a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SecurityTokenManagerImpl.java,v 1.3 2008/06/25 05:47:21 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.EncryptedResourceID;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class implements the <code>SecurityTokenManagerIF</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class SecurityTokenManagerImpl implements SecurityTokenManagerIF {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private SecurityTokenManager securityTokenManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Flag used to check if service is available locally
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initializes the SecurityTokenManager.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sessionID the session id.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void initialization(String sessionID) throws SecurityTokenException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionManager.getProvider().getSession(sessionID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster securityTokenManager = new SecurityTokenManager(session);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SecurityTokenManagerImpl: Unable to get " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SecurityTokenManager", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw(new SecurityTokenException(e.getMessage()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the Certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert the Certificate String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param alias if true then Certificate Alias will be set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setCertificate(String cert, boolean alias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else { //passed Base64 encoded certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster securityTokenManager.setCertificate(getX509Certificate(cert));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the service is available locally.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the Certificate Token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Certification Token String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getX509CertificateToken() throws SecurityTokenException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return securityTokenManager.getX509CertificateToken().toString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the SAML Authentication Token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the SAML Authentication Token String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getSAMLAuthenticationToken(String senderIdentity)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier ni = new NameIdentifier(XMLUtils.toDOMDocument(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster senderIdentity,SecurityTokenManager.debug).getDocumentElement());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster securityTokenManager.getSAMLAuthenticationToken(ni);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the SAML Authorization Token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param senderIdentity the identity of the sender.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param invocatorSession the session identifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceID the resource Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param encryptedID boolean value to determine if the identifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is encrypted.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeAuthN boolean value to deteremine if the authentication
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * information should be included.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeResourceAccessStatement if true, a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ResourceAccessStatement</code> will be included in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Assertion (for <code>AuthorizeRequester</code> directive). If
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * false, a <code>SessionContextStatement</code> will be included i
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the Assertion (for <code>AuthenticationSessionContext</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * directive). In the case when both <code>AuthorizeRequester</code
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and <code>AuthenticationSessionContext</code> directive need to be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * handled, use "true" as parameter here since the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SessionContext</code> will always be included in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ResourceAccessStatement</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param recipientProviderID recipient's provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the SAML Authentication Token String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getSAMLAuthorizationToken(String senderIdentity,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String invocatorSession,String resourceID,boolean encryptedID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean includeAuthN,boolean includeResourceAccessStatement,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier ni = new NameIdentifier(XMLUtils.toDOMDocument(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster senderIdentity,SecurityTokenManager.debug).getDocumentElement());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionContext sc = new SessionContext(XMLUtils.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster toDOMDocument(invocatorSession,SecurityTokenManager.debug).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertion = securityTokenManager.getSAMLAuthorizationToken(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster includeResourceAccessStatement, recipientProviderID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>X509Certificate</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private X509Certificate getX509Certificate(String certString) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster CertificateFactory cf = CertificateFactory.getInstance("X.509");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ByteArrayInputStream bais = new ByteArrayInputStream(barr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getX509Certificate Exception: ", e);