/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: Message.java,v 1.3 2008/06/25 05:47:22 qcheng Exp $
*
*/
/**
* The <code>Message</code> class is used by web service client and server to
* construct request or response. It will be sent over the SOAP connection.
* The <code>Message</code> contains SOAP headers and bodies. The SOAP binding
* defines the following headers: <code>CorrelationHeader</code>,
* <code>ProviderHeader</code>, <code>ConsentHeader</code>,
* <code>UsageDirectiveHeader</code>, <code>ProcessingContextHeader</code>
* and <code>ServiceInstanceUpdateHeader</code>.
* The first 2 are required and the others are optional.
* Signing is mandatory for <code>CorrelationHeader</code> and SOAP Body
* element which is the parent of the bodies. Other headers are optional,
* so each header needs to have a flag to specify whether it needs to be
* signed or not. For each header that needs to be signed, it must have an
* id attribute in the top element. The constuctor will take a SAML assertion
* or cert alias in order to sign.
*
* @supported.all.api
*/
public class Message {
/**
* anonymous profile is specified.
*/
/**
* X509 Token profile is specified.
*/
/**
* SAML Token profile is specified.
*/
/**
* Bearer Token profile is specified.
*/
/**
* Authentication mechanism "urn:liberty:security:2003-08:null:null"
*/
"urn:liberty:security:2003-08:null:null";
/**
* Authentication mechanism "urn:liberty:security:2003-08:null:X509"
*/
"urn:liberty:security:2003-08:null:X509";
/**
* Authentication mechanism "urn:liberty:security:2003-08:null:SAML"
*/
"urn:liberty:security:2003-08:null:SAML";
/**
* Authentication mechanism "urn:liberty:security:2004-04:null:Bearer"
*/
"urn:liberty:security:2004-04:null:Bearer";
/**
* Authentication mechanism "urn:liberty:security:2003-08:TLS:null"
*/
"urn:liberty:security:2003-08:TLS:null";
/**
* Authentication mechanism "urn:liberty:security:2003-08:TLS:X509"
*/
"urn:liberty:security:2003-08:TLS:X509";
/**
* Authentication mechanism "urn:liberty:security:2003-08:TLS:SAML"
*/
"urn:liberty:security:2003-08:TLS:SAML";
/**
* Authentication mechanism "urn:liberty:security:2004-04:TLS:Bearer"
*/
"urn:liberty:security:2004-04:TLS:Bearer";
/**
* Authentication mechanism "urn:liberty:security:2003-08:ClientTLS:null"
*/
"urn:liberty:security:2003-08:ClientTLS:null";
/**
* Authentication mechanism "urn:liberty:security:2003-08:ClientTLS:X509"
*/
"urn:liberty:security:2003-08:ClientTLS:X509";
/**
* Authentication mechanism "urn:liberty:security:2003-08:ClientTLS:SAML"
*/
"urn:liberty:security:2003-08:ClientTLS:SAML";
/**
* Authentication mechanism "urn:liberty:security:2004-04:ClientTLS:Bearer"
*/
"urn:liberty:security:2004-04:ClientTLS:Bearer";
/**
* Authentication mechanism "urn:liberty:security:2005-02:null:X509"
*/
"urn:liberty:security:2005-02:null:X509";
/**
* Authentication mechanism "urn:liberty:security:2005-02:TLS:X509"
*/
"urn:liberty:security:2005-02:TLS:X509";
/**
* Authentication mechanism "urn:liberty:security:2005-02:ClientTLS:X509"
*/
"urn:liberty:security:2005-02:ClientTLS:X509";
/**
* Authentication mechanism "urn:liberty:security:2005-02:null:SAML"
*/
"urn:liberty:security:2005-02:null:SAML";
/**
* Authentication mechanism "urn:liberty:security:2005-02:TLS:SAML"
*/
"urn:liberty:security:2005-02:TLS:SAML";
/**
* Authentication mechanism "urn:liberty:security:2005-02:ClientTLS:SAML"
*/
"urn:liberty:security:2005-02:ClientTLS:SAML";
/**
* Authentication mechanism "urn:liberty:security:2005-02:null:Bearer"
*/
"urn:liberty:security:2005-02:null:Bearer";
/**
* Authentication mechanism "urn:liberty:security:2005-02:TLS:Bearer"
*/
"urn:liberty:security:2005-02:TLS:Bearer";
/**
* Authentication mechanism "urn:liberty:security:2005-02:ClientTLS:Bearer"
*/
"urn:liberty:security:2005-02:ClientTLS:Bearer";
private boolean clientAuthentication = false;
/**
* Default Constructor.
*/
public Message() {
correlationHeader = new CorrelationHeader();
}
/**
* The default constructor uses default cert alias defined in AMConfig for
* signing.
*
* @param providerHeader <code>ProviderHeader</code>.
* @throws SOAPBindingException if provider header is null.
*/
correlationHeader = new CorrelationHeader();
this.providerHeader = providerHeader;
}
/**
* This constructor takes a SAML assertion for signing.
*
* @param providerHeader <code>ProviderHeader</code>
* @param assertion a SAML assertion
* @throws SOAPBindingException if an error occurs while processing
* the SAML assertion or the provider
* header is null
*/
throws SOAPBindingException {
throw new SOAPBindingException(
}
} else {
}
correlationHeader = new CorrelationHeader();
this.providerHeader = providerHeader;
}
/**
* This constructor takes a binary security token for signing.
*
* @param providerHeader <code>ProviderHeader</code>
* @param token a binary security token
* @throws SOAPBindingException if an error occurs while processing
* the token or the provider header is null
*/
throws SOAPBindingException {
throw new SOAPBindingException(
}
correlationHeader = new CorrelationHeader();
this.providerHeader = providerHeader;
}
/**
* This constructor is to create a SOAP fault message.
*
* @param soapFault <code>SOAPFault</code>
*/
correlationHeader = new CorrelationHeader();
}
/**
* This constructor takes an InputStream.
*
* @param inputStream an InputStream
* @throws SOAPBindingException if an error occurs while parsing the input.
*/
try {
}
}
/**
* This constructor takes a SOAP message which is received from a SOAP
* connection.
*
* @param soapMessage a SOAP message
* @throws SOAPBindingException if an error occurs while parsing the
* SOAP message
*/
throws SOAPBindingException,SOAPFaultException {
try {
}
}
/**
* Gets security profile type. Possible values are ANONYMOUS, X509_TOKEN
* and SAML_TOKEN.
*
* @return the Security Profile type
*/
public int getSecurityProfileType() {
return securityProfileType;
}
/**
* Sets security profile type.
*
* @param profileType Profile Type. Possible values are ANONYMOUS,
* X509_TOKEN , SAML_TOKEN and BEARER_TOKEN
*/
}
/**
* Sets a binary security token for this message.
*
* @param binaryToken a binary security token
*/
}
/**
* Gets authentication mechanism.
* Possible values are NULL_NULL,NULL_X509, NULL_SAML, TLS_NULL,
* TLS_X509, TLS_SAML, CLIENT_TLS_NULL,CLIENT_TLS_X509, CLIENT_TLS_SAML,
* NULL_BEAER, TLS_BEARER, and CLIENT_TLS_BEARER.
*
* @return an authentication mechanism
*/
if (authenticationMechanism != null) {
return authenticationMechanism;
}
if (certificate == null) {
switch (securityProfileType) {
case X509_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
case SAML_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
case BEARER_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
default:
return authenticationMechanism;
}
} else {
switch (securityProfileType) {
case X509_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
case SAML_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
case BEARER_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
default:
return authenticationMechanism;
}
}
} else {
switch (securityProfileType) {
case X509_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
case SAML_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
case BEARER_TOKEN:
wsfVersion)) {
} else {
}
return authenticationMechanism;
default:
return authenticationMechanism;
}
}
}
/**
* Returns a boolean flag to determine if this Message will be sent to
* a server that requires client authentication.
*
* @return true if this Message will be sent to a server that
* requires client authentication
*/
public boolean isClientAuthentication() {
return clientAuthentication;
}
/**
* Returns the <code>CorrelationHeader</code>.
*
* @return the <code>CorrelationHeader</code>.
*/
return correlationHeader;
}
/**
* Returns the <code>ConsentHeader</code>.
*
* @return the <code>ConsentHeader</code>.
*/
return consentHeader;
}
/**
* Returns a list of <code>UsageDirectiveHeader</code>.
*
* @return a list of <code>UsageDirectiveHeader</code>.
*/
return usageDirectiveHeaders;
}
/**
* Returns the <code>ProviderHeader</code>.
*
* @return the <code>ProviderHeader</code>.
*/
return providerHeader;
}
/**
* Returns the <code>ProcessingContextHeader</code>.
*
* @return the <code>ProcessingContextHeader</code>.
*/
return processingContextHeader;
}
/**
* Returns the <code>ServiceInstanceUpdateHeader</code>.
*
* @return the <code>ServiceInstanceUpdateHeader</code>.
*/
return serviceInstanceUpdateHeader;
}
/**
* Returns a list of SOAP headers except <code>CorrelationHeader</code>,
* <code>ConsentHeader</code>, <code>UsageDirectiveHeader</code> and
* <code>Security</code> header. Each entry will be a
* <code>org.w3c.dom.Element</code>.
*
* @return a list of SOAP headers
*/
return soapHeaders;
}
/**
* Returns the <code>SOAPFault</code>.
*
* @return the <code>SOAPFault</code>.
*/
return soapFault;
}
/**
* Returns a list of SOAP bodies.
* Each entry will be a <code>org.w3c.dom.Element</code>.
*
* @return a list of SOAP bodies
*/
return soapBodies;
}
/**
* Returns a list of SOAP bodies.
* Each entry will be a <code>org.w3c.dom.Element</code> with specified
* namespace URI and local name.
*
* @param namespaceURI namspace URI
* @param localName local name
* @return a list of SOAP bodies
*/
}
}
}
return soapBodies;
}
/**
* Returns a list of security header except the SAML assertion used in
* SAML token profile or the binary security token used in X509 token
* profile. Each entry will be a <code>org.w3c.dom.Element</code>.
*
* @return a list of security headers
*/
return securityHeaders;
}
/**
* Returns the SAML assertion used for signing.
*
* @return the SAML assertion.
*/
return assertion;
}
/**
* Returns a binary security token used for signing.
*
* @return a binary security token.
*/
return binarySecurityToken;
}
/**
* Returns the X509 certificate used in client authentication.
*
* @return a X509 certificate
*/
return certificate;
}
/**
* Returns the X509 certificate used in message level authentication.
*
* @return a X509 certificate.
*/
return messageCertificate;
}
/**
* Returns a token for the sender of this Message.
*
* @return a token Object.
*/
return token;
}
/**
* Returns the IP address of remote site of the SOAP connection.
*
* @return a IP address
*/
return ipAddress;
}
/**
* Returns a list of id's for signing.
*
* @return a list of id's for signing.
*/
if (consentHeader != null) {
}
}
if (usageDirectiveHeaders != null &&
!usageDirectiveHeaders.isEmpty()) {
}
}
}
if (providerHeader != null) {
}
}
if (processingContextHeader != null) {
}
}
if (serviceInstanceUpdateHeader != null) {
}
}
}
}
return ids;
}
/**
* Sets the <code>CorrelationHeader</code>.
*
* @param correlationHeader <code>CorrelationHeader</code>
*/
if (correlationHeader != null) {
this.correlationHeader = correlationHeader;
}
}
/**
* Sets <code>ConsentHeader</code>.
*
* @param consentHeader the <code>ConsentHeader</code>.
*/
this.consentHeader = consentHeader;
}
/**
* Sets a list of <code>UsageDirectiveHeader</code>.
*
* @param usageDirectiveHeaders a list of <code>UsageDirectiveHeader</code>.
*/
}
/**
* Sets <code>ProviderHeader</code> if it is not null.
*
* @param providerHeader the <code>ProviderHeader</code>.
*/
this.providerHeader = providerHeader;
}
/**
* Sets the <code>ProcessingContextHeader</code>.
*
* @param processingContextHeader <code>ProcessingContextHeader</code>
*/
public void setProcessingContextHeader(
}
/**
* Sets the <code>ServiceInstanceUpdateHeader</code>.
*
* @param serviceInstanceUpdateHeader
* the <code>ServiceInstanceUpdateHeader</code>
*/
public void setServiceInstanceUpdateHeader(
}
/**
* Sets a list of SOAP headers except <code>CorrelationHeader</code>,
* <code>ConsentHeader</code>, <code>UsageDirectiveHeader</code> and
* 'Security' header. Each entry will be a <code>org.w3c.dom.Element</code>.
*
* @param headers a list of SOAP headers.
* @param signingIds a list of values of <code>id</code> attribute for
* signing
*/
this.signingIds = signingIds;
}
/**
* Sets a SOAP header except <code>CorrelationHeader</code>,
* <code>ConsentHeader</code> and <code>UsageDirectiveHeader</code>.
*
* @param header a <code>org.w3c.dom.Element</code>
* @param signingId the value of <code>id</code> attribute for signing.
* A value null value for this attribute is assumed as no signing.
*/
}
}
/**
* Sets a list of security headers. Each entry will be a
* <code>org.w3c.dom.Element</code>.
*
* @param headers a list of security headers.
*/
}
/**
* Sets a security header.
*
* @param header the security header element.
*/
}
/**
* Sets the <code>SOAPFault</code>.
*
* @param soapFault the <code>SOAPFault</code>.
*/
}
/**
* Sets a list of SOAP bodies. Each entry will be a
* <code>org.w3c.dom.Element</code>. To send a SOAP Fault, please use
* method <code>setSOAPFault</code>.
*
* @param bodies a list of SOAP bodies.
*/
soapBodies = bodies;
}
/**
* Sets a SOAP body. To send a SOAP Fault, please use method
* <code>setSOAPFault</code>.
*
* @param body a <code>org.w3c.dom.Element</code>
*/
}
/**
* Sets the IP address of remote site of the SOAP connection.
*
* @param ipAddress a IP address
*/
}
/**
* Sets the protocol value . The expected
* value is either http or https.
*
* @param protocol the protocol value.
*/
this.protocol = "http";
} else {
}
}
/**
* Sets the X509 certificate used in client authentication.
*
* @param cert a X509 certificate
*/
certificate = cert;
}
/**
* Sets a boolean flag. If the flag is true, this Message will be sent to
* a server that requires client authentication.
*
* @param clientAuthentication a boolean flag
*/
}
/**
* Sets a token for the sender of this Message. The accual type
* will be the same as the type of the Object retured from
* <code>WebServiceAuthenticator.authenticate</code>.
*
* @param Object a token Object
*/
}
/**
* Returns the SOAP message in String format.
*
* @return the SOAP message in String format.
*/
try {
return "";
}
}
/**
* Returns the SOAP message in <code>org.w3c.dom.Document</code> format.
*
* @return the SOAP message in <code>org.w3c.dom.Document</code> format.
* @throws SOAPBindingException if an error occurs while constructing
* a document.
*/
return toDocument(false);
}
/**
* Returns the SOAP message in <code>org.w3c.dom.Document</code> format.
*
* @param refresh true to reconstruct a document, false to reuse a
* previous document. If previous document doesn't exist,
* it will construct a new document.
* @return the SOAP message in <code>org.w3c.dom.Document</code> format.
* @throws SOAPBindingException if an error occurs while constructing
* the <code>org.w3c.dom.Document</code>.
*/
return doc;
}
try {
}
}
wsuNS);
if (correlationHeader != null) {
}
if (consentHeader != null) {
}
if (usageDirectiveHeaders != null &&
!usageDirectiveHeaders.isEmpty()) {
}
}
if (providerHeader != null) {
}
if (processingContextHeader != null) {
}
if (serviceInstanceUpdateHeader != null) {
}
}
}
}
boolean hasSecurityHeaders =
"Message.toDocument: adding security headers ");
}
if (assertionDoc == null) {
throw new SOAPBindingException(msg);
}
} else if (binarySecurityToken != null) {
"cannotProcessBinarySecurityToken");
throw new SOAPBindingException(msg);
}
true));
}
if (hasSecurityHeaders) {
true));
}
}
}
}
}
}
}
}
}
bodyId);
} else {
}
}
return doc;
}
/**
* Returns the SOAP message in SOAPMessage format.
*
* @return the SOAP message in SOAPMessage format.
* @throws SOAPBindingException if an error occurs while converting
* this object to a SOAP message.
*/
}
/**
* Parses a <code>org.w3c.dom.Document</code> to construct this object.
*
* @param doc a <code>org.w3c.dom.Document</code>.
* @throws SOAPBindingException if an error occurs while parsing
* the document
*/
}
if (length == 0) {
throw new SOAPBindingException(msg);
}
for(int i = 0; i < length; i++) {
}
}
}
}
soapHeaders = new ArrayList();
// parsing Header element
for (int i = 0; i < length; i++) {
} else if (SOAPBindingConstants.TAG_CONSENT
} else if(SOAPBindingConstants.TAG_USAGE_DIRECTIVE
if (usageDirectiveHeaders == null) {
usageDirectiveHeaders = new ArrayList();
}
new UsageDirectiveHeader(element));
} else if (SOAPBindingConstants.TAG_PROVIDER
} else if (SOAPBindingConstants.TAG_PROCESSING_CONTEXT
} else {
}
} else if (SOAPBindingConstants.NS_SOAP_BINDING_11
} else {
}
} else {
}
}
}
}
if (soapHeaders.isEmpty()) {
soapHeaders = null;
}
// parsing Body element
for(int i = 0; i < length; i++) {
} else {
if (soapBodies == null) {
soapBodies = new ArrayList();
}
}
}
}
}
}
/**
* Sets security profile type by parsing a security element.
*
* @param se a security element
* @throws SOAPBindingException if an error occurs while parsing
* the security element
*/
throws SOAPBindingException {
return;
}
return;
}
} else {
return;
}
} else {
throw new SOAPBindingException(msg);
}
"SecurityTokenReference Reference URI = " + uri);
}
}
}
securityHeaders = new ArrayList();
for(int i = 0; i < length; i++) {
if (securityProfileType != ANONYMOUS) {
continue;
}
"ValueType");
continue;
}
continue;
}
}
try {
"cannotProcessBinarySecurityToken");
msg);
throw new SOAPBindingException(msg);
}
" found binary security token");
}
continue;
}
}
try {
} catch (SAMLException ex) {
"cannotProcessSAMLAssertion");
msg);
throw new SOAPBindingException(msg);
}
" found security assertion, " +
"isBearer = " +
}
} else {
}
} else {
}
}
}
if (securityHeaders.isEmpty()) {
}
}
/**
* Returns the web services version of the message.
*
* @return the web services version.
*/
public String
{
return wsfVersion;
}
/**
* Sets the web services version to the message.
*
* @param version the web services framework version.
*/
public void
{
this.wsfVersion = version;
}
}