| /* |
| * Copyright 2004,2005 The Apache Software Foundation. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.rampart.policy.model; |
| |
| import org.apache.neethi.Assertion; |
| import org.apache.neethi.Constants; |
| import org.apache.neethi.PolicyComponent; |
| |
| import javax.xml.namespace.QName; |
| import javax.xml.stream.XMLStreamException; |
| import javax.xml.stream.XMLStreamWriter; |
| |
| /** |
| * Rampart policy model bean to capture Rampart configuration assertion info. |
| * |
| * Example: |
| * |
| * <pre> |
| * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> |
| * <ramp:user>alice</ramp:user> |
| * <ramp:encryptionUser>bob</ramp:encryptionUser> |
| * <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass> |
| * <ramp:policyValidatorCbClass>org.apache.axis2.security.ramp:PolicyValidatorCallbackHandler</ramp:policyValidatorCbClass> |
| * <ramp:timestampPrecisionInMilliseconds>true</timestampPrecisionInMilliseconds> |
| * <ramp:timestampTTL>300</ramp:timestampTTL> |
| * <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew> |
| * <ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass> |
| * <ramp:nonceLifeTime>org.apache.rahas.StorageImpl</ramp:nonceLifeTime> |
| * |
| * <ramp:signatureCrypto> |
| * <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| * <ramp:property name="keystoreType">JKS</ramp:property> |
| * <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property> |
| * <ramp:property name="keystorePassword">password</ramp:property> |
| * </ramp:crypto> |
| * </ramp:signatureCrypto> |
| * |
| * <ramp:tokenIssuerPolicy> |
| * <wsp:Policy> |
| * .... |
| * .... |
| * </wsp:Policy> |
| * </ramp:tokenIssuerPolicy> |
| * </ramp:RampartConfig> |
| * |
| * </pre> |
| * |
| */ |
| public class RampartConfig implements Assertion { |
| |
| public static final boolean DEFAULT_TIMESTAMP_PRECISION_IN_MS = true; |
| |
| public static final int DEFAULT_TIMESTAMP_TTL = 300; |
| |
| public static final int DEFAULT_TIMESTAMP_MAX_SKEW = 300; |
| |
| public static final int DEFAULT_NONCE_LIFE_TIME = 60 * 5; // Default life time of a nonce is 5 minutes |
| |
| public final static String NS = "http://ws.apache.org/rampart/policy"; |
| |
| public final static String PREFIX = "rampart"; |
| |
| public final static String RAMPART_CONFIG_LN = "RampartConfig"; |
| |
| public final static String USER_LN = "user"; |
| |
| public final static String USER_CERT_ALIAS_LN = "userCertAlias"; |
| |
| public final static String ENCRYPTION_USER_LN = "encryptionUser"; |
| |
| public final static String STS_ALIAS_LN = "stsAlias"; |
| |
| public final static String PW_CB_CLASS_LN = "passwordCallbackClass"; |
| |
| public final static String POLICY_VALIDATOR_CB_CLASS_LN = "policyValidatorCbClass"; |
| |
| public final static String RAMPART_CONFIG_CB_CLASS_LN = "rampartConfigCallbackClass"; |
| |
| public final static String SIG_CRYPTO_LN = "signatureCrypto"; |
| |
| public final static String ENCR_CRYPTO_LN = "encryptionCrypto"; |
| |
| public final static String DEC_CRYPTO_LN = "decryptionCrypto"; |
| |
| public final static String STS_CRYPTO_LN = "stsCrypto"; |
| |
| public final static String TS_PRECISION_IN_MS_LN = "timestampPrecisionInMilliseconds"; |
| |
| public final static String TS_TTL_LN = "timestampTTL"; |
| |
| public final static String TS_MAX_SKEW_LN = "timestampMaxSkew"; |
| |
| public final static String TOKEN_STORE_CLASS_LN = "tokenStoreClass"; |
| |
| public final static String TIMESTAMP_STRICT_LN = "timestampStrict"; |
| |
| public final static String NONCE_LIFE_TIME = "nonceLifeTime"; |
| |
| public final static String OPTIMISE_PARTS = "optimizeParts"; |
| |
| public final static String SSL_CONFIG = "sslConfig"; |
| |
| private String user; |
| |
| private String userCertAlias; |
| |
| private String encryptionUser; |
| |
| private String stsAlias; |
| |
| private String pwCbClass; |
| |
| private String policyValidatorCbClass; |
| |
| private String rampartConfigCbClass; |
| |
| private CryptoConfig sigCryptoConfig; |
| |
| private CryptoConfig encrCryptoConfig; |
| |
| private CryptoConfig decCryptoConfig; |
| |
| private CryptoConfig stsCryptoConfig; |
| |
| private String timestampPrecisionInMilliseconds = Boolean.toString(DEFAULT_TIMESTAMP_PRECISION_IN_MS); |
| private boolean isTimestampPrecisionInMs = DEFAULT_TIMESTAMP_PRECISION_IN_MS; |
| |
| private String timestampTTL = Integer.toString(DEFAULT_TIMESTAMP_TTL); |
| |
| private String timestampMaxSkew = Integer.toString(DEFAULT_TIMESTAMP_MAX_SKEW); |
| |
| private OptimizePartsConfig optimizeParts; |
| |
| private String tokenStoreClass; |
| |
| private String nonceLifeTime = Integer.toString(DEFAULT_NONCE_LIFE_TIME); |
| |
| private SSLConfig sslConfig; |
| |
| /*To set timeStampStrict in WSSConfig through rampartConfig - default value is false*/ |
| private boolean timeStampStrict = false; |
| |
| public SSLConfig getSSLConfig() { |
| return sslConfig; |
| } |
| |
| public void setSSLConfig(SSLConfig sslConfig) { |
| this.sslConfig = sslConfig; |
| } |
| |
| |
| /** |
| * @return Returns the tokenStoreClass. |
| */ |
| public String getTokenStoreClass() { |
| return tokenStoreClass; |
| } |
| |
| /** |
| * @param tokenStoreClass |
| * The tokenStoreClass to set. |
| */ |
| public void setTokenStoreClass(String tokenStoreClass) { |
| this.tokenStoreClass = tokenStoreClass; |
| } |
| |
| /** |
| * @return Returns the life time of a nonce in seconds. |
| */ |
| public String getNonceLifeTime() { |
| return this.nonceLifeTime; |
| } |
| |
| /** |
| * @param nonceLife |
| * The life time of a nonce to set (in seconds). |
| */ |
| public void setNonceLifeTime(String nonceLife) { |
| this.nonceLifeTime = nonceLife; |
| } |
| |
| public CryptoConfig getDecCryptoConfig() { |
| return decCryptoConfig; |
| } |
| |
| public void setDecCryptoConfig(CryptoConfig decCrypto) { |
| this.decCryptoConfig = decCrypto; |
| } |
| |
| public CryptoConfig getEncrCryptoConfig() { |
| return encrCryptoConfig; |
| } |
| |
| public void setEncrCryptoConfig(CryptoConfig encrCrypto) { |
| this.encrCryptoConfig = encrCrypto; |
| } |
| |
| public String getEncryptionUser() { |
| return encryptionUser; |
| } |
| |
| public void setEncryptionUser(String encryptionUser) { |
| this.encryptionUser = encryptionUser; |
| } |
| |
| public String getPwCbClass() { |
| return pwCbClass; |
| } |
| |
| public void setPwCbClass(String pwCbClass) { |
| this.pwCbClass = pwCbClass; |
| } |
| |
| public String getPolicyValidatorCbClass() { |
| return this.policyValidatorCbClass; |
| } |
| |
| public void setPolicyValidatorCbClass(String policyValidatorCbClass) { |
| this.policyValidatorCbClass = policyValidatorCbClass; |
| } |
| |
| public String getRampartConfigCbClass() { |
| return rampartConfigCbClass; |
| } |
| |
| public void setRampartConfigCbClass(String rampartConfigCbClass) { |
| this.rampartConfigCbClass = rampartConfigCbClass; |
| } |
| |
| public CryptoConfig getSigCryptoConfig() { |
| return sigCryptoConfig; |
| } |
| |
| public void setSigCryptoConfig(CryptoConfig sigCryptoConfig) { |
| this.sigCryptoConfig = sigCryptoConfig; |
| } |
| |
| public String getUser() { |
| return user; |
| } |
| |
| public void setUser(String user) { |
| this.user = user; |
| } |
| |
| public String getUserCertAlias() { |
| return userCertAlias; |
| } |
| |
| public void setUserCertAlias(String userCertAlias) { |
| this.userCertAlias = userCertAlias; |
| } |
| |
| public QName getName() { |
| return new QName(NS, RAMPART_CONFIG_LN); |
| } |
| |
| public boolean isOptional() { |
| // TODO TODO |
| throw new UnsupportedOperationException("TODO"); |
| } |
| public boolean isIgnorable() { |
| throw new UnsupportedOperationException("TODO"); |
| } |
| |
| public PolicyComponent normalize() { |
| // TODO TODO |
| throw new UnsupportedOperationException("TODO"); |
| } |
| |
| public void serialize(XMLStreamWriter writer) throws XMLStreamException { |
| String prefix = writer.getPrefix(NS); |
| |
| if (prefix == null) { |
| prefix = PREFIX; |
| writer.setPrefix(PREFIX, NS); |
| } |
| |
| writer.writeStartElement(PREFIX, RAMPART_CONFIG_LN, NS); |
| writer.writeNamespace(prefix, NS); |
| |
| if (getUser() != null) { |
| writer.writeStartElement(NS, USER_LN); |
| writer.writeCharacters(getUser()); |
| writer.writeEndElement(); |
| } |
| |
| if (getUserCertAlias() != null) { |
| writer.writeStartElement(NS, USER_CERT_ALIAS_LN); |
| writer.writeCharacters(getUserCertAlias()); |
| writer.writeEndElement(); |
| } |
| |
| if (getEncryptionUser() != null) { |
| writer.writeStartElement(NS, ENCRYPTION_USER_LN); |
| writer.writeCharacters(getEncryptionUser()); |
| writer.writeEndElement(); |
| } |
| |
| if (getStsAlias() != null ) { |
| writer.writeStartElement(NS, STS_ALIAS_LN); |
| writer.writeCharacters(getStsAlias()); |
| writer.writeEndElement(); |
| } |
| |
| if (getPwCbClass() != null) { |
| writer.writeStartElement(NS, PW_CB_CLASS_LN); |
| writer.writeCharacters(getPwCbClass()); |
| writer.writeEndElement(); |
| } |
| |
| if (getPolicyValidatorCbClass() != null) { |
| writer.writeStartElement(NS, POLICY_VALIDATOR_CB_CLASS_LN); |
| writer.writeCharacters(getPolicyValidatorCbClass()); |
| writer.writeEndElement(); |
| } |
| |
| if (getRampartConfigCbClass() != null) { |
| writer.writeStartElement(NS, RAMPART_CONFIG_CB_CLASS_LN); |
| writer.writeCharacters(getRampartConfigCbClass()); |
| writer.writeEndElement(); |
| } |
| |
| writer.writeStartElement(NS, TS_PRECISION_IN_MS_LN); |
| writer.writeCharacters(Boolean.toString(isDefaultTimestampPrecisionInMs())); |
| writer.writeEndElement(); |
| |
| if (getTimestampTTL() != null) { |
| writer.writeStartElement(NS, TS_TTL_LN); |
| writer.writeCharacters(getTimestampTTL()); |
| writer.writeEndElement(); |
| } |
| |
| if (getTimestampMaxSkew() != null) { |
| writer.writeStartElement(NS, TS_MAX_SKEW_LN); |
| writer.writeCharacters(getTimestampMaxSkew()); |
| writer.writeEndElement(); |
| } |
| |
| writer.writeStartElement(NS, TIMESTAMP_STRICT_LN); |
| writer.writeCharacters(Boolean.toString(isTimeStampStrict())); |
| writer.writeEndElement(); |
| |
| if (getTokenStoreClass() != null) { |
| writer.writeStartElement(NS, TOKEN_STORE_CLASS_LN); |
| writer.writeCharacters(getTokenStoreClass()); |
| writer.writeEndElement(); |
| } |
| |
| if (getNonceLifeTime() != null) { |
| writer.writeStartElement(NS, NONCE_LIFE_TIME); |
| writer.writeCharacters(getNonceLifeTime()); |
| writer.writeEndElement(); |
| } |
| |
| if (encrCryptoConfig != null) { |
| writer.writeStartElement(NS, ENCR_CRYPTO_LN); |
| encrCryptoConfig.serialize(writer); |
| writer.writeEndElement(); |
| |
| } |
| |
| if (decCryptoConfig != null) { |
| writer.writeStartElement(NS, DEC_CRYPTO_LN); |
| decCryptoConfig.serialize(writer); |
| writer.writeEndElement(); |
| } |
| |
| if(stsCryptoConfig != null) { |
| writer.writeStartElement(NS, STS_CRYPTO_LN); |
| stsCryptoConfig.serialize(writer); |
| writer.writeEndElement(); |
| } |
| |
| if (sigCryptoConfig != null) { |
| writer.writeStartElement(NS, SIG_CRYPTO_LN); |
| sigCryptoConfig.serialize(writer); |
| writer.writeEndElement(); |
| } |
| |
| writer.writeEndElement(); |
| |
| } |
| |
| public boolean equal(PolicyComponent policyComponent) { |
| throw new UnsupportedOperationException("TODO"); |
| } |
| |
| public short getType() { |
| return Constants.TYPE_ASSERTION; |
| } |
| |
| /** |
| * @deprecated As of version 1.7.0, replaced by isDefaultTimestampPrecisionInMs |
| * @see #isDefaultTimestampPrecisionInMs() |
| * @return Returns "true" or "false". |
| */ |
| @Deprecated |
| public String getTimestampPrecisionInMilliseconds() { |
| return timestampPrecisionInMilliseconds; |
| } |
| |
| public boolean isDefaultTimestampPrecisionInMs() { |
| return this.isTimestampPrecisionInMs; |
| } |
| |
| public void setTimestampPrecisionInMilliseconds(String timestampPrecisionInMilliseconds) { |
| |
| if (timestampPrecisionInMilliseconds != null) { |
| this.timestampPrecisionInMilliseconds = timestampPrecisionInMilliseconds; |
| this.isTimestampPrecisionInMs = Boolean.valueOf(timestampPrecisionInMilliseconds); |
| } |
| } |
| |
| /** |
| * @return Returns the timestampTTL. |
| */ |
| public String getTimestampTTL() { |
| return timestampTTL; |
| } |
| |
| /** |
| * @param timestampTTL |
| * The timestampTTL to set. |
| */ |
| public void setTimestampTTL(String timestampTTL) { |
| this.timestampTTL = timestampTTL; |
| } |
| |
| /** |
| * @return Returns the timestampMaxSkew. |
| */ |
| public String getTimestampMaxSkew() { |
| return timestampMaxSkew; |
| } |
| |
| /** |
| * @param timestampMaxSkew |
| * The timestampMaxSkew to set. |
| */ |
| public void setTimestampMaxSkew(String timestampMaxSkew) { |
| this.timestampMaxSkew = timestampMaxSkew; |
| } |
| |
| public OptimizePartsConfig getOptimizeParts() { |
| return optimizeParts; |
| } |
| |
| public void setOptimizeParts(OptimizePartsConfig optimizeParts) { |
| this.optimizeParts = optimizeParts; |
| } |
| |
| public String getStsAlias() { |
| return stsAlias; |
| } |
| |
| public void setStsAlias(String stsAlias) { |
| this.stsAlias = stsAlias; |
| } |
| |
| public CryptoConfig getStsCryptoConfig() { |
| return stsCryptoConfig; |
| } |
| |
| public void setStsCryptoConfig(CryptoConfig stsCryptoConfig) { |
| this.stsCryptoConfig = stsCryptoConfig; |
| } |
| |
| public boolean isTimeStampStrict() { |
| return timeStampStrict; |
| } |
| |
| public void setTimeStampStrict(String timeStampStrict) { |
| this.timeStampStrict = Boolean.valueOf(timeStampStrict); |
| } |
| |
| } |