FAMSTSImpl.java revision 4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1c
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * opensso/legal/CDDLv1.0.txt
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at opensso/legal/CDDLv1.0.txt.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: FAMSTSImpl.java,v 1.6 2010/01/15 18:54:35 mrudul_uchil Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.sun.identity.wss.sts;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.ws.Provider;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.ws.Service;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.ws.ServiceMode;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.ws.WebServiceContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.ws.WebServiceException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.ws.WebServiceProvider;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.ws.handler.MessageContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.annotation.Resource;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.api.security.trust.WSTrustException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.api.security.trust.config.STSConfiguration;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.policy.impl.bindings.AppliesTo;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.GenericToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.WSTrustVersion;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.WSTrustConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.WSTrustElementFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.WSTrustFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.sts.BaseSTSImpl;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.api.security.trust.WSTrustContract;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.policy.PolicyAssertion;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.IssuedTokenContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.impl.IssuedTokenContextImpl;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.impl.policy.Constants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.elements.BaseSTSRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.elements.BaseSTSResponse;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.impl.DefaultSTSConfiguration;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.impl.DefaultTrustSPMetadata;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.ws.security.trust.util.WSTrustUtil;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.wss.SecurityEnvironment;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.wss.SubjectAccessor;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.xml.wss.XWSSecurityException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.namespace.QName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.transform.Source;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.transform.Transformer;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.transform.TransformerException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.transform.TransformerFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.xml.transform.dom.DOMResult;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.w3c.dom.Document;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.w3c.dom.Element;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.w3c.dom.NodeList;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.w3c.dom.Node;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Iterator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster@ServiceMode(value=Service.Mode.PAYLOAD)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster@WebServiceProvider(wsdlLocation="WEB-INF/wsdl/famsts.wsdl")
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class FAMSTSImpl extends BaseSTSImpl implements Provider<Source>{
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster @Resource
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected WebServiceContext context;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Source invoke(final Source rstElement){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster final STSConfiguration config = getConfiguration();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wstVer);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Source rstrEle = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try{
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster final RequestSecurityToken rst = parseRST(rstElement);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String appliesTo = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster final AppliesTo applTo = rst.getAppliesTo();
if(applTo != null){
appliesTo = WSTrustUtil.getAppliesToURI(applTo);
}
if (appliesTo == null){
appliesTo = DEFAULT_APPLIESTO;
}
if(rst.getRequestType().toString().equals(
wstVer.getIssueRequestTypeURI())){
rstrEle = issue(config, appliesTo, eleFac, rst);
} else if(rst.getRequestType().toString().equals(
wstVer.getCancelRequestTypeURI())){
rstrEle = cancel(config, appliesTo, eleFac, rst);
} else if(rst.getRequestType().toString().equals(
wstVer.getRenewRequestTypeURI())){
rstrEle = renew(config, appliesTo, eleFac, rst);
} else if(rst.getRequestType().toString().equals(
wstVer.getValidateRequestTypeURI())){
rstrEle = validate(config, appliesTo, eleFac, rst);
}
} catch (Exception ex){
//ex.printStackTrace();
throw new WebServiceException(ex);
}
return rstrEle;
}
protected MessageContext getMessageContext() {
MessageContext msgCtx = context.getMessageContext();
return msgCtx;
}
private RequestSecurityToken parseRST(Source source) throws WSTrustException{
Element ele = null;
try{
DOMResult result = new DOMResult();
Transformer tf = TransformerFactory.newInstance().newTransformer();
tf.transform(source, result);
Node node = result.getNode();
if (node instanceof Document){
ele = ((Document)node).getDocumentElement();
} else if (node instanceof Element){
ele = (Element)node;
}
} catch(Exception xe){
throw new WSTrustException("Error occurred while trying to parse " +
"RST stream", xe);
}
WSTrustElementFactory fact = WSTrustElementFactory.newInstance(wstVer);
RequestSecurityToken rst = fact.createRSTFrom(ele);
// handling OnBehalfOf
NodeList list =
ele.getElementsByTagNameNS(ele.getNamespaceURI(), "OnBehalfOf");
if (list.getLength() > 0){
Element oboToken = (Element)list.item(0).getChildNodes().item(0);
rst.setOnBehalfOf(fact.createOnBehalfOf(new GenericToken(oboToken)));
}
return rst;
}
STSConfiguration getConfiguration() {
final MessageContext msgCtx = getMessageContext();
//final CallbackHandler handler =
//(CallbackHandler)msgCtx.get(WSTrustConstants.STS_CALL_BACK_HANDLER);
final SecurityEnvironment secEnv =
(SecurityEnvironment)msgCtx.get(WSTrustConstants.SECURITY_ENVIRONMENT);
WSTrustVersion wstVersion =
(WSTrustVersion)msgCtx.get(WSTrustConstants.WST_VERSION);
String authnCtxClass =
(String)msgCtx.get(WSTrustConstants.AUTHN_CONTEXT_CLASS);
if (wstVersion != null){
wstVer = wstVersion;
}
//Get Runtime STSConfiguration
STSConfiguration rtConfig = WSTrustFactory.getRuntimeSTSConfiguration();
if (rtConfig != null){
if (rtConfig.getCallbackHandler() == null){
rtConfig.getOtherOptions().put(
WSTrustConstants.SECURITY_ENVIRONMENT, secEnv);
}
if (wstVersion == null){
wstVersion = (WSTrustVersion)rtConfig.getOtherOptions().get(
WSTrustConstants.WST_VERSION);
if (wstVersion != null){
wstVer = wstVersion;
}
}
rtConfig.getOtherOptions().put(WSTrustConstants.WST_VERSION, wstVer);
return rtConfig;
}
// Get default STSConfiguration
DefaultSTSConfiguration config = new DefaultSTSConfiguration();
config.getOtherOptions().put(
WSTrustConstants.SECURITY_ENVIRONMENT, secEnv);
//config.setCallbackHandler(handler);
final Iterator iterator = (Iterator)msgCtx.get(
Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS);
if (iterator == null){
throw new WebServiceException("STS configuration is not available");
}
while(iterator.hasNext()) {
final PolicyAssertion assertion = (PolicyAssertion)iterator.next();
if (!STS_CONFIGURATION.equals(assertion.getName().getLocalPart())) {
continue;
}
config.setEncryptIssuedToken(Boolean.parseBoolean(
assertion.getAttributeValue(new QName("",ENCRYPT_TOKEN))));
config.setEncryptIssuedKey(Boolean.parseBoolean(
assertion.getAttributeValue(new QName("",ENCRYPT_KEY))));
final Iterator<PolicyAssertion> stsConfig =
assertion.getNestedAssertionsIterator();
while(stsConfig.hasNext()){
final PolicyAssertion serviceSTSPolicy = stsConfig.next();
if(LIFETIME.equals(serviceSTSPolicy.getName().getLocalPart())){
config.setIssuedTokenTimeout(
Integer.parseInt(serviceSTSPolicy.getValue()));
continue;
}
if(CONTRACT.equals(serviceSTSPolicy.getName().getLocalPart())){
config.setType(serviceSTSPolicy.getValue());
continue;
}
if(ISSUER.equals(serviceSTSPolicy.getName().getLocalPart())){
config.setIssuer(serviceSTSPolicy.getValue());
continue;
}
if(SERVICE_PROVIDERS.equals(
serviceSTSPolicy.getName().getLocalPart())){
final Iterator<PolicyAssertion> serviceProviders =
serviceSTSPolicy.getNestedAssertionsIterator();
String endpointUri = null;
while(serviceProviders.hasNext()){
final PolicyAssertion serviceProvider =
serviceProviders.next();
endpointUri = serviceProvider.getAttributeValue(
new QName("",END_POINT));
if (endpointUri == null){
endpointUri = serviceProvider.getAttributeValue(
new QName("", END_POINT.toLowerCase()));
}
final DefaultTrustSPMetadata data =
new DefaultTrustSPMetadata(endpointUri);
final Iterator<PolicyAssertion> spConfig =
serviceProvider.getNestedAssertionsIterator();
while(spConfig.hasNext()){
final PolicyAssertion policy = spConfig.next();
if(ALIAS.equals(policy.getName().getLocalPart())){
data.setCertAlias(policy.getValue());
}else if (TOKEN_TYPE.equals(
policy.getName().getLocalPart())){
data.setTokenType(policy.getValue());
}else if (KEY_TYPE.equals(
policy.getName().getLocalPart())){
data.setKeyType(policy.getValue());
}
}
config.addTrustSPMetadata(data, endpointUri);
}
}
}
}
config.getOtherOptions().put(WSTrustConstants.WST_VERSION, wstVer);
if(authnCtxClass != null){
config.getOtherOptions().put(
WSTrustConstants.AUTHN_CONTEXT_CLASS, authnCtxClass);
}
config.getOtherOptions().putAll(msgCtx);
return config;
}
private Source issue(final STSConfiguration config, final String appliesTo,
final WSTrustElementFactory eleFac, final BaseSTSRequest rst)
throws WSTrustException, TransformerException {
// Create the RequestSecurityTokenResponse message
final WSTrustContract<BaseSTSRequest, BaseSTSResponse> contract =
WSTrustFactory.newWSTrustContract(config, appliesTo);
final IssuedTokenContext context = new IssuedTokenContextImpl();
try {
context.setRequestorSubject(
SubjectAccessor.getRequesterSubject(getMessageContext()));
} catch (XWSSecurityException ex) {
throw new WSTrustException("error getting subject",ex);
}
final BaseSTSResponse response = contract.issue(rst, context);
return eleFac.toSource(response);
}
private Source cancel(final STSConfiguration config,
final String appliesTo, final WSTrustElementFactory eleFac,
final BaseSTSRequest rst) {
return null;
}
private Source renew(final STSConfiguration config,final String appliesTo,
final WSTrustElementFactory eleFac, final RequestSecurityToken rst)
throws WSTrustException {
Source rstrEle;
// Create the RequestSecurityTokenResponse message
final WSTrustContract<BaseSTSRequest, BaseSTSResponse> contract =
WSTrustFactory.newWSTrustContract(config, appliesTo);
final IssuedTokenContext context = new IssuedTokenContextImpl();
final BaseSTSResponse rstr = contract.renew(rst, context);
rstrEle = eleFac.toSource(rstr);
return rstrEle;
}
private Source validate(final STSConfiguration config,final String appliesTo,
final WSTrustElementFactory eleFac, final BaseSTSRequest rst)
throws WSTrustException {
Source rstrEle;
// Create the RequestSecurityTokenResponse message
final WSTrustContract<BaseSTSRequest, BaseSTSResponse> contract =
WSTrustFactory.newWSTrustContract(config, appliesTo);
final IssuedTokenContext lcontext = new IssuedTokenContextImpl();
final BaseSTSResponse rstr = contract.validate(rst, lcontext);
rstrEle = eleFac.toSource(rstr);
return rstrEle;
}
}