wss/policy/WSSPolicyManager.java

	WSSPolicyManager.java revision 4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1c
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna/**
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * The contents of this file are subject to the terms
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * of the Common Development and Distribution License
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * (the License). You may not use this file except in
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * compliance with the License.
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * You can obtain a copy of the License at
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * https://opensso.dev.java.net/public/CDDLv1.0.html or
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * opensso/legal/CDDLv1.0.txt
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * See the License for the specific language governing
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * permission and limitations under the License.
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington *
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna * When distributing Covered Code, include this CDDL
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna * Header Notice in each file and include the License file
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna * at opensso/legal/CDDLv1.0.txt.
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna * If applicable, add the following below the CDDL Header,
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna * with the fields enclosed by brackets [] replaced by
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna * your own identifying information:
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna * "Portions Copyrighted [year] [name of copyright owner]"
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna *
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna * $Id: WSSPolicyManager.java,v 1.2 2009/12/19 00:09:41 asyhuang Exp $
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna *
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna */
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Lunapackage com.sun.identity.wss.policy;
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Lunaimport javax.xml.bind.JAXBException;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport javax.xml.namespace.QName;
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Lunaimport java.util.List;
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Lunaimport java.util.Iterator;
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Lunaimport com.sun.identity.wsfederation.jaxb.wspolicy.PolicyElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wspolicy.ExactlyOneElement;
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Lunaimport com.sun.identity.wsfederation.jaxb.wspolicy.AllElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.AsymmetricBindingElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.SymmetricBindingElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.InitiatorTokenElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.RecipientTokenElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.X509TokenElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.UsernameTokenElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.SamlTokenElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.WssX509V3Token10Element;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.WssUsernameToken10Element;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.WssSamlV20Token11Element;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.WssSamlV11Token11Element;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.AlgorithmSuiteElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.Basic128Element;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.Basic192Element;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.Basic256Element;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.TripleDesElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.LayoutElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.ProtectionTokenElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.KerberosTokenElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        WssKerberosV5ApReqToken11Element;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.SignedPartsElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.EncryptedPartsElement;
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.HeaderType;
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.IssuedTokenElement;
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Lunaimport com.sun.identity.wsfederation.jaxb.wsaddr.EndpointReferenceElement;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsaddr.AttributedURIType;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wsfederation.jaxb.wsspolicy.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        RequestSecurityTokenTemplateType;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wss.provider.ProviderConfig;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wss.security.SecurityMechanism;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wss.security.WSSConstants;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wss.security.WSSUtils;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunaimport com.sun.identity.wss.sts.config.STSRemoteConfig;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna/**
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna * The <code>WSSPolicyManager</code> class manages the WS-Security policy
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna * configuration and is used to convert from <code>ProviderConfig</code> to
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna * WS-Security Policy and vice versa.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna */
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Lunapublic class WSSPolicyManager {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    private static final String INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/" +
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            "IncludeToken/AlwaysToRecipient";
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    private static com.sun.identity.wsfederation.jaxb.wspolicy.ObjectFactory
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna             wsPolicyFactory =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna             new com.sun.identity.wsfederation.jaxb.wspolicy.ObjectFactory();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    private static com.sun.identity.wsfederation.jaxb.wsspolicy.ObjectFactory
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna             wssPolicyFactory =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna             new com.sun.identity.wsfederation.jaxb.wsspolicy.ObjectFactory();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    private static com.sun.identity.wsfederation.jaxb.wsaddr.ObjectFactory
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            wsAddressingFactory =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            new com.sun.identity.wsfederation.jaxb.wsaddr.ObjectFactory();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    private static WSSPolicyManager wssPolicyManager =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            new WSSPolicyManager();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    private WSSPolicyManager() {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    public static WSSPolicyManager getInstance() {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        return wssPolicyManager;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    /**
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * Returns the web service end point policy based on the provider
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * configuration.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @param providerConfig the provider configuration for a given provider
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * configuration.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @return the XML String representation of ws-security policy.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     */
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    public String getPolicy(ProviderConfig providerConfig)
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            throws WSSPolicyException {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        try {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            PolicyElement policyElement = wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            ExactlyOneElement exactlyOneElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wsPolicyFactory.createExactlyOneElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            //TODO - Need to add a config in the WSP config and then create the
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            // issued token policy.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            boolean useIssuedTokenPolicy = false;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            List <String> securityMech = providerConfig.getSecurityMechanisms();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            if(securityMech == null || securityMech.isEmpty()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               throw new WSSPolicyException(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       "Security mechanism not configured");
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            for (Iterator iter = securityMech.iterator(); iter.hasNext();) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                String secMech = (String)iter.next();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                AllElement allElement = wsPolicyFactory.createAllElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                if(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN_URI.equals(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        secMech)) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   SymmetricBindingElement sbe =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                         wssPolicyFactory.createSymmetricBindingElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   PolicyElement policyElement1 =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   sbe.setPolicy(policyElement1);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   ProtectionTokenElement pte =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           createProtectionTokenElement(secMech);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(pte);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   if(providerConfig.isResponseSignEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      RecipientTokenElement rte = createRecipientTokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      policyElement1.getPolicyOrAllOrExactlyOne().add(rte);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   AlgorithmSuiteElement ase =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           createAlgorithmSuiteElement(providerConfig);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   if(ase != null) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      policyElement1.getPolicyOrAllOrExactlyOne().add(ase);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           createLayoutElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        wssPolicyFactory.createIncludeTimestampElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssPolicyFactory.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       createOnlySignEntireHeadersAndBodyElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   allElement.getPolicyOrAllOrExactlyOne().add(sbe);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                } else if (useIssuedTokenPolicy) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   AsymmetricBindingElement abe =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      wssPolicyFactory.createAsymmetricBindingElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   PolicyElement policyElement1 =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   abe.setPolicy(policyElement1);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   IssuedTokenElement ite = createIssuedTokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(ite);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   if(providerConfig.isResponseSignEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      RecipientTokenElement rte = createRecipientTokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      policyElement1.getPolicyOrAllOrExactlyOne().add(rte);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   AlgorithmSuiteElement ase =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           createAlgorithmSuiteElement(providerConfig);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   if(ase != null) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      policyElement1.getPolicyOrAllOrExactlyOne().add(ase);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           createLayoutElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        wssPolicyFactory.createIncludeTimestampElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssPolicyFactory.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       createOnlySignEntireHeadersAndBodyElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   allElement.getPolicyOrAllOrExactlyOne().add(abe);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   exactlyOneElement.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           allElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   break;
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                } else {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   AsymmetricBindingElement abe =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      wssPolicyFactory.createAsymmetricBindingElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   PolicyElement policyElement1 =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   abe.setPolicy(policyElement1);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   InitiatorTokenElement ite =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           createInitiatorTokenElement(secMech);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(ite);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   if(providerConfig.isResponseSignEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      RecipientTokenElement rte = createRecipientTokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      policyElement1.getPolicyOrAllOrExactlyOne().add(rte);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   AlgorithmSuiteElement ase =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           createAlgorithmSuiteElement(providerConfig);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   if(ase != null) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                      policyElement1.getPolicyOrAllOrExactlyOne().add(ase);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                           createLayoutElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        wssPolicyFactory.createIncludeTimestampElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssPolicyFactory.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       createOnlySignEntireHeadersAndBodyElement());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                   allElement.getPolicyOrAllOrExactlyOne().add(abe);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                exactlyOneElement.getPolicyOrAllOrExactlyOne().add(allElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            policyElement.getPolicyOrAllOrExactlyOne().add(exactlyOneElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            return WSSPolicyUtils.convertJAXBToString(policyElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        } catch (JAXBException je) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            WSSUtils.debug.error("WSSPolicyManager.getPolicy:" +
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    " JAXBException", je);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            throw new WSSPolicyException(je.getMessage());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    /**
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * Returns the input policy for the given web service provider
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * configuration.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @param providerConfig the provider configuration of a
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     *        web service provider.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     *
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @return the XML String representation for the web service provider
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     *         input policy.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @throws com.sun.identity.wss.policy.WSSPolicyException
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     */
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    public String getInputPolicy(ProviderConfig providerConfig)
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            throws WSSPolicyException {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        try {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            PolicyElement policyElement = wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            ExactlyOneElement exactlyOneElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wsPolicyFactory.createExactlyOneElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            AllElement allElement = wsPolicyFactory.createAllElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            policyElement.getPolicyOrAllOrExactlyOne().add(exactlyOneElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            if(providerConfig.isRequestSignEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               SignedPartsElement signedParts =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wssPolicyFactory.createSignedPartsElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               signedParts.setBody(wssPolicyFactory.createEmptyType());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               allElement.getPolicyOrAllOrExactlyOne().add(signedParts);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            if(providerConfig.isRequestEncryptEnabled() ||
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    providerConfig.isRequestHeaderEncryptEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               EncryptedPartsElement encryptedParts =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssPolicyFactory.createEncryptedPartsElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               if(providerConfig.isRequestEncryptEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                  encryptedParts.setBody(wssPolicyFactory.createEmptyType());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               if(providerConfig.isRequestHeaderEncryptEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                  HeaderType headerType =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                                    wssPolicyFactory.createHeaderType();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                  headerType.setName(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                          new QName(WSSConstants.WSSE_SECURITY_LNAME));
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                  headerType.setNamespace(WSSConstants.WSSE11_NS);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                  encryptedParts.getHeader().add(headerType);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               allElement.getPolicyOrAllOrExactlyOne().add(encryptedParts);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            exactlyOneElement.getPolicyOrAllOrExactlyOne().add(allElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            return WSSPolicyUtils.convertJAXBToString(policyElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        } catch (JAXBException je) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            WSSUtils.debug.error("WSSPolicyManager.getInputPolicy: " +
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    "JAXB Exception ");
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            throw new WSSPolicyException(je.getMessage());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    /**
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * Returns the output policy for the given web service provider
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * configuration.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @param providerConfig the provider configuration of a web service
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     *        provider.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @return the XML String representation of ws-security policy for the
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     *         web service provider.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @throws com.sun.identity.wss.policy.WSSPolicyException
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     */
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    public String getOutputPolicy(ProviderConfig providerConfig)
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            throws WSSPolicyException {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        try {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            PolicyElement policyElement = wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            ExactlyOneElement exactlyOneElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wsPolicyFactory.createExactlyOneElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            AllElement allElement = wsPolicyFactory.createAllElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            policyElement.getPolicyOrAllOrExactlyOne().add(exactlyOneElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            if(providerConfig.isResponseSignEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               SignedPartsElement signedParts =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wssPolicyFactory.createSignedPartsElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               signedParts.setBody(wssPolicyFactory.createEmptyType());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               allElement.getPolicyOrAllOrExactlyOne().add(signedParts);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            if(providerConfig.isResponseEncryptEnabled()) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               EncryptedPartsElement encryptedParts =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssPolicyFactory.createEncryptedPartsElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               encryptedParts.setBody(wssPolicyFactory.createEmptyType());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               allElement.getPolicyOrAllOrExactlyOne().add(encryptedParts);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            exactlyOneElement.getPolicyOrAllOrExactlyOne().add(allElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            return WSSPolicyUtils.convertJAXBToString(policyElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        } catch (JAXBException je) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            WSSUtils.debug.error("WSSPolicyManager.geOutputPolicy: " +
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    "JAXB Exception ");
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            throw new WSSPolicyException(je.getMessage());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    }
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna    /**
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna     * Returns the STS end point policy
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @return the XML String representation of ws-security policy for the
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * STS service.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @throws WSSPolicyException
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     */
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    public String getSTSPolicy()
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            throws WSSPolicyException {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna         return getPolicy(getSTSConfig());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna    /**
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna     * Returns the input policy for the STS service
b1b9ed659b5ba78c15d544b1a76134a6eba06a55David Luna     * @return the XML String representation of ws-security policy for the
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     *         STS service.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @throws com.sun.identity.wss.policy.WSSPolicyException
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     */
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    public String getSTSInputPolicy() throws WSSPolicyException {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        return getInputPolicy(getSTSConfig());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    /**
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * Returns the output policy for the STS service
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @return the XML String representation of ws-security policy for the
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     *         STS service.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     * @throws com.sun.identity.wss.policy.WSSPolicyException
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna     */
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    public String getSTSOutputPolicy() throws WSSPolicyException {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        return getOutputPolicy(getSTSConfig());
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    }
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna    private InitiatorTokenElement createInitiatorTokenElement(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            String secMech) throws WSSPolicyException {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna        try {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            InitiatorTokenElement ite =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wssPolicyFactory.createInitiatorTokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            PolicyElement policyElement1 =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            ite.setPolicy(policyElement1);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            if(SecurityMechanism.WSS_NULL_X509_TOKEN_URI.equals(secMech)) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               X509TokenElement x509Token =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wssPolicyFactory.createX509TokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               x509Token.setIncludeToken(INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               policyElement1.getPolicyOrAllOrExactlyOne().add(x509Token);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               PolicyElement policyElement2 =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               x509Token.getAny().add(policyElement2);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               WssX509V3Token10Element wssX509v3TokenElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    wssPolicyFactory.createWssX509V3Token10Element();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               policyElement2.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssX509v3TokenElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            }  else if(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_URI.
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    equals(secMech)) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               UsernameTokenElement userNameTokenElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssPolicyFactory.createUsernameTokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               userNameTokenElement.setIncludeToken(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       userNameTokenElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               PolicyElement policyElement2 =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               userNameTokenElement.getAny().add(policyElement2);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               WssUsernameToken10Element wssUserTokenElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssPolicyFactory.createWssUsernameToken10Element();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna               policyElement2.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssUserTokenElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            } else if(SecurityMechanism.WSS_NULL_SAML2_HK_URI.equals(secMech)||
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    SecurityMechanism.WSS_NULL_SAML2_SV_URI.equals(secMech)) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                SamlTokenElement samlTokenElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        wssPolicyFactory.createSamlTokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                samlTokenElement.setIncludeToken(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        samlTokenElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                PolicyElement policyElement2 =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                samlTokenElement.getAny().add(policyElement2);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                WssSamlV20Token11Element wssSaml20TokenElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                wssPolicyFactory.createWssSamlV20Token11Element();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                policyElement2.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                       wssSaml20TokenElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna            } else if(SecurityMechanism.WSS_NULL_SAML_HK_URI.equals(secMech)||
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                    SecurityMechanism.WSS_NULL_SAML_SV_URI.equals(secMech)) {
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                SamlTokenElement samlTokenElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        wssPolicyFactory.createSamlTokenElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                samlTokenElement.setIncludeToken(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                policyElement1.getPolicyOrAllOrExactlyOne().add(
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        samlTokenElement);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                PolicyElement policyElement2 =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                        wsPolicyFactory.createPolicyElement();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                samlTokenElement.getAny().add(policyElement2);
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                WssSamlV11Token11Element wssSaml11TokenElement =
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                wssPolicyFactory.createWssSamlV11Token11Element();
b4bc0f6f0effcc65edf83eec1e8747d5fce55752David Luna                policyElement2.getPolicyOrAllOrExactlyOne().add(
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna                       wssSaml11TokenElement);
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna
c4329510051cce0c6b3efc1fae122ec4c5d61efaDavid Luna            }

            return ite;
        } catch (JAXBException je) {
            WSSUtils.debug.error("WSSPolicyManager.createInitiateTokenElement: "
                    +  " JAXB Exception ");
            throw new WSSPolicyException (je.getMessage());
        }

    }

    private RecipientTokenElement createRecipientTokenElement()
            throws WSSPolicyException {

        try {
            RecipientTokenElement rte =
                    wssPolicyFactory.createRecipientTokenElement();
            PolicyElement policyElement1 =
                    wsPolicyFactory.createPolicyElement();
            rte.setPolicy(policyElement1);
            X509TokenElement x509Token =
                    wssPolicyFactory.createX509TokenElement();
            x509Token.setIncludeToken(INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
            policyElement1.getPolicyOrAllOrExactlyOne().add(x509Token);

            PolicyElement policyElement2 =
                    wsPolicyFactory.createPolicyElement();
            x509Token.getAny().add(policyElement2);

            WssX509V3Token10Element wssX509v3TokenElement =
                    wssPolicyFactory.createWssX509V3Token10Element();
            policyElement2.getPolicyOrAllOrExactlyOne().add(
                       wssX509v3TokenElement);
            return rte;
        } catch (JAXBException je) {
            WSSUtils.debug.error("WSSPolicyManager.createRecipientTokenElement:"
                    +  " JAXB Exception ");
            throw new WSSPolicyException (je.getMessage());
        }
    }

    private AlgorithmSuiteElement createAlgorithmSuiteElement(
            ProviderConfig config) throws WSSPolicyException {

        try {
            AlgorithmSuiteElement ase =
                    wssPolicyFactory.createAlgorithmSuiteElement();
            PolicyElement policyElement1 =
                    wsPolicyFactory.createPolicyElement();
            ase.setPolicy(policyElement1);
            String encAlg = config.getEncryptionAlgorithm();
            int keyStrength = config.getEncryptionStrength();
            if("AES".equals(encAlg)) {
               if(keyStrength == 128) {
                  Basic128Element basic128Element =
                    wssPolicyFactory.createBasic128Element();
                  policyElement1.getPolicyOrAllOrExactlyOne().add(
                          basic128Element);
               } else if (keyStrength == 192) {
                  Basic192Element basic192Element =
                          wssPolicyFactory.createBasic192Element();
                  policyElement1.getPolicyOrAllOrExactlyOne().add(
                          basic192Element);
               } else if (keyStrength == 256) {
                  Basic256Element basic256Element =
                          wssPolicyFactory.createBasic256Element();
                  policyElement1.getPolicyOrAllOrExactlyOne().add(
                          basic256Element);
               } else {
                  if(WSSUtils.debug.warningEnabled()) {
                     WSSUtils.debug.warning("WSSPolicyManager.create" +
                          "AlgorithmSuite: Invalid key strenghth for AES" +
                          keyStrength);
                  }
               }
            } else if ("DESede".equals(encAlg)) {
                TripleDesElement tripleDesElement =
                        wssPolicyFactory.createTripleDesElement();
                policyElement1.getPolicyOrAllOrExactlyOne().add(
                        tripleDesElement);
            } else {
               return null;
            }
            return ase;
        } catch (JAXBException je) {
            WSSUtils.debug.error("WSSPolicyManager.createAlgorithmSuite: "
                    +  " JAXB Exception ");
            throw new WSSPolicyException (je.getMessage());
        }
    }

    private LayoutElement createLayoutElement() throws WSSPolicyException {
        try {
            LayoutElement le =
                    wssPolicyFactory.createLayoutElement();
            PolicyElement policyElement1 =
                    wsPolicyFactory.createPolicyElement();
            le.setPolicy(policyElement1);
            policyElement1.getPolicyOrAllOrExactlyOne().add(
                    wssPolicyFactory.createLaxElement());
            return le;
        } catch (JAXBException je) {
            WSSUtils.debug.error("WSSPolicyManager.createLayout: "
                    +  " JAXB Exception ");
            throw new WSSPolicyException (je.getMessage());
        }

    }


    private ProtectionTokenElement createProtectionTokenElement(
            String secMech) throws WSSPolicyException {

        try {
            ProtectionTokenElement protectionElement =
                    wssPolicyFactory.createProtectionTokenElement();
            PolicyElement policyElement1 =
                    wsPolicyFactory.createPolicyElement();
            protectionElement.setPolicy(policyElement1);

            if(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN_URI.equals(secMech)) {
               KerberosTokenElement kerberosTokenElement =
                    wssPolicyFactory.createKerberosTokenElement();
               kerberosTokenElement.setIncludeToken(
                    INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
               policyElement1.getPolicyOrAllOrExactlyOne().add(
                    kerberosTokenElement);

               PolicyElement policyElement2 =
                       wsPolicyFactory.createPolicyElement();
               kerberosTokenElement.getAny().add(policyElement2);

               WssKerberosV5ApReqToken11Element wssKrbElement =
                    wssPolicyFactory.createWssKerberosV5ApReqToken11Element();
               policyElement2.getPolicyOrAllOrExactlyOne().add(
                       wssKrbElement);
            }

            return protectionElement;
        } catch (JAXBException je) {
            WSSUtils.debug.error("WSSPolicyManager.createProtectionToken: "
                    +  " JAXB Exception ");
            throw new WSSPolicyException (je.getMessage());
        }
    }

    private IssuedTokenElement createIssuedTokenElement()
            throws WSSPolicyException {

        try {
            IssuedTokenElement issuedTokenElement =
                    wssPolicyFactory.createIssuedTokenElement();
            issuedTokenElement.setIncludeToken(
                    INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
            EndpointReferenceElement epr =
                    wsAddressingFactory.createEndpointReferenceElement();
            AttributedURIType uriType =
                    wsAddressingFactory.createAttributedURIType();
            uriType.setValue("SunSTS");
            epr.setAddress(uriType);
            issuedTokenElement.setIssuer(epr);
            RequestSecurityTokenTemplateType rstTemplate =
                    wssPolicyFactory.createRequestSecurityTokenTemplateType();
            issuedTokenElement.setRequestSecurityTokenTemplate(rstTemplate);
            return issuedTokenElement;
        } catch (JAXBException je) {
            WSSUtils.debug.error("WSSPolicyManager.createIssuedTokenElement: "
                    +  " JAXB Exception ");
            throw new WSSPolicyException (je.getMessage());
        }

    }

    private ProviderConfig getSTSConfig() throws WSSPolicyException {
        try {
            STSRemoteConfig stsConfig = new STSRemoteConfig();
            ProviderConfig pc = ProviderConfig.getProvider(
                     stsConfig.getIssuer(), ProviderConfig.WSP, false);
            pc.setKDCDomain(stsConfig.getKDCDomain());
            pc.setKDCServer(stsConfig.getKDCServer());
            pc.setKerberosServicePrincipal(
                     stsConfig.getKerberosServicePrincipal());
            pc.setKeyTabFile(stsConfig.getKeyTabFile());
            pc.setValidateKerberosSignature(
                     stsConfig.isValidateKerberosSignature());
            pc.setSecurityMechanisms(stsConfig.getSecurityMechanisms());
            pc.setUsers(stsConfig.getUsers());
            pc.setRequestEncryptEnabled(stsConfig.isRequestEncryptEnabled());
            pc.setRequestHeaderEncryptEnabled(
                    stsConfig.isRequestHeaderEncryptEnabled());
            pc.setRequestSignEnabled(stsConfig.isRequestSignEnabled());
            pc.setResponseEncryptEnabled(stsConfig.isResponseEncryptEnabled());
            pc.setResponseSignEnabled(stsConfig.isResponseSignEnabled());
            pc.setPreserveSecurityHeader(false);
            pc.setPublicKeyAlias(stsConfig.getPublicKeyAlias());
            pc.setKeyAlias(stsConfig.getPrivateKeyAlias());
            pc.setEncryptionAlgorithm(stsConfig.getEncryptionAlgorithm());
            pc.setEncryptionStrength(stsConfig.getEncryptionStrength());
            pc.setSigningRefType(stsConfig.getSigningRefType());
            pc.setAuthenticationChain(stsConfig.getAuthenticationChain());
            pc.setDetectUserTokenReplay(
                     stsConfig.isUserTokenDetectReplayEnabled());
            pc.setMessageReplayDetection(
                     stsConfig.isMessageReplayDetectionEnabled());
            pc.setDNSClaim(stsConfig.getIssuer());
            pc.setSignedElements(stsConfig.getSignedElements());
            return pc;
        } catch (Exception ex) {
            WSSUtils.debug.error("WSSPolicyManager.getSTSConfig: "
                    +  " Exception ", ex);
            throw new WSSPolicyException(ex.getMessage());
        }
    }
}