axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From az...@apache.org
Subject svn commit: r448581 - in /webservices/axis2/trunk/java/modules: integration/test-resources/rahas/ integration/test-resources/security/sc/ rahas/src/org/apache/rahas/ rahas/src/org/apache/rahas/impl/
Date Thu, 21 Sep 2006 15:35:16 GMT
Author: azeez
Date: Thu Sep 21 08:35:15 2006
New Revision: 448581

URL: http://svn.apache.org/viewvc?view=rev&rev=448581
Log:
1. Confgure trust <proofKeyType> based on keyComputation method
2. Updated SCTIssuer with above


Added:
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java
Modified:
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml Thu Sep 21 08:35:15 2006
@@ -20,7 +20,23 @@
 			<keySize>256</keySize>
 			<addRequestedAttachedRef />
 			<addRequestedUnattachedRef />
-			<trusted-services>
+
+            <!--
+               Key computation mechanism
+               1 - Use Request Entropy
+               2 - Provide Entropy
+               3 - Use Own Key
+            -->
+            <keyComputation>2</keyComputation>
+
+            <!--
+               proofKeyType element is valid only if the keyComputation is set to 3
+               i.e. Use Own Key
+
+               Valid values are: EncryptedKey & BinarySecret
+            -->
+            <proofKeyType>BinarySecret</proofKeyType>
+            <trusted-services>
 				<service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
 				<service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
 				<service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml Thu Sep 21 08:35:15 2006
@@ -20,7 +20,23 @@
 			<keySize>256</keySize>
 			<addRequestedAttachedRef />
 			<addRequestedUnattachedRef />
-			<trusted-services>
+            
+            <!--
+               Key computation mechanism
+               1 - Use Request Entropy
+               2 - Provide Entropy
+               3 - Use Own Key
+            -->
+            <keyComputation>2</keyComputation>
+
+            <!--
+               proofKeyType element is valid only if the keyComputation is set to 3
+               i.e. Use Own Key
+
+               Valid values are: EncryptedKey & BinarySecret
+            -->
+            <proofKeyType>BinarySecret</proofKeyType>
+            <trusted-services>
 				<service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
 				<service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
 				<service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml Thu Sep 21 08:35:15 2006
@@ -8,16 +8,40 @@
 	<operation name="echo">
 		<messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
 		<actionMapping>urn:echo</actionMapping>
-	</operation>    
+	</operation>
 
-    <parameter name="sct-issuer-config">
+ <!--   <parameter name="sct-issuer-config">
 		<sct-issuer-config>
 			<proofToken>EncryptedKey</proofToken>
 			<cryptoProperties>sctIssuer.properties</cryptoProperties>
 			<addRequestedAttachedRef />
 		</sct-issuer-config>
+    </parameter>-->
+
+    <parameter name="sct-issuer-config">
+        <sct-issuer-config>
+            <addRequestedAttachedRef/>
+            <addRequestedUnattachedRef/>
+            <cryptoProperties>sctIssuer.properties</cryptoProperties>
+
+            <!--
+               Key computation mechanism
+               1 - Use Request Entropy
+               2 - Provide Entropy
+               3 - Use Own Key
+            -->
+            <keyComputation>3</keyComputation>
+
+            <!--
+               proofKeyType element is valid only if the keyComputation is set to 3
+               i.e. Use Own Key
+
+               Valid values are: EncryptedKey & BinarySecret
+            -->
+            <proofKeyType>EncryptedKey</proofKeyType>
+        </sct-issuer-config>
     </parameter>
-    
+
      <parameter name="token-canceler-config">
 		<token-canceler-config>
 			<!--<proofToken>EncryptedKey</proofToken>-->
@@ -50,5 +74,5 @@
 	<passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
       </action>
     </parameter>
-    
+
 </service>

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml Thu Sep 21 08:35:15 2006
@@ -12,11 +12,26 @@
 
     <parameter name="sct-issuer-config">
 		<sct-issuer-config>
-			<proofToken>BinarySecret</proofToken>
-			<cryptoProperties>sctIssuer.properties</cryptoProperties>
 			<addRequestedAttachedRef />
 			<addRequestedUnattachedRef />
-		</sct-issuer-config>
+            <cryptoProperties>sctIssuer.properties</cryptoProperties>
+
+            <!--
+               Key computation mechanism
+               1 - Use Request Entropy
+               2 - Provide Entropy
+               3 - Use Own Key
+            -->
+            <keyComputation>3</keyComputation>
+
+            <!--
+               proofKeyType element is valid only if the keyComputation is set to 3
+               i.e. Use Own Key
+
+               Valid values are: EncryptedKey & BinarySecret
+            -->
+            <proofKeyType>BinarySecret</proofKeyType>
+        </sct-issuer-config>
     </parameter>
     
     <parameter xmlns="" name="sc-configuration">

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml Thu Sep 21 08:35:15 2006
@@ -11,10 +11,25 @@
 
     <parameter name="sct-issuer-config">
 		<sct-issuer-config>
-			<proofToken>EncryptedKey</proofToken>
 			<cryptoProperties>sctIssuer.properties</cryptoProperties>
 			<addRequestedAttachedRef />
-		</sct-issuer-config>
+
+            <!--
+               Key computation mechanism
+               1 - Use Request Entropy
+               2 - Provide Entropy
+               3 - Use Own Key
+            -->
+            <keyComputation>3</keyComputation>
+
+            <!--
+               proofKeyType element is valid only if the keyComputation is set to 3
+               i.e. Use Own Key
+
+               Valid values are: EncryptedKey & BinarySecret
+            -->
+            <proofKeyType>BinarySecret</proofKeyType>
+        </sct-issuer-config>
     </parameter>
     
     <parameter xmlns="" name="sc-configuration">

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml Thu Sep 21 08:35:15 2006
@@ -12,10 +12,25 @@
 
     <parameter name="sct-issuer-config">
 		<sct-issuer-config>
-			<proofToken>EncryptedKey</proofToken>
 			<cryptoProperties>sctIssuer.properties</cryptoProperties>
 			<addRequestedAttachedRef />
-		</sct-issuer-config>
+
+            <!--
+               Key computation mechanism
+               1 - Use Request Entropy
+               2 - Provide Entropy
+               3 - Use Own Key
+            -->
+            <keyComputation>3</keyComputation>
+
+            <!--
+               proofKeyType element is valid only if the keyComputation is set to 3
+               i.e. Use Own Key
+
+               Valid values are: EncryptedKey & BinarySecret
+            -->
+            <proofKeyType>BinarySecret</proofKeyType>
+        </sct-issuer-config>
     </parameter>
     
     <parameter xmlns="" name="sc-configuration">

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/errors.properties Thu Sep 21 08:35:15 2006
@@ -11,6 +11,7 @@
 UnableToRenew = The requested renewal failed
 
 
+errorInObtainingToken = Error in obtaining token from : \"{0}\" 
 incorrectConfiguration = The given configuration element is not a "token-dispatcher-configuration" element
 missingClassName = Class attribute missing
 cannotLoadClass = Error in loading and instanciating the class \"{0}\"
@@ -64,4 +65,4 @@
 cannotDetermineTokenId = Cannot determine token ID from request
 tokenNotFound = Token with ID \"{0}\" cannot be found
 configurationIsNull = Configuration is null
-errorInCancelingToken = Error occurred while trying to cancel token 
\ No newline at end of file
+errorInCancelingToken = Error occurred while trying to cancel token
\ No newline at end of file

Added: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java?view=auto&rev=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java (added)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java Thu Sep 21 08:35:15 2006
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import javax.xml.namespace.QName;
+
+/**
+ * 
+ */
+public abstract class AbstractIssuerConfig {
+
+    /**
+     * The key computation policy when clien't entropy is provided
+     */
+    public static class KeyComputation {
+        public static final QName KEY_COMPUTATION = new QName("keyComputation");
+        public final static int KEY_COMP_USE_REQ_ENT = 1;
+        public final static int KEY_COMP_PROVIDE_ENT = 2;
+        public final static int KEY_COMP_USE_OWN_KEY = 3;
+    }
+
+    public final static QName ADD_REQUESTED_ATTACHED_REF = new QName("addRequestedAttachedRef");
+    public final static QName ADD_REQUESTED_UNATTACHED_REF = new QName("addRequestedUnattachedRef");
+    public static final QName PROOF_KEY_TYPE = new QName("proofKeyType");
+
+    protected int keyComputation = KeyComputation.KEY_COMP_PROVIDE_ENT;
+    protected String proofKeyType = TokenIssuerUtil.ENCRYPTED_KEY;
+    protected boolean addRequestedAttachedRef;
+    protected boolean addRequestedUnattachedRef;
+    protected long ttl = 300000;
+    protected String cryptoPropertiesFile;
+    protected int keySize = 128;
+
+}

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java Thu Sep 21 08:35:15 2006
@@ -33,11 +33,8 @@
 import org.apache.ws.security.WSUsernameTokenPrincipal;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.conversation.dkalgo.P_SHA1;
 import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.util.Base64;
-import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.ws.security.util.XmlSchemaDateFormat;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.utils.EncryptionConstants;
@@ -110,7 +107,7 @@
         SOAPEnvelope env =
                 TrustUtil.
                         createSOAPEnvelope(inMsgCtx.getEnvelope().getNamespace().getNamespaceURI());
-        Crypto crypto = CryptoFactory.getInstance(config.cryptoPropFile,
+        Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
                                                   inMsgCtx.getAxisService().getClassLoader());
 
         //Creation and expiration times
@@ -155,35 +152,34 @@
         }
 
         OMElement rstrElem;
-        int version = data.getVersion();
-        if (RahasConstants.VERSION_05_02 == version) {
-            rstrElem = TrustUtil
-                    .createRequestSecurityTokenResponseElement(version, env.getBody());
+        int wstVersion = data.getVersion();
+        if (RahasConstants.VERSION_05_02 == wstVersion) {
+            rstrElem =
+                    TrustUtil.createRequestSecurityTokenResponseElement(wstVersion, env.getBody());
         } else {
-            OMElement rstrcElem = TrustUtil
-                    .createRequestSecurityTokenResponseCollectionElement(
-                            version, env.getBody());
-
-            rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(version, rstrcElem);
+            OMElement rstrcElem =
+                    TrustUtil.createRequestSecurityTokenResponseCollectionElement(wstVersion,
+                                                                                  env.getBody());
+            rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(wstVersion, rstrcElem);
         }
 
-        TrustUtil.createtTokenTypeElement(version,
+        TrustUtil.createtTokenTypeElement(wstVersion,
                                           rstrElem).setText(RahasConstants.TOK_TYPE_SAML_10);
 
         if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
-            TrustUtil.createKeySizeElement(version, rstrElem, keySize);
+            TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
         }
 
         if (config.addRequestedAttachedRef) {
-            TrustUtil.createRequestedAttachedRef(version,
+            TrustUtil.createRequestedAttachedRef(wstVersion,
                                                  rstrElem,
                                                  "#" + assertion.getId(),
                                                  RahasConstants.TOK_TYPE_SAML_10);
         }
 
         if (config.addRequestedUnattachedRef) {
-            TrustUtil.createRequestedUnattachedRef(version, rstrElem, assertion
-                    .getId(), RahasConstants.TOK_TYPE_SAML_10);
+            TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem, assertion.getId(),
+                                                   RahasConstants.TOK_TYPE_SAML_10);
         }
 
         if (data.getAppliesToAddress() != null) {
@@ -195,20 +191,25 @@
         DateFormat zulu = new XmlSchemaDateFormat();
 
         // Add the Lifetime element
-        TrustUtil.createLifetimeElement(version, rstrElem, zulu
+        TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
                 .format(creationTime), zulu.format(expirationTime));
 
         //Create the RequestedSecurityToken element and add the SAML token to it
         OMElement reqSecTokenElem = TrustUtil
-                .createRequestedSecurityTokenElement(version, rstrElem);
+                .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+        Token assertionToken;
         try {
             Node tempNode = assertion.toDOM();
-            reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
-                    .getOwnerDocument().importNode(tempNode, true));
+            reqSecTokenElem.
+                    addChild((OMNode) ((Element) rstrElem).getOwnerDocument().importNode(tempNode,
+                                                                                         true));
 
             // Store the token
-            Token assertionToken = new Token(assertion.getId(), (OMElement) assertion
-                    .toDOM(), creationTime, expirationTime);
+            assertionToken = new Token(assertion.getId(),
+                                       (OMElement) assertion.toDOM(),
+                                       creationTime,
+                                       expirationTime);
+
             // At this point we definitely have the secret
             // Otherwise it should fail with an exception earlier
             assertionToken.setSecret(data.getEphmeralKey());
@@ -218,40 +219,16 @@
             throw new TrustException("samlConverstionError", e);
         }
 
-
         if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY) &&
-                config.keyComputation != SAMLTokenIssuerConfig.KEY_COMP_USE_REQ_ENT) {
+            config.keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
 
             //Add the RequestedProofToken
-            OMElement reqProofTokElem =
-                    TrustUtil.createRequestedProofTokenElement(version, rstrElem);
-
-            if (config.keyComputation == SAMLTokenIssuerConfig.KEY_COMP_PROVIDE_ENT
-                && data.getRequestEntropy() != null) {
-                //If we there's requestor entropy and its configured to provide
-                //entropy then we have to set the entropy value and
-                //set the RPT to include a ComputedKey element
-
-                OMElement respEntrElem = TrustUtil.createEntropyElement(
-                        version, rstrElem);
-
-                TrustUtil.createBinarySecretElement(version, respEntrElem,
-                                                    RahasConstants.BIN_SEC_TYPE_NONCE).setText(
-                        Base64.encode(data.getResponseEntropy()));
-
-                OMElement compKeyElem = TrustUtil.createComputedKeyElement(
-                        version, reqProofTokElem);
-                compKeyElem.setText(data.getWstNs()
-                                    + RahasConstants.COMPUTED_KEY_PSHA1);
-            } else {
-                //In all other cases use send the key in a binary sectret element
-
-                //TODO : Provide a config option to set this type to encrypted key
-                OMElement binSecElem = TrustUtil.createBinarySecretElement(version,
-                                                                           reqProofTokElem, null);
-                binSecElem.setText(Base64.encode(data.getEphmeralKey()));
-
-            }
+            TokenIssuerUtil.handleRequestedProofToken(data,
+                                                      wstVersion,
+                                                      config,
+                                                      rstrElem,
+                                                      assertionToken,
+                                                      doc);
         }
 
         // Unset the DOM impl to default
@@ -301,8 +278,7 @@
             try {
 
                 //Get ApliesTo to figureout which service to issue the token for
-                serviceCert = getServiceCert(data.getRstElement(),
-                                             config,
+                serviceCert = getServiceCert(config,
                                              crypto,
                                              data.getAppliesToAddress());
 
@@ -320,26 +296,10 @@
                 keysize = (keysize != -1) ? keysize : config.keySize;
                 encrKeyBuilder.setKeySize(keysize);
 
-                boolean reqEntrPresent = data.getRequestEntropy() != null;
-
-                if (reqEntrPresent &&
-                    config.keyComputation != SAMLTokenIssuerConfig.KEY_COMP_USE_OWN_KEY) {
-                    //If there is requestor entropy and if the issuer is not
-                    //configured to use its own key
-
-                    if (config.keyComputation == SAMLTokenIssuerConfig.KEY_COMP_PROVIDE_ENT) {
-                        data.setResponseEntropy(WSSecurityUtil.generateNonce(config.keySize / 8));
-                        P_SHA1 p_sha1 = new P_SHA1();
-                        encrKeyBuilder.setEphemeralKey(p_sha1.createKey(data.getRequestEntropy(),
-                                                                        data.getResponseEntropy(),
-                                                                        0,
-                                                                        keysize / 8));
-                    } else {
-                        //If we reach this its expected to use the requestor's 
-                        //entropy
-                        encrKeyBuilder.setEphemeralKey(data.getRequestEntropy());
-                    }
-                }// else : We have to use our own key here, so don't set the key
+                encrKeyBuilder.
+                        setEphemeralKey(TokenIssuerUtil.getSharedSecret(data,
+                                                                        config.keyComputation,
+                                                                        keysize));
 
                 //Set key encryption algo
                 encrKeyBuilder.setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
@@ -358,9 +318,6 @@
             } catch (WSSecurityException e) {
                 throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
                                          new String[]{serviceCert.getSubjectDN().getName()}, e);
-            } catch (ConversationException e) {
-                throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
-                                         new String[]{serviceCert.getSubjectDN().getName()}, e);
             }
             return this.createAttributeAssertion(doc, encryptedKeyElem,
                                                  config, crypto, creationTime, expirationTime);
@@ -403,15 +360,13 @@
      * Uses the <code>wst:AppliesTo</code> to figure out the certificate to
      * encrypt the secret in the SAML token
      *
-     * @param request
      * @param config
      * @param crypto
      * @param serviceAddress The address of the service
      * @return
      * @throws WSSecurityException
      */
-    private X509Certificate getServiceCert(OMElement request,
-                                           SAMLTokenIssuerConfig config,
+    private X509Certificate getServiceCert(SAMLTokenIssuerConfig config,
                                            Crypto crypto,
                                            String serviceAddress) throws WSSecurityException {
 

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java Thu Sep 21 08:35:15 2006
@@ -26,191 +26,175 @@
 import java.io.FileInputStream;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.Map;
 
 /**
  * Configuration manager for the <code>SAMLTokenIssuer</code>
- * 
- * @see org.apache.rahas.impl.SAMLTokenIssuer
+ *
+ * @see SAMLTokenIssuer
  */
-public class SAMLTokenIssuerConfig {
+public class SAMLTokenIssuerConfig extends AbstractIssuerConfig{
 
     /**
      * The QName of the configuration element of the SAMLTokenIssuer
      */
     public final static QName SAML_ISSUER_CONFIG = new QName("saml-issuer-config");
-        
+
     /**
      * Element name to include the alias of the private key to sign the response or
      * the issued token
      */
     private final static QName ISSUER_KEY_ALIAS = new QName("issuerKeyAlias");
-    
+
     /**
-     * Element name to include the password of the private key to sign the 
+     * Element name to include the password of the private key to sign the
      * response or the issued token
      */
     private final static QName ISSUER_KEY_PASSWD = new QName("issuerKeyPassword");
 
     /**
-     * Element name to include the crypto properties used to load the 
+     * Element name to include the crypto properties used to load the
      * information used securing the response
      */
     private final static QName CRYPTO_PROPERTIES = new QName("cryptoProperties");
-    
+
     /**
      * Element to specify the lifetime of the SAMLToken
      * Dafaults to 300000 milliseconds (5 mins)
      */
     private final static QName TTL = new QName("timeToLive");
-    
+
     /**
      * Element to list the trusted services
      */
     private final static QName TRUSTED_SERVICES = new QName("trusted-services");
-    
+
     private final static QName KEY_SIZE = new QName("keySize");
-    
+
     private final static QName SERVICE = new QName("service");
     private final static QName ALIAS = new QName("alias");
 
-    public final static QName ADD_REQUESTED_ATTACHED_REF = new QName("addRequestedAttachedRef");
-    public final static QName ADD_REQUESTED_UNATTACHED_REF = new QName("addRequestedUnattachedRef");
-    
     public final static QName USE_SAML_ATTRIBUTE_STATEMENT = new QName("useSAMLAttributeStatement");
-    
+
     public final static QName ISSUER_NAME = new QName("issuerName");
-    
-    /**
-     * The key computation policy when clien't entropy is provided
-     */
-    public static final QName KEY_COMPUTATION = new QName("keyComputation");
-    
-    public final static int KEY_COMP_USE_REQ_ENT = 1;
-    
-    public final static int KEY_COMP_PROVIDE_ENT = 2;
-    
-    public final static int KEY_COMP_USE_OWN_KEY = 3;
-    
-    protected String cryptoPropFile;
+
     protected String issuerKeyAlias;
     protected String issuerKeyPassword;
     protected String issuerName;
-    protected HashMap trustedServices;
+    protected Map trustedServices;
     protected String trustStorePropFile;
-    protected int keySize = 128;
-    protected long ttl = 300000;
-    protected boolean addRequestedAttachedRef;
-    protected boolean addRequestedUnattachedRef;
-    protected int keyComputation = KEY_COMP_PROVIDE_ENT;
-    
+
     private SAMLTokenIssuerConfig(OMElement elem) throws TrustException {
-        
+        OMElement proofKeyElem = elem.getFirstChildWithName(PROOF_KEY_TYPE);
+        if (proofKeyElem != null) {
+            this.proofKeyType = proofKeyElem.getText().trim();
+        }
+
         //The alias of the private key 
         OMElement userElem = elem.getFirstChildWithName(ISSUER_KEY_ALIAS);
-        if(userElem != null) {
+        if (userElem != null) {
             this.issuerKeyAlias = userElem.getText().trim();
         }
 
-        if(this.issuerKeyAlias == null || "".equals(this.issuerKeyAlias)) {
+        if (this.issuerKeyAlias == null || "".equals(this.issuerKeyAlias)) {
             throw new TrustException("samlIssuerKeyAliasMissing");
         }
-        
+
         OMElement issuerKeyPasswdElem = elem.getFirstChildWithName(ISSUER_KEY_PASSWD);
-        if(issuerKeyPasswdElem != null) {
+        if (issuerKeyPasswdElem != null) {
             this.issuerKeyPassword = issuerKeyPasswdElem.getText().trim();
         }
 
-        if(this.issuerKeyPassword == null || "".equals(this.issuerKeyPassword)) {
+        if (this.issuerKeyPassword == null || "".equals(this.issuerKeyPassword)) {
             throw new TrustException("samlIssuerKeyPasswdMissing");
         }
-        
+
         OMElement issuerNameElem = elem.getFirstChildWithName(ISSUER_NAME);
-        if(issuerNameElem != null) {
+        if (issuerNameElem != null) {
             this.issuerName = issuerNameElem.getText().trim();
         }
 
-        if(this.issuerName == null || "".equals(this.issuerName)) {
+        if (this.issuerName == null || "".equals(this.issuerName)) {
             throw new TrustException("samlIssuerNameMissing");
         }
-        
+
         OMElement cryptoPropElem = elem.getFirstChildWithName(CRYPTO_PROPERTIES);
-        if(cryptoPropElem != null) {
-            this.cryptoPropFile = cryptoPropElem.getText().trim();
+        if (cryptoPropElem != null) {
+            this.cryptoPropertiesFile = cryptoPropElem.getText().trim();
         }
-        
-        if(this.cryptoPropFile == null || "".equals(this.cryptoPropFile)) {
+
+        if (this.cryptoPropertiesFile == null || "".equals(this.cryptoPropertiesFile)) {
             throw new TrustException("samlPropFileMissing");
         }
-        
-        OMElement keyCompElem = elem.getFirstChildWithName(KEY_COMPUTATION);
-        
-        if(keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem)) {
+
+        OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
+        if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem)) {
             this.keyComputation = Integer.parseInt(keyCompElem.getText());
         }
-        
+
         //time to live
         OMElement ttlElem = elem.getFirstChildWithName(TTL);
-        if(ttlElem != null) {
+        if (ttlElem != null) {
             try {
                 this.ttl = Long.parseLong(ttlElem.getText().trim());
             } catch (NumberFormatException e) {
                 throw new TrustException("invlidTTL");
             }
         }
-        
+
         OMElement keySizeElem = elem.getFirstChildWithName(KEY_SIZE);
-        if(keySizeElem != null) {
+        if (keySizeElem != null) {
             try {
                 this.keySize = Integer.parseInt(keySizeElem.getText().trim());
             } catch (NumberFormatException e) {
                 throw new TrustException("invalidKeysize");
             }
         }
-        
+
         this.addRequestedAttachedRef = elem
                 .getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
         this.addRequestedUnattachedRef = elem
                 .getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
-        
+
         //Process trusted services
         OMElement trustedServices = elem.getFirstChildWithName(TRUSTED_SERVICES);
-        
+
         /*
-         * If there are trusted services add them to a list
-         * Only trusts myself to issue tokens to :
-         * In this case the STS is embedded in the service as well and 
-         * the issued token can only be used with that particular service
-         * since the response secret is encrypted by the service's public key
-         */
-        if(trustedServices != null) {
+        * If there are trusted services add them to a list
+        * Only trusts myself to issue tokens to :
+        * In this case the STS is embedded in the service as well and
+        * the issued token can only be used with that particular service
+        * since the response secret is encrypted by the service's public key
+        */
+        if (trustedServices != null) {
             //Now process the trusted services
             Iterator servicesIter = trustedServices.getChildrenWithName(SERVICE);
             while (servicesIter.hasNext()) {
                 OMElement service = (OMElement) servicesIter.next();
                 OMAttribute aliasAttr = service.getAttribute(ALIAS);
-                if(aliasAttr == null) {
+                if (aliasAttr == null) {
                     //The certificate alias is a must
                     throw new TrustException("aliasMissingForService",
                                              new String[]{service.getText().trim()});
                 }
-                if(this.trustedServices == null) {
+                if (this.trustedServices == null) {
                     this.trustedServices = new HashMap();
                 }
-                
+
                 //Add the trusted service and the alias to the map of services
                 this.trustedServices.put(service.getText().trim(), aliasAttr.getAttributeValue());
             }
-            
+
             //There maybe no trusted services as well, Therefore do not 
             //throw an exception when there are no trusted in the list at the 
             //moment
         }
     }
-    
+
     public static SAMLTokenIssuerConfig load(OMElement elem) throws TrustException {
         return new SAMLTokenIssuerConfig(elem);
     }
-    
+
     public static SAMLTokenIssuerConfig load(String configFilePath)
             throws TrustException {
         FileInputStream fis;
@@ -220,9 +204,9 @@
             builder = new StAXOMBuilder(fis);
         } catch (Exception e) {
             throw new TrustException("errorLoadingConfigFile",
-                    new String[] { configFilePath });
+                                     new String[]{configFilePath});
         }
         return load(builder.getDocumentElement());
     }
-    
+
 }

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java Thu Sep 21 08:35:15 2006
@@ -19,37 +19,26 @@
 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.soap.SOAPEnvelope;
 import org.apache.axis2.description.Parameter;
-import org.apache.axis2.util.Base64;
 import org.apache.rahas.RahasConstants;
 import org.apache.rahas.RahasData;
 import org.apache.rahas.Token;
 import org.apache.rahas.TokenIssuer;
 import org.apache.rahas.TrustException;
 import org.apache.rahas.TrustUtil;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.conversation.ConversationConstants;
 import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.token.SecurityContextToken;
 import org.apache.ws.security.util.XmlSchemaDateFormat;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import java.security.SecureRandom;
 import java.text.DateFormat;
 import java.util.Date;
 
 public class SCTIssuer implements TokenIssuer {
 
-    public final static String ENCRYPTED_KEY = "EncryptedKey";
-
     public final static String COMPUTED_KEY = "ComputedKey";
 
-    public final static String BINARY_SECRET = "BinarySecret";
-
     private String configFile;
 
     private OMElement configElement;
@@ -59,7 +48,7 @@
     /**
      * Issue a {@link SecurityContextToken} based on the wsse:Signature or
      * wsse:UsernameToken
-     * 
+     * <p/>
      * This will support returning the SecurityContextToken with the following
      * types of wst:RequestedProof tokens:
      * <ul>
@@ -88,199 +77,103 @@
             if (param != null && param.getParameterElement() != null) {
                 config = SCTIssuerConfig.load(param.getParameterElement()
                         .getFirstChildWithName(
-                                SCTIssuerConfig.SCT_ISSUER_CONFIG));
+                        SCTIssuerConfig.SCT_ISSUER_CONFIG));
             } else {
                 throw new TrustException("expectedParameterMissing",
-                        new String[] { this.configParamName });
+                                         new String[]{this.configParamName});
             }
         }
 
         if (config == null) {
             throw new TrustException("missingConfiguration",
-                    new String[] { SCTIssuerConfig.SCT_ISSUER_CONFIG
-                            .getLocalPart() });
+                                     new String[]{SCTIssuerConfig.SCT_ISSUER_CONFIG
+                                             .getLocalPart()});
         }
 
-        if (ENCRYPTED_KEY.equals(config.proofTokenType)) {
-            return this.doEncryptedKey(config,data);
-        } else if (BINARY_SECRET.equals(config.proofTokenType)) {
-            return this.doBinarySecret(config, data);
-        } else if (COMPUTED_KEY.equals(config.proofTokenType)) {
-            // TODO
-            throw new UnsupportedOperationException("TODO");
-        } else {
-            // TODO
-            throw new UnsupportedOperationException("TODO: Default");
-        }
+        // Env
+        return createEnvelope(data, config);
     }
 
-    private SOAPEnvelope doBinarySecret(SCTIssuerConfig config, RahasData data)
-            throws TrustException {
-
+    private SOAPEnvelope createEnvelope(RahasData data,
+                                        SCTIssuerConfig config) throws TrustException {
         try {
             SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
             int wstVersion = data.getVersion();
-            
-            // Get the document
-            Document doc = ((Element) env).getOwnerDocument();
-    
-            SecurityContextToken sct = new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
-    
-            OMElement rstrElem = TrustUtil
-                    .createRequestSecurityTokenResponseElement(wstVersion, env
-                            .getBody());
-    
-            OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(
-                    wstVersion, rstrElem);
-    
-            rstElem.addChild((OMElement) sct.getElement());
-    
-            String tokenType = data.getTokenType();
-            
-            if (config.addRequestedAttachedRef) {
-                if (wstVersion == RahasConstants.VERSION_05_02) {
-                    TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
-                            + sct.getID(), tokenType);
-                } else {
-                    TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
-                            + sct.getID(), tokenType);
-                }
-            }
-    
-            if (config.addRequestedUnattachedRef) {
-                if (wstVersion == RahasConstants.VERSION_05_02) {
-                    TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
-                            sct.getIdentifier(),
-                            tokenType);
-                } else {
-                    TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
-                            sct.getIdentifier(),
-                            tokenType);
-                }
-            }
-    
-            OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
-                    wstVersion, rstrElem);
-    
-            OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
-                    reqProofTok, null);
-    
-            byte[] secret = this.generateEphemeralKey();
-            binSecElem.setText(Base64.encode(secret));
-    
-            //Creation and expiration times
-            Date creationTime = new Date();
-            Date expirationTime = new Date();
-            
-            expirationTime.setTime(creationTime.getTime() + config.ttl);
-            
-            
-            // Use GMT time in milliseconds
-            DateFormat zulu = new XmlSchemaDateFormat();
-    
-            // Add the Lifetime element
-            TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
-                    .format(creationTime), zulu.format(expirationTime));
-            
-            // Store the tokens
-            Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
-                    .getElement(), creationTime, expirationTime);
-            sctToken.setSecret(secret);
-            TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
-    
-            return env;
-        } catch (ConversationException e) {
-            throw new TrustException(e.getMessage(), e);
-        }
-    }
-
-    private SOAPEnvelope doEncryptedKey(SCTIssuerConfig config, RahasData data)
-            throws TrustException {
 
-        try {
-            int wstVersion = data.getVersion();
-            
-            SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
             // Get the document
             Document doc = ((Element) env).getOwnerDocument();
-    
-            WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
-            Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
-                    data.getInMessageContext().getAxisService().getClassLoader());
-    
-            encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
-            try {
-                encrKeyBuilder.setUseThisCert(data.getClientCert());
-                encrKeyBuilder.prepare(doc, crypto);
-            } catch (WSSecurityException e) {
-                throw new TrustException(
-                        "errorInBuildingTheEncryptedKeyForPrincipal",
-                        new String[] { data.getClientCert().getSubjectDN()
-                                .getName() });
-            }
-    
+
             SecurityContextToken sct =
                     new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
-    
+
             OMElement rstrElem =
-                    TrustUtil.createRequestSecurityTokenResponseElement(wstVersion, env.getBody());
-    
-            OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
+                    TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+                                                                        env.getBody());
+
+            OMElement rstElem =
+                    TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
             rstElem.addChild((OMElement) sct.getElement());
+
             String tokenType = data.getTokenType();
-    
+
             if (config.addRequestedAttachedRef) {
                 if (wstVersion == RahasConstants.VERSION_05_02) {
-                    TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
-                            + sct.getID(), tokenType);
+                    TrustUtil.createRequestedAttachedRef(wstVersion,
+                                                         rstrElem,
+                                                         "#" + sct.getID(),
+                                                         tokenType);
                 } else {
-                    TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
-                            + sct.getID(), tokenType);
+                    TrustUtil.createRequestedAttachedRef(wstVersion,
+                                                         rstrElem,
+                                                         "#" + sct.getID(),
+                                                         tokenType);
                 }
             }
-    
+
             if (config.addRequestedUnattachedRef) {
                 if (wstVersion == RahasConstants.VERSION_05_02) {
-                    TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
-                            sct.getIdentifier(), tokenType);
+                    TrustUtil.createRequestedUnattachedRef(wstVersion,
+                                                           rstrElem,
+                                                           sct.getIdentifier(),
+                                                           tokenType);
                 } else {
-                    TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
-                            sct.getIdentifier(), tokenType);
+                    TrustUtil.createRequestedUnattachedRef(wstVersion,
+                                                           rstrElem,
+                                                           sct.getIdentifier(),
+                                                           tokenType);
                 }
             }
-    
+
             //Creation and expiration times
             Date creationTime = new Date();
             Date expirationTime = new Date();
-            
+
             expirationTime.setTime(creationTime.getTime() + config.ttl);
-            
+
             // Use GMT time in milliseconds
             DateFormat zulu = new XmlSchemaDateFormat();
-            
+
             // Add the Lifetime element
-            TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
-                    .format(creationTime), zulu.format(expirationTime));
-            
-            Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
-            Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
-    
-            OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
-                    wstVersion, rstrElem);
-    
-            if (bstElem != null) {
-                reqProofTok.addChild((OMElement) bstElem);
-            }
-    
-            reqProofTok.addChild((OMElement) encryptedKeyElem);
-    
-            
+            TrustUtil.createLifetimeElement(wstVersion,
+                                            rstrElem,
+                                            zulu.format(creationTime),
+                                            zulu.format(expirationTime));
+
             // Store the tokens
-            Token sctToken = new Token(sct.getIdentifier(), (OMElement) sct
-                    .getElement(), creationTime, expirationTime);
-            sctToken.setSecret(encrKeyBuilder.getEphemeralKey());
+            Token sctToken = new Token(sct.getIdentifier(),
+                                       (OMElement) sct.getElement(),
+                                       creationTime,
+                                       expirationTime);
+
+            //Add the RequestedProofToken
+            TokenIssuerUtil.handleRequestedProofToken(data,
+                                                      wstVersion,
+                                                      config,
+                                                      rstrElem,
+                                                      sctToken,
+                                                      doc);
             TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
-    
             return env;
         } catch (ConversationException e) {
             throw new TrustException(e.getMessage(), e);
@@ -299,46 +192,28 @@
     }
 
     /**
-     * @see org.apache.rahas.TokenIssuer#setConfigurationElement(java.lang.String)
+     * @see org.apache.rahas.TokenIssuer#setConfigurationElement(OMElement)
      */
     public void setConfigurationElement(OMElement configElement) {
         this.configElement = configElement;
     }
 
-    /**
-     * Create an ephemeral key
-     * 
-     * @return
-     * @throws WSSecurityException
-     */
-    private byte[] generateEphemeralKey() throws TrustException {
-        try {
-            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-            byte[] temp = new byte[16];
-            random.nextBytes(temp);
-            return temp;
-        } catch (Exception e) {
-            throw new TrustException("errorCreatingSymmKey", e);
-        }
-    }
-
     public void setConfigurationParamName(String configParamName) {
         this.configParamName = configParamName;
     }
 
     private int getWSCVersion(String tokenTypeValue) throws ConversationException {
-        
-        if(tokenTypeValue == null) {
+
+        if (tokenTypeValue == null) {
             return ConversationConstants.DEFAULT_VERSION;
         }
-        
-        if(tokenTypeValue != null && tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_02)) {
+
+        if (tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_02)) {
             return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
-        } else if(tokenTypeValue != null && tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_12)) {
+        } else if (tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_12)) {
             return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
         } else {
             throw new ConversationException("unsupportedSecConvVersion");
         }
     }
-    
 }

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java?view=diff&rev=448581&r1=448580&r2=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java Thu Sep 21 08:35:15 2006
@@ -27,40 +27,21 @@
 /**
  * SCTIssuer Configuration processor
  */
-public class SCTIssuerConfig {
+public class SCTIssuerConfig extends AbstractIssuerConfig{
 
     public final static QName SCT_ISSUER_CONFIG = new QName("sct-issuer-config");
-    public final static QName ADD_REQUESTED_ATTACHED_REF = new QName("addRequestedAttachedRef");
-    public final static QName ADD_REQUESTED_UNATTACHED_REF = new QName("addRequestedUnattachedRef");
-    
-    
-    protected String proofTokenType = SCTIssuer.ENCRYPTED_KEY;
-
-    protected String cryptoPropertiesFile = null;
-    
-    protected boolean addRequestedAttachedRef;
-    
-    protected boolean addRequestedUnattachedRef;
-    
     protected byte[] requesterEntropy;
-    
-    protected int keySize;
-    
-    //TODO: get from config
-    protected long ttl = 300000;
-    
+
     private SCTIssuerConfig(OMElement elem) throws TrustException {
-        OMElement proofTokenElem =
-                elem.getFirstChildWithName(new QName("proofToken"));
-        if (proofTokenElem != null) {
-            this.proofTokenType = proofTokenElem.getText().trim();
+        OMElement proofKeyElem = elem.getFirstChildWithName(PROOF_KEY_TYPE);
+        if (proofKeyElem != null) {
+            this.proofKeyType = proofKeyElem.getText().trim();
         }
 
         OMElement cryptoPropertiesElem = elem
                 .getFirstChildWithName(new QName("cryptoProperties"));
 
-        if (!SCTIssuer.BINARY_SECRET.equals(proofTokenType)
-                && cryptoPropertiesElem == null) {
+        if (!TokenIssuerUtil.BINARY_SECRET.equals(proofKeyType) && cryptoPropertiesElem == null) {
             throw new TrustException("sctIssuerCryptoPropertiesMissing");
         }
 
@@ -69,6 +50,10 @@
         this.addRequestedUnattachedRef =
                 elem.getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
         this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();
+        OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
+        if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem)) {
+            this.keyComputation = Integer.parseInt(keyCompElem.getText());
+        }
     }
     
     public static SCTIssuerConfig load(OMElement elem) throws TrustException {
@@ -89,7 +74,4 @@
         
         return load(builder.getDocumentElement());
     }
-    
-    
-
 }

Added: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java?view=auto&rev=448581
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java (added)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java Thu Sep 21 08:35:15 2006
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.RahasConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.axis2.util.Base64;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.security.SecureRandom;
+
+/**
+ * 
+ */
+public class TokenIssuerUtil {
+
+    public final static String ENCRYPTED_KEY = "EncryptedKey";
+    public final static String BINARY_SECRET = "BinarySecret";
+
+    public static byte[] getSharedSecret(RahasData data,
+                                         int keyComputation,
+                                         int keySize) throws TrustException {
+
+        boolean reqEntrPresent = data.getRequestEntropy() != null;
+
+        try {
+            if (reqEntrPresent &&
+                keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_OWN_KEY) {
+                //If there is requestor entropy and if the issuer is not
+                //configured to use its own key
+
+                if (keyComputation ==
+                    SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT) {
+                    data.setResponseEntropy(WSSecurityUtil.generateNonce(keySize / 8));
+                    P_SHA1 p_sha1 = new P_SHA1();
+                    return p_sha1.createKey(data.getRequestEntropy(),
+                                            data.getResponseEntropy(),
+                                            0,
+                                            keySize / 8);
+                } else {
+                    //If we reach this its expected to use the requestor's
+                    //entropy
+                    return data.getRequestEntropy();
+                }
+            } else { // need to use a generated key
+                return generateEphemeralKey(keySize);
+            }
+        } catch (WSSecurityException e) {
+            throw new TrustException("errorCreatingSymmKey", e);
+        } catch (ConversationException e) {
+            throw new TrustException("errorCreatingSymmKey", e);
+        }
+    }
+
+    public static void handleRequestedProofToken(RahasData data,
+                                                 int wstVersion,
+                                                 AbstractIssuerConfig config,
+                                                 OMElement rstrElem,
+                                                 Token token,
+                                                 Document doc) throws TrustException {
+        OMElement reqProofTokElem =
+                TrustUtil.createRequestedProofTokenElement(wstVersion, rstrElem);
+
+        if (config.keyComputation == AbstractIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT
+            && data.getRequestEntropy() != null) {
+            //If we there's requestor entropy and its configured to provide
+            //entropy then we have to set the entropy value and
+            //set the RPT to include a ComputedKey element
+
+            OMElement respEntrElem = TrustUtil.createEntropyElement(wstVersion, rstrElem);
+            TrustUtil.createBinarySecretElement(wstVersion,
+                                                respEntrElem,
+                                                RahasConstants.BIN_SEC_TYPE_NONCE).
+                    setText(Base64.encode(data.getResponseEntropy()));
+
+            OMElement compKeyElem =
+                    TrustUtil.createComputedKeyElement(wstVersion, reqProofTokElem);
+            compKeyElem.setText(data.getWstNs() + RahasConstants.COMPUTED_KEY_PSHA1);
+        } else {
+            if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
+                WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+                Crypto crypto =
+                        CryptoFactory.getInstance(config.cryptoPropertiesFile,
+                                                  data.getInMessageContext().
+                                                          getAxisService().getClassLoader());
+
+                encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+                try {
+                    encrKeyBuilder.setUseThisCert(data.getClientCert());
+                    encrKeyBuilder.prepare(doc, crypto);
+                } catch (WSSecurityException e) {
+                    throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
+                                             new String[]{data.
+                                                     getClientCert().getSubjectDN().getName()});
+                }
+                Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+                Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+                if (bstElem != null) {
+                    reqProofTokElem.addChild((OMElement) bstElem);
+                }
+
+                reqProofTokElem.addChild((OMElement) encryptedKeyElem);
+
+                token.setSecret(encrKeyBuilder.getEphemeralKey());
+            } else if (TokenIssuerUtil.BINARY_SECRET.equals(config.proofKeyType)) {
+                byte[] secret = TokenIssuerUtil.getSharedSecret(data,
+                                                                config.keyComputation,
+                                                                config.keySize);
+                OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+                                                                           reqProofTokElem,
+                                                                           null);
+                binSecElem.setText(org.apache.axis2.util.Base64.encode(secret));
+                token.setSecret(secret);
+            } else {
+                throw new IllegalArgumentException(config.proofKeyType);
+            }
+        }
+    }
+
+    private static byte[] generateEphemeralKey(int keySize) throws TrustException {
+        try {
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            byte[] temp = new byte[keySize / 8];
+            random.nextBytes(temp);
+            return temp;
+        } catch (Exception e) {
+            throw new TrustException("errorCreatingSymmKey", e);
+        }
+    }
+
+}



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message