryClient (BinarySecurityToken token,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor, connects to Discovery Service specified by the resource
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * offering, security mechanism/SOAP endpoint defined in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ResourceOffering</code> will be used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceOffering resource offering for this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * discovery service instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param session session of the <code>WSC</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID ID of the web service client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public DiscoveryClient(ResourceOffering resourceOffering,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor, connects to Discovery Service specified by the resource
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * offering, security mechanism/SOAP endpoint defined in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ResourceOffering</code> will be used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceOffering resource offering for this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * discovery service instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param session session of the <code>WSC</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID ID of the web service client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param assertions List of assertions.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public DiscoveryClient(ResourceOffering resourceOffering,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void processResourceOffering() throws DiscoveryException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ServiceInstance instance = offering.getServiceInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!(instance.getServiceType().equals(DiscoConstants.DISCO_NS))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.error("DiscoveryClient.processResourceOffering: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ServiceType in ResourceOffering is not discovery service type.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.bundle.getString("notDiscoServiceType"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Iterate through supported security profiles until we find one
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that we support (and we should always do so if the spec is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * being complied with). They should be in decreasing order of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * preference...
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // TODO: support wsdl form
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (i.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator j = desc.getSecurityMechID().iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (j.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoClient: null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoClient: clientAuth on");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster wsfVersion = SOAPBindingConstants.WSF_10_VERSION;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster wsfVersion = SOAPBindingConstants.WSF_11_VERSION;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoClient: x509");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "com.sun.identity.liberty.ws.wsc.certalias");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.error("DiscoveryClient.processResource"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Offering: couldn't generate X509 token: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoClient: clientAuth on");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster wsfVersion = SOAPBindingConstants.WSF_10_VERSION;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster wsfVersion = SOAPBindingConstants.WSF_11_VERSION;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoClient: saml token");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((credRefs == null) || (credRefs.size() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.bundle.getString("noCredential"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.bundle.getString("noCredential"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SecurityAssertion sassert = (SecurityAssertion)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.bundle.getString("noCredential"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoClient: clientAuth on");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if ((mech.equals(Message.NULL_BEARER)) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (mech.equals(Message.CLIENT_TLS_BEARER_WSF11)))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster wsfVersion = SOAPBindingConstants.WSF_10_VERSION;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster wsfVersion = SOAPBindingConstants.WSF_11_VERSION;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoClient: bearer token");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((credRefs == null) || (credRefs.size() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.bundle.getString("noCredential"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.bundle.getString("noCredential"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SecurityAssertion sassert = (SecurityAssertion)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.bundle.getString("noCredential"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster mech.equals(Message.CLIENT_TLS_BEARER_WSF11)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoClient: clientAuth on");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // still here? couldn't find supported mech id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.error("DiscoveryClient.processResourceOffering: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Couldn't find supported SecurityMechID from ResourceOffering.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.bundle.getString("noSupportedSecuMechID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the alias for the client certificate. If none is set, a default
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * client certificate will be used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets flag to indicate whether the connection is SSL/TLS with client
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authentication. When this flag is set to true, the message will not be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * signed according to the spec. If you want to sign the message always,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * do not set this flag to true, even when the connection is SSL/TLS with
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * client authentication.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param value The flag value to be set
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setClientAuthentication(boolean value) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the resource ID to be accessed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceID resource ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the encrypted resource ID to be accessed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceID encrypted resource ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setResourceID(EncryptedResourceID resourceID) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID ID of the web service client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Queries discovery service for <code>ResourceOffering</code> given list of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * service types.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param serviceTypes List of <code>serviceTypes</code> as
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>java.lang.String</code> to be queried
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Query response Element corresponding to the query
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception DiscoveryException if error occurs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public QueryResponse getResourceOffering(java.util.List serviceTypes)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (i.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster serviceList.add(new RequestedService(null, (String) i.next()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Queries discovery service for resource offering.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param query discovery query object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Query response Element corresponding to the query
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception DiscoveryException if error occurs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public QueryResponse getResourceOffering(Query query)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster req.setSOAPBody(DiscoSDKUtils.parseXML(query.toString()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private Message createRequest() throws DiscoveryException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // create new Message according to different secuMechID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new DiscoveryException(sbe.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DiscoveryClient.createRequest: mech=x509");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new DiscoveryException(sbe.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if ((clientMech == Message.SAML_TOKEN) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoveryClient.createRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "mech=saml or bearer");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new DiscoveryException(sbe.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.message("DiscoveryClient.createRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "mech=anon");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new DiscoveryException(sbe.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private Element getResponse(Message req) throws DiscoveryException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster resp = Client.sendRequest(req, connectTo, certAlias, soapAction);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.error("DiscoveryClient.getResponse:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoSDKUtils.debug.error("DiscoveryClient.getResponse: SOAP Response "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "didn't contain one SOAPBody.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Modifies discovery resource offering.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param modify List of Modify object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return List of <code>ModifyResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception DiscoveryException if error occurs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster req.setSOAPBody(DiscoSDKUtils.parseXML(modify.toString()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the web services version.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param wsfVersion the web services version that should be used.