axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r394909 - in /webservices/axis2/trunk/java/modules: integration/test-resources/security/rahas/ integration/test/org/apache/axis2/security/rahas/ security/src/org/apache/axis2/security/rahas/
Date Tue, 18 Apr 2006 11:06:29 GMT
Author: ruchithf
Date: Tue Apr 18 04:06:24 2006
New Revision: 394909

URL: http://svn.apache.org/viewcvs?rev=394909&view=rev
Log:
- One more WS-Sec Conv scenario working - Now rahas module will automatically create the security
context if an STS is not specified and will propagate SCT to the other party in a RSTR sent
in the soap:Header.
- Added a test case to do the above
- Modified the sec.jks to include the STS's cert as a trusted certificate


Added:
    webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java
Modified:
    webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/sec.jks
    webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java
    webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/sec.jks
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test-resources/security/rahas/sec.jks?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
Binary files - no diff available.

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java
(original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/PWCallback.java
Tue Apr 18 04:06:24 2006
@@ -160,6 +160,10 @@
 
                     pc.setPassword("noR");
 
+                } else if(pc.getIdentifer().equals("sts")) {
+                    
+                    pc.setPassword("password");
+                    
                 } else {
 
                     pc.setPassword("sirhC");

Added: webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java?rev=394909&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java
(added)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java
Tue Apr 18 04:06:24 2006
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.rahas;
+
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.security.handler.config.InflowConfiguration;
+import org.apache.axis2.security.handler.config.OutflowConfiguration;
+
+public class RahasScenario3Test extends TestClient {
+
+    public RahasScenario3Test(String name) {
+        super(name);
+    }
+
+    public Parameter getClientRahasConfiguration() {
+        RahasConfiguration config = new RahasConfiguration();
+
+        config.setCryptoPropertiesFile("sec.properties");
+        config.setScope(RahasConfiguration.SCOPE_SERVICE);
+        config.setPasswordCallbackClass(PWCallback.class.getName());
+        config.setEncryptionUser("sts");
+
+        return config.getParameter();
+    }
+
+    public OutflowConfiguration getClientOutflowConfiguration() {
+        return null;
+    }
+
+    public InflowConfiguration getClientInflowConfiguration() {
+        return null;
+    }
+
+    public String getServiceRepo() {
+        return "rahas_service_repo_1";
+    }
+
+}

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java
(original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/TestClient.java
Tue Apr 18 04:06:24 2006
@@ -80,8 +80,15 @@
             options.setTo(new EndpointReference("http://127.0.0.1:" + port + "/axis2/services/Service"));
             options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
 
-            options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, getClientOutflowConfiguration().getProperty());
-            options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, getClientInflowConfiguration().getProperty());
+            
+            OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
+            if(clientOutflowConfiguration != null) {
+                options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, clientOutflowConfiguration.getProperty());
+            }
+            InflowConfiguration clientInflowConfiguration = getClientInflowConfiguration();
+            if(clientInflowConfiguration != null) {
+                options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, clientInflowConfiguration.getProperty());
+            }
             options.setProperty(RahasConfiguration.RAHAS_CONFIG, getClientRahasConfiguration());
             
             options.setAction("urn:echo");

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
Tue Apr 18 04:06:24 2006
@@ -63,6 +63,8 @@
     public final static QName CRYPTO_PROPERTIES_FILE = new QName(
             "cryptoProperties");
     
+    public final static QName ENCRYPTION_USER = new QName("encryptionUser");
+    
     public final static QName PW_CALLBACK_CLASS = new QName(
             WSHandlerConstants.PW_CALLBACK_CLASS);
     
@@ -150,30 +152,33 @@
                     && elem.getFirstElement().getLocalName().equals(
                             RAHAS_CONFIG)) {
                 
-                OMElement conFileElem = elem.getFirstElement();
+                OMElement confElem = elem.getFirstElement();
                 
                 RahasConfiguration config = new RahasConfiguration();
                 
                 config.msgCtx = msgCtx;
                 msgCtx.setProperty(RAHAS_CONFIG, config);
                 
-                config.scope = getStringValue(conFileElem.getFirstChildWithName(SCOPE));
+                config.scope = getStringValue(confElem.getFirstChildWithName(SCOPE));
                 
-                config.stsEPRAddress = getStringValue(conFileElem
+                config.stsEPRAddress = getStringValue(confElem
                         .getFirstChildWithName(STS_EPR_ADDRESS));
 
-                config.keyDerivationAlgorithmClass = getStringValue(conFileElem
+                config.keyDerivationAlgorithmClass = getStringValue(confElem
                         .getFirstChildWithName(KEY_DERIVATION_ALGORITHM_CLASS));
                 
-                config.tokenStoreClass = getStringValue(conFileElem
+                config.tokenStoreClass = getStringValue(confElem
                         .getFirstChildWithName(TOKEN_STORE_CLASS));
                 
-                config.cryptoPropertiesFile = getStringValue(conFileElem
+                config.cryptoPropertiesFile = getStringValue(confElem
                         .getFirstChildWithName(CRYPTO_PROPERTIES_FILE));
 
-                config.passwordCallbackClass = getStringValue(conFileElem
+                config.passwordCallbackClass = getStringValue(confElem
                         .getFirstChildWithName(PW_CALLBACK_CLASS));
                 
+                config.encryptionUser = getStringValue(confElem
+                        .getFirstChildWithName(ENCRYPTION_USER));
+                
                 //Get the action<->ctx-identifier map
                 config.contextMap = (Hashtable) msgCtx
                         .getProperty(RahasHandlerConstants.CONTEXT_MAP_KEY);
@@ -305,7 +310,11 @@
             tempElem.setText(this.cryptoPropertiesFile);
             elem.addChild(tempElem);
         }
-        
+        if(this.encryptionUser != null) {
+            OMElement tempElem = factory.createOMElement(ENCRYPTION_USER, elem);
+            tempElem.setText(this.encryptionUser);
+            elem.addChild(tempElem);
+        }
         return elem;
     }
     
@@ -611,14 +620,14 @@
     /**
      * @return Returns the encryptionUser.
      */
-    protected String getEncryptionUser() {
+    public String getEncryptionUser() {
         return encryptionUser;
     }
 
     /**
      * @param encryptionUser The encryptionUser to set.
      */
-    protected void setEncryptionUser(String encryptionUser) {
+    public void setEncryptionUser(String encryptionUser) {
         this.encryptionUser = encryptionUser;
     }
     

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Receiver.java
Tue Apr 18 04:06:24 2006
@@ -16,7 +16,10 @@
 
 package org.apache.axis2.security.rahas;
 
+import org.apache.axiom.om.OMElement;
 import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.description.HandlerDescription;
@@ -51,10 +54,23 @@
                 secReceiver.invoke(msgContext);
                 return;
             }
-
+            
             // Parse the configuration
             RahasConfiguration config = RahasConfiguration.load(msgContext,
                     false);
+            
+            
+            //check if there's an RSTR in the msg and process it if exists  
+            SOAPEnvelope env = (SOAPEnvelope) config.getDocument().getDocumentElement();
+            SOAPHeader header = env.getHeader();
+            if (header != null
+                    && header.getFirstChildWithName(new QName(Constants.WST_NS,
+                            Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN)) != null) {
+                OMElement elem = header.getFirstChildWithName(new QName(Constants.WST_NS,
+                        Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN));
+                Util.processRSTR(elem, config);
+            }
+            
             WSSecurityEngine secEngine = new WSSecurityEngine();
             secEngine.processSecurityHeader(config.getDocument(), null,
                     new RahasCallbackHandler(config), config

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
Tue Apr 18 04:06:24 2006
@@ -30,23 +30,13 @@
 import org.apache.axis2.description.Parameter;
 import org.apache.axis2.security.handler.WSSHandlerConstants;
 import org.apache.axis2.security.trust.Constants;
-import org.apache.axis2.security.trust.Token;
-import org.apache.axis2.security.trust.TrustException;
 import org.apache.axis2.security.trust.types.RequestSecurityTokenType;
 import org.apache.axis2.security.util.Axis2Util;
-import org.apache.axis2.util.Base64;
-import org.apache.axis2.util.Loader;
 import org.apache.axis2.util.StreamWrapper;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.message.token.SecurityContextToken;
-import org.apache.ws.security.processor.EncryptedKeyProcessor;
 import org.w3c.dom.Element;
 
-import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 
-import java.util.Vector;
-
 public class STSRequester {
     
     public static void issueRequest(RahasConfiguration config) throws RahasException, AxisFault
{
@@ -98,7 +88,7 @@
             Axis2Util.useDOOM(true);
             OMElement tempelem = Axis2Util.toDOOM(DOOMAbstractFactory.getOMFactory(), tempResult);
             OMElement elem = (OMElement)config.getDocument().importNode((Element)tempelem,
true);
-            processRSTR(elem, config);
+            Util.processRSTR(elem, config);
             
         } catch (Exception e) {
             e.printStackTrace();
@@ -106,91 +96,4 @@
         }
     }
     
-    private static void processRSTR(OMElement rstr, RahasConfiguration config)
-            throws Exception {
-        //Extract the SecurityContextToken
-        OMElement rstElem = rstr.getFirstChildWithName(new QName(
-                Constants.WST_NS, Constants.REQUESTED_SECURITY_TOKEN_LN));
-        Token token = null;
-        if(rstElem != null) {
-            OMElement sctElem = rstElem.getFirstChildWithName(SecurityContextToken.TOKEN);
-            if(sctElem != null) {
-                SecurityContextToken sct = new SecurityContextToken((Element)sctElem);
-                token = new Token(sct.getIdentifier(), sctElem);
-                config.resgisterContext(sct.getIdentifier());
-            } else {
-                throw new RahasException("sctMissingInResponse");
-            }
-        } else {
-            throw new TrustException("reqestedSecTokMissing");
-        }
-
-        // Process RequestedProofToken and extract the secret
-        byte[] secret = null;
-        OMElement rpt = rstr.getFirstChildWithName(new QName(Constants.WST_NS,
-                Constants.REQUESTED_PROOF_TOKEN_LN));
-        if (rpt != null) {
-            OMElement elem = rpt.getFirstElement();
-            
-            if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
-                    && WSConstants.ENC_NS
-                            .equals(elem.getNamespace().getName())) {
-                //Handle the xenc:EncryptedKey case
-                EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
-                processor.handleToken((Element) elem, null,
-                        Util.getCryptoInstace(config),
-                        getCallbackHandlerInstance(config), null, new Vector(),
-                        null);
-                secret = processor.getDecryptedBytes();
-            } else if (Constants.BINARY_SECRET.equals(elem.getLocalName())
-                    && Constants.WST_NS.equals(elem.getNamespace().getName())) {
-                //Handle the wst:BinarySecret case
-                secret = Base64.decode(elem.getText());
-            } else {
-                throw new TrustException("notSupported", new String[] { "{"
-                        + elem.getNamespace().getName() + "}"
-                        + elem.getLocalName() });
-            }
-        } else {
-            throw new TrustException("rptMissing");
-        }
-        
-        //Check for attached ref
-        OMElement reqAttElem = rstr.getFirstChildWithName(new QName(
-                Constants.WST_NS, Constants.REQUESTED_ATTACHED_REFERENCE));
-        OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
-                .getFirstElement();
-        
-        OMElement reqUnattElem = rstr.getFirstChildWithName(new QName(
-                Constants.WST_NS, Constants.REQUESTED_UNATTACHED_REFERENCE));
-        OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
-                .getFirstElement();
-        
-        token.setAttachedReference(reqAttRef);
-        token.setUnattachedReference(reqUnattRef);
-        token.setSecret(secret);
-        config.getTokenStore().add(token);
-    }
-    
-    
-    private static CallbackHandler getCallbackHandlerInstance(
-            RahasConfiguration config) throws Exception {
-        if (config.getPasswordCallbackRef() != null) {
-            return config.getPasswordCallbackRef();
-        } else if (config.getPasswordCallbackClass() != null) {
-            if (config.getClassLoader() != null) {
-                Class clazz = Loader.loadClass(config.getClassLoader(), config
-                        .getPasswordCallbackClass());
-                return (CallbackHandler) clazz.newInstance();
-            } else {
-                Class clazz = Loader.loadClass(config
-                        .getPasswordCallbackClass());
-                return (CallbackHandler) clazz.newInstance();
-            }
-        } else {
-            throw new RahasException("noInfoForCBhandler");
-        }
-    }
-
-
 }

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
Tue Apr 18 04:06:24 2006
@@ -101,7 +101,7 @@
         }
         
     }
-    
+
     /**
      * Create the self created <code>wsc:SecurityContextToken</code> and 
      * add it to a <code>wst:RequestSecurityTokenResponse</code>.
@@ -118,7 +118,11 @@
         
         WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
         Crypto crypto = Util.getCryptoInstace(config);
-        X509Certificate cert = crypto.getCertificates(config.getEncryptionUser())[0];
+        String encryptionUser = config.getEncryptionUser();
+        if(encryptionUser == null) {
+            throw new RahasException("missingEncryptionUser");
+        }
+        X509Certificate cert = crypto.getCertificates(encryptionUser)[0];
         
         encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
         try {
@@ -133,6 +137,7 @@
         SecurityContextToken sct = new SecurityContextToken(config.getDocument());
         config.resgisterContext(sct.getIdentifier());
         Token token = new Token(sct.getIdentifier(), (OMElement)sct.getElement());
+        token.setSecret(encrKeyBuilder.getEphemeralKey());
         
         config.getTokenStore().add(token);
         
@@ -200,8 +205,8 @@
         WSSecurityUtil.prependChildElement(doc, secHeader.getSecurityHeader(),
                 sct.getElement(), false);
     }
-    
-    
+
+
     public void cleanup() throws AxisFault {
     }
 

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java
Tue Apr 18 04:06:24 2006
@@ -16,33 +16,54 @@
 
 package org.apache.axis2.security.rahas;
 
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.security.trust.Constants;
+import org.apache.axis2.security.trust.Token;
+import org.apache.axis2.security.trust.TrustException;
+import org.apache.axis2.util.Base64;
+import org.apache.axis2.util.Loader;
+import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.util.Vector;
 
 public class Util {
 
     /**
-     * Returns the crypto instance of this configuration.
-     * If one is not availabale then it will try to create a <code>Crypto</code>
-     * instance using available configuration information and will set it as 
-     * the <code>Crypto</code> instance of the configuration.
-     *  
+     * Returns the crypto instance of this configuration. If one is not
+     * availabale then it will try to create a <code>Crypto</code> instance
+     * using available configuration information and will set it as the
+     * <code>Crypto</code> instance of the configuration.
+     * 
      * @param config
      * @return
      * @throws RahasException
      */
-    public static Crypto getCryptoInstace(RahasConfiguration config) throws RahasException
{
-        if(config.getCrypto() != null) {
+    public static Crypto getCryptoInstace(RahasConfiguration config)
+            throws RahasException {
+        if (config.getCrypto() != null) {
             return config.getCrypto();
-        } else  {
+        } else {
             Crypto crypto = null;
-            if(config.getCryptoClassName() != null && config.getCryptoProperties()
!= null) {
-                crypto = CryptoFactory.getInstance(config.getCryptoClassName(), config.getCryptoProperties());
-            } else if(config.getCryptoPropertiesFile() != null) {
-                if(config.getClassLoader() != null) {
-                    crypto = CryptoFactory.getInstance(config.getCryptoPropertiesFile(),
config.getClassLoader());
+            if (config.getCryptoClassName() != null
+                    && config.getCryptoProperties() != null) {
+                crypto = CryptoFactory.getInstance(config.getCryptoClassName(),
+                        config.getCryptoProperties());
+            } else if (config.getCryptoPropertiesFile() != null) {
+                if (config.getClassLoader() != null) {
+                    crypto = CryptoFactory
+                            .getInstance(config.getCryptoPropertiesFile(),
+                                    config.getClassLoader());
                 } else {
-                    crypto = CryptoFactory.getInstance(config.getCryptoPropertiesFile());
+                    crypto = CryptoFactory.getInstance(config
+                            .getCryptoPropertiesFile());
                 }
             } else {
                 throw new RahasException("cannotCrateCryptoInstance");
@@ -51,5 +72,91 @@
             return crypto;
         }
     }
+
+    public static void processRSTR(OMElement rstr, RahasConfiguration config)
+            throws Exception {
+        // Extract the SecurityContextToken
+        OMElement rstElem = rstr.getFirstChildWithName(new QName(
+                Constants.WST_NS, Constants.REQUESTED_SECURITY_TOKEN_LN));
+        Token token = null;
+        if (rstElem != null) {
+            OMElement sctElem = rstElem
+                    .getFirstChildWithName(SecurityContextToken.TOKEN);
+            if (sctElem != null) {
+                SecurityContextToken sct = new SecurityContextToken(
+                        (Element) sctElem);
+                token = new Token(sct.getIdentifier(), sctElem);
+                config.resgisterContext(sct.getIdentifier());
+            } else {
+                throw new RahasException("sctMissingInResponse");
+            }
+        } else {
+            throw new TrustException("reqestedSecTokMissing");
+        }
+
+        // Process RequestedProofToken and extract the secret
+        byte[] secret = null;
+        OMElement rpt = rstr.getFirstChildWithName(new QName(Constants.WST_NS,
+                Constants.REQUESTED_PROOF_TOKEN_LN));
+        if (rpt != null) {
+            OMElement elem = rpt.getFirstElement();
+
+            if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
+                    && WSConstants.ENC_NS.equals(elem.getNamespace().getName()))
{
+                // Handle the xenc:EncryptedKey case
+                EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+                processor.handleToken((Element) elem, null, Util
+                        .getCryptoInstace(config),
+                        getCallbackHandlerInstance(config), null, new Vector(),
+                        null);
+                secret = processor.getDecryptedBytes();
+            } else if (Constants.BINARY_SECRET.equals(elem.getLocalName())
+                    && Constants.WST_NS.equals(elem.getNamespace().getName())) {
+                // Handle the wst:BinarySecret case
+                secret = Base64.decode(elem.getText());
+            } else {
+                throw new TrustException("notSupported", new String[] { "{"
+                        + elem.getNamespace().getName() + "}"
+                        + elem.getLocalName() });
+            }
+        } else {
+            throw new TrustException("rptMissing");
+        }
+
+        // Check for attached ref
+        OMElement reqAttElem = rstr.getFirstChildWithName(new QName(
+                Constants.WST_NS, Constants.REQUESTED_ATTACHED_REFERENCE));
+        OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
+                .getFirstElement();
+
+        OMElement reqUnattElem = rstr.getFirstChildWithName(new QName(
+                Constants.WST_NS, Constants.REQUESTED_UNATTACHED_REFERENCE));
+        OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
+                .getFirstElement();
+
+        token.setAttachedReference(reqAttRef);
+        token.setUnattachedReference(reqUnattRef);
+        token.setSecret(secret);
+        config.getTokenStore().add(token);
+    }
     
+    private static CallbackHandler getCallbackHandlerInstance(
+            RahasConfiguration config) throws Exception {
+        if (config.getPasswordCallbackRef() != null) {
+            return config.getPasswordCallbackRef();
+        } else if (config.getPasswordCallbackClass() != null) {
+            if (config.getClassLoader() != null) {
+                Class clazz = Loader.loadClass(config.getClassLoader(), config
+                        .getPasswordCallbackClass());
+                return (CallbackHandler) clazz.newInstance();
+            } else {
+                Class clazz = Loader.loadClass(config
+                        .getPasswordCallbackClass());
+                return (CallbackHandler) clazz.newInstance();
+            }
+        } else {
+            throw new RahasException("noInfoForCBhandler");
+        }
+    }
+
 }

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties?rev=394909&r1=394908&r2=394909&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties
Tue Apr 18 04:06:24 2006
@@ -6,4 +6,5 @@
 missingWSATo = wsa:To address value missing
 sctMissingInResponse = Response doesn't contain a SecurityContextToken
 cannotCrateCryptoInstance = Cannot create Crypto instace
-noInfoForCBhandler = Cannot obtain a callback handler with available configuration information

\ No newline at end of file
+noInfoForCBhandler = Cannot obtain a callback handler with available configuration information

+missingEncryptionUser=Encryption user not specified (The context is created by the initiating
party)
\ No newline at end of file



Mime
View raw message