axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r439762 - in /webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas: RahasConstants.java client/STSClient.java errors.properties
Date Sun, 03 Sep 2006 11:37:50 GMT
Author: ruchithf
Date: Sun Sep  3 04:37:49 2006
New Revision: 439762

URL: http://svn.apache.org/viewvc?rev=439762&view=rev
Log:
- STSClient 
 - ttl is set in seconds, use milliseconds when creating lifetime element
 - Updated to to process the requested proof token to extract the secret
  

Modified:
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java?rev=439762&r1=439761&r2=439762&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/RahasConstants.java Sun
Sep  3 04:37:49 2006
@@ -48,6 +48,7 @@
     public static final String REQUESTED_SECURITY_TOKEN_LN = "RequestedSecurityToken";
     public final static String BINARY_SECRET_LN = "BinarySecret";
     public final static String COMPUTED_KEY_ALGO_LN = "ComputedKeyAlgorithm";
+    public final static String COMPUTED_KEY_LN = "ComputedKey";
     public final static String REQUESTED_ATTACHED_REFERENCE_LN = "RequestedAttachedReference";
     public final static String REQUESTED_UNATTACHED_REFERENCE_LN = "RequestedUnattachedReference";
     public final static String KEY_SIZE_LN = "KeySize";

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java?rev=439762&r1=439761&r2=439762&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
(original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
Sun Sep  3 04:37:49 2006
@@ -35,6 +35,8 @@
 import org.apache.ws.secpolicy.model.Binding;
 import org.apache.ws.secpolicy.model.Trust10;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
 import org.apache.ws.security.util.WSSecurityUtil;
 
 import javax.xml.namespace.QName;
@@ -51,6 +53,8 @@
     
     private String addressingNs = AddressingConstants.Final.WSA_NAMESPACE;
     
+    private int keySize;
+    
     /**
      * Life time in seconds
      * Default is 300 seconds (5 mins)
@@ -130,9 +134,56 @@
         tok.setAttachedReference(reqAttRef);
         tok.setUnattachedReference(reqUnattRef);
         
+        //Handle proof token
+        OMElement rpt = rstr.getFirstChildWithName(new QName(ns, RahasConstants.REQUESTED_PROOF_TOKEN_LN));
+        
+        byte[] secret = null;
+        
+        if(rpt != null) {
+            OMElement child = rpt.getFirstElement();
+            if(child == null) {
+                throw new TrustException("invalidRPT");
+            }
+            if(child.getQName().equals(new QName(ns, RahasConstants.BINARY_SECRET_LN))) {
+                //First check for the binary secret
+                String b64Secret = child.getText();
+                tok.setSecret(Base64.decode(b64Secret));
+            }else if(child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))){
+                //TODO Handle encrypted key
+                throw new UnsupportedOperationException("TODO: Handle encrypted key");
+            } else if(child.getQName().equals(new QName(ns, RahasConstants.COMPUTED_KEY_LN)))
{
+                //Handle the computed key
+
+                //Get service entropy
+                OMElement serviceEntrElem = rstr.getFirstChildWithName(new QName(ns, RahasConstants.ENTROPY_LN));
+                if(serviceEntrElem != null && serviceEntrElem.getText() != null &&
!"".equals(serviceEntrElem.getText().trim())) {
+                    byte[] serviceEntr = Base64.decode(serviceEntrElem.getText());
+                    
+                    //Right now we only use PSHA1 as the computed key algo              
     
+                    P_SHA1 p_sha1 = new P_SHA1();
+                    
+                    int length = (this.keySize != -1) ? keySize
+                            : this.algorithmSuite
+                                    .getMaximumSymmetricKeyLength();
+                    try {
+                        secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0,
length);
+                    } catch (ConversationException e) {
+                        throw new TrustException("keyDerivationError", e);
+                    }
+                } else {
+                    //Service entropy missing
+                    throw new TrustException("serviceEntropyMissing");
+                }
+            }
+            
+        } else {
+            if(this.requestorEntropy != null) {
+                //Use requestor entropy as the key
+                secret = this.requestorEntropy;
+            }
+        }
         
-        //Handle the Lifetime
-        OMElement lifetime = rstr.getFirstChildWithName(new QName(ns, RahasConstants.LIFETIME_LN));
+        tok.setSecret(secret);
         
         return tok;
         
@@ -215,13 +266,24 @@
 
         TrustUtil.createRequestTypeElement(version, rst, requestType);
         TrustUtil.createAppliesToElement(rst, requestType, this.addressingNs);
-        TrustUtil.createLifetimeElement(version, rst, this.ttl);
+        TrustUtil.createLifetimeElement(version, rst, this.ttl * 1000);
         
         //Copy over the elements from the template
         Iterator templateChildren = rstTemplate.getChildElements();
         while (templateChildren.hasNext()) {
             OMNode child = (OMNode) templateChildren.next();
             rst.addChild(child);
+            
+            //Look for the key size element
+            if (child instanceof OMElement
+                    && ((OMElement) child).getQName().equals(
+                            new QName(TrustUtil.getWSTNamespace(version),
+                                    RahasConstants.KEY_SIZE_LN))) {
+                OMElement childElem = (OMElement)child;
+                this.keySize = (childElem.getText() != null && !""
+                        .equals(childElem.getText())) ? 
+                                Integer.parseInt(childElem.getText()) : -1;
+            }
         }
         
         try {
@@ -236,6 +298,7 @@
                     
                     //Add the ComputedKey element
                     TrustUtil.createComputedKeyAlgorithm(version, rst, RahasConstants.COMPUTED_KEY_PSHA1);
+                    
                 }
             }
         } catch (Exception e) {

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties?rev=439762&r1=439761&r2=439762&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties Sun
Sep  3 04:37:49 2006
@@ -38,6 +38,9 @@
 errorInProcessingSTR = Error in processing SecurityTokenReference : {0}
 cannotObtainTokenIdentifier = Cannot obtain token identifier
 lifeTimeProcessingError = Error in processing Lifetime : {0}
+invalidRPT = Invalid RequestedProofToken
+serviceEntropyMissing = Service entropy missing
+keyDerivationError = Error in key derivation
 
 #SCTIssuer specific error messages
 sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties
MUST be specified



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message