Google Git
Sign in
apache / axis-site / 9ef46134111017c6f7fe7361a7ddd119d7901307 / . / axis2 / java / core-rampart / code-coverage / org.apache.rahas / RahasData.java.html
blob: 5a271037490c45344911f2fac50a56a986d0887a [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../.resources/report.css" type="text/css"/><link rel="shortcut icon" href="../.resources/report.gif" type="image/gif"/><title>RahasData.java</title><link rel="stylesheet" href="../.resources/prettify.css" type="text/css"/><script type="text/javascript" src="../.resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="right"><a href="../.sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Coverage Report</a> &gt; <a href="index.html" class="el_package">org.apache.rahas</a> &gt; <span class="el_source">RahasData.java</span></div><h1>RahasData.java</h1><pre class="source lang-java linenums">/*
* Copyright 2004,2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rahas;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMXMLBuilderFactory;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.axis2.addressing.AddressingConstants;
import org.apache.axis2.context.MessageContext;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.opensaml.saml1.core.Assertion;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.List;
/**
* Common data items on WS-Trust request messages
*/
public class RahasData {
private MessageContext inMessageContext;
private OMElement rstElement;
<span class="fc" id="L49"> private int version = -1;</span>
private String wstNs;
private String requestType;
private String tokenType;
private String tokenId;
<span class="fc" id="L59"> private int keysize = -1;</span>
private String computedKeyAlgo;
private String keyType;
private String appliesToAddress;
private OMElement appliesToEpr;
private Principal principal;
private X509Certificate clientCert;
private byte[] ephmeralKey;
private byte[] requestEntropy;
private byte[] responseEntropy;
private String addressingNs;
private String soapNs;
private OMElement claimElem;
private String claimDialect;
private Assertion assertion;
/**
* Create a new RahasData instance and populate it with the information from
* the request.
*
* @throws TrustException &lt;code&gt;RequestSecurityToken&lt;/code&gt; element is invalid.
*/
<span class="fc" id="L94"> public RahasData(MessageContext inMessageContext) throws TrustException {</span>
<span class="fc" id="L96"> this.inMessageContext = inMessageContext;</span>
//Check for an authenticated Principal
<span class="fc" id="L99"> this.processWSS4JSecurityResults();</span>
// Find out the incoming addressing version
<span class="fc" id="L102"> this.addressingNs = (String) this.inMessageContext</span>
.getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
<span class="fc" id="L105"> this.rstElement = this.inMessageContext.getEnvelope().getBody()</span>
.getFirstElement();
<span class="fc" id="L108"> this.soapNs = this.inMessageContext.getEnvelope().getNamespace()</span>
.getNamespaceURI();
<span class="fc" id="L111"> this.wstNs = this.rstElement.getNamespace().getNamespaceURI();</span>
<span class="fc" id="L113"> int ver = TrustUtil.getWSTVersion(this.wstNs);</span>
<span class="pc bpc" id="L115" title="1 of 2 branches missed."> if (ver == -1) {</span>
<span class="nc" id="L116"> throw new TrustException(TrustException.INVALID_REQUEST);</span>
} else {
<span class="fc" id="L118"> this.version = ver;</span>
}
<span class="fc" id="L121"> this.processRequestType();</span>
<span class="fc" id="L123"> this.processTokenType();</span>
<span class="fc" id="L125"> this.processKeyType();</span>
<span class="fc" id="L127"> this.processKeySize();</span>
<span class="fc" id="L129"> this.processAppliesTo();</span>
<span class="fc" id="L131"> this.processEntropy();</span>
<span class="fc" id="L133"> this.processClaims();</span>
<span class="fc" id="L135"> this.processValidateTarget();</span>
<span class="fc" id="L137"> this.processRenewTarget();</span>
<span class="fc" id="L139"> }</span>
/**
* Processes the authenticated user information from the WSS4J security
* results.
*
* @throws TrustException
*/
private void processWSS4JSecurityResults() throws TrustException {
/*
* User can be identifier using a UsernameToken or a certificate - If a
* certificate is found then we use that to - identify the user and -
* encrypt the response (if required) - If a UsernameToken is found then
* we will not be encrypting the response
*/
List&lt;WSHandlerResult&gt; results;
<span class="pc bpc" id="L157" title="1 of 2 branches missed."> if ((results = (List&lt;WSHandlerResult&gt;) this.inMessageContext</span>
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
<span class="nc" id="L159"> throw new TrustException(TrustException.REQUEST_FAILED);</span>
} else {
<span class="fc bfc" id="L162" title="All 2 branches covered."> for (WSHandlerResult result : results) {</span>
<span class="fc" id="L163"> List&lt;WSSecurityEngineResult&gt; wsSecEngineResults = result.getResults();</span>
<span class="fc bfc" id="L165" title="All 2 branches covered."> for (WSSecurityEngineResult wser : wsSecEngineResults) {</span>
<span class="fc" id="L166"> Object principalObject = wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);</span>
<span class="fc" id="L167"> int act = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);</span>
<span class="pc bpc" id="L169" title="1 of 4 branches missed."> if (act == WSConstants.SIGN &amp;&amp; principalObject != null) {</span>
<span class="fc" id="L170"> this.clientCert = (X509Certificate) wser</span>
.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
<span class="fc" id="L172"> this.principal = (Principal) principalObject;</span>
<span class="pc bpc" id="L173" title="1 of 4 branches missed."> } else if (act == WSConstants.UT &amp;&amp; principalObject != null) {</span>
<span class="fc" id="L174"> this.principal = (Principal) principalObject;</span>
<span class="fc bfc" id="L175" title="All 2 branches covered."> } else if (act == WSConstants.BST) {</span>
<span class="fc" id="L176"> final X509Certificate[] certificates =</span>
(X509Certificate[]) wser
.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
<span class="fc" id="L179"> this.clientCert = certificates[0];</span>
<span class="fc" id="L180"> this.principal = this.clientCert.getSubjectDN();</span>
<span class="pc bpc" id="L181" title="1 of 2 branches missed."> } else if (act == WSConstants.ST_UNSIGNED) {</span>
<span class="nc" id="L182"> this.assertion = (Assertion) wser</span>
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
}
<span class="fc" id="L186"> }</span>
<span class="fc" id="L187"> }</span>
// If the principal or a SAML assertion is missing
<span class="pc bpc" id="L189" title="3 of 4 branches missed."> if (this.principal == null &amp;&amp; this.assertion == null) {</span>
<span class="nc" id="L190"> throw new TrustException(TrustException.REQUEST_FAILED);</span>
}
}
<span class="fc" id="L193"> }</span>
private void processAppliesTo() throws TrustException {
<span class="fc" id="L197"> OMElement appliesToElem = this.rstElement</span>
.getFirstChildWithName(new QName(RahasConstants.WSP_NS,
RahasConstants.IssuanceBindingLocalNames.
APPLIES_TO));
<span class="fc bfc" id="L202" title="All 2 branches covered."> if (appliesToElem != null) {</span>
<span class="fc" id="L203"> OMElement eprElem = appliesToElem.getFirstElement();</span>
<span class="fc" id="L204"> this.appliesToEpr = eprElem;</span>
// If there were no addressing headers
// The find the addressing version using the EPR element
<span class="fc bfc" id="L208" title="All 2 branches covered."> if (this.addressingNs == null) {</span>
<span class="fc" id="L209"> this.addressingNs = eprElem.getNamespace()</span>
.getNamespaceURI();
}
<span class="pc bpc" id="L213" title="1 of 2 branches missed."> if (eprElem != null) {</span>
//Of the epr is a web service then try to get the addr
<span class="fc" id="L217"> OMElement addrElem = eprElem</span>
.getFirstChildWithName(new QName(
this.addressingNs,
AddressingConstants.EPR_ADDRESS));
<span class="pc bpc" id="L221" title="3 of 6 branches missed."> if (addrElem != null &amp;&amp; addrElem.getText() != null</span>
&amp;&amp; !&quot;&quot;.equals(addrElem.getText().trim())) {
<span class="fc" id="L223"> this.appliesToAddress = addrElem.getText().trim();</span>
}
<span class="fc" id="L225"> } else {</span>
<span class="nc" id="L226"> throw new TrustException(&quot;invalidAppliesToElem&quot;);</span>
}
}
<span class="fc" id="L229"> }</span>
private void processRequestType() throws TrustException {
<span class="fc" id="L232"> OMElement reqTypeElem = this.rstElement</span>
.getFirstChildWithName(new QName(this.wstNs,
RahasConstants.LocalNames.REQUEST_TYPE));
<span class="pc bpc" id="L236" title="3 of 6 branches missed."> if (reqTypeElem == null ||</span>
reqTypeElem.getText() == null ||
reqTypeElem.getText().trim().length() == 0) {
<span class="nc" id="L239"> throw new TrustException(TrustException.INVALID_REQUEST);</span>
} else {
<span class="fc" id="L241"> this.requestType = reqTypeElem.getText().trim();</span>
}
<span class="fc" id="L243"> }</span>
private void processTokenType() {
<span class="fc" id="L246"> OMElement tokTypeElem = this.rstElement</span>
.getFirstChildWithName(new QName(this.wstNs,
RahasConstants.LocalNames.TOKEN_TYPE));
<span class="pc bpc" id="L250" title="2 of 6 branches missed."> if (tokTypeElem != null &amp;&amp; tokTypeElem.getText() != null</span>
&amp;&amp; !&quot;&quot;.equals(tokTypeElem.getText().trim())) {
<span class="fc" id="L252"> this.tokenType = tokTypeElem.getText().trim();</span>
}
<span class="fc" id="L254"> }</span>
/**
* Find the value of the KeyType element of the RST
*/
private void processKeyType() {
<span class="fc" id="L260"> OMElement keyTypeElem = this.rstElement</span>
.getFirstChildWithName(new QName(this.wstNs,
RahasConstants.IssuanceBindingLocalNames.KEY_TYPE));
<span class="fc bfc" id="L263" title="All 2 branches covered."> if (keyTypeElem != null) {</span>
<span class="fc" id="L264"> String text = keyTypeElem.getText();</span>
<span class="pc bpc" id="L265" title="2 of 4 branches missed."> if (text != null &amp;&amp; !&quot;&quot;.equals(text.trim())) {</span>
<span class="fc" id="L266"> this.keyType = text.trim();</span>
}
}
<span class="fc" id="L269"> }</span>
/**
* Finds the KeySize and creates an empty ephmeral key.
*
* @throws TrustException
*/
private void processKeySize() throws TrustException {
<span class="fc" id="L277"> OMElement keySizeElem =</span>
this.rstElement
.getFirstChildWithName(new QName(this.wstNs,
RahasConstants.IssuanceBindingLocalNames.
KEY_SIZE));
<span class="fc bfc" id="L282" title="All 2 branches covered."> if (keySizeElem != null) {</span>
<span class="fc" id="L283"> String text = keySizeElem.getText();</span>
<span class="pc bpc" id="L284" title="2 of 4 branches missed."> if (text != null &amp;&amp; !&quot;&quot;.equals(text.trim())) {</span>
try {
//Set key size
<span class="fc" id="L287"> this.keysize = Integer.parseInt(text.trim());</span>
//Create an empty array to hold the key
<span class="fc" id="L290"> this.ephmeralKey = new byte[this.keysize/8];</span>
<span class="nc" id="L291"> } catch (NumberFormatException e) {</span>
<span class="nc" id="L292"> throw new TrustException(TrustException.INVALID_REQUEST,</span>
new String[]{&quot;invalid wst:Keysize value&quot;}, e);
<span class="fc" id="L294"> }</span>
}
}
<span class="fc" id="L297"> this.keysize = -1;</span>
<span class="fc" id="L298"> }</span>
/**
* Processes a claims.
*
*/
private void processClaims() throws TrustException{
<span class="fc" id="L305"> claimElem = this.rstElement</span>
.getFirstChildWithName(new QName(this.wstNs,
RahasConstants.IssuanceBindingLocalNames.CLAIMS));
<span class="pc bpc" id="L309" title="1 of 2 branches missed."> if(claimElem != null){</span>
<span class="nc" id="L310"> claimDialect = claimElem.getAttributeValue(new QName(this.wstNs,</span>
RahasConstants.ATTR_CLAIMS_DIALECT));
}
<span class="fc" id="L314"> }</span>
private void processValidateTarget()throws TrustException{
<span class="fc" id="L318"> OMElement validateTargetElem = this.rstElement</span>
.getFirstChildWithName(new QName(this.wstNs,
RahasConstants.LocalNames.VALIDATE_TARGET));
<span class="pc bpc" id="L322" title="1 of 2 branches missed."> if (validateTargetElem != null) {</span>
<span class="nc" id="L324"> OMElement strElem = validateTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,</span>
&quot;SecurityTokenReference&quot;));
<span class="nc" id="L327"> Element elem = (Element)OMXMLBuilderFactory.createStAXOMBuilder(</span>
OMAbstractFactory.getMetaFactory(OMAbstractFactory.FEATURE_DOM).getOMFactory(),
strElem.getXMLStreamReader()).getDocumentElement();
try {
<span class="nc" id="L332"> SecurityTokenReference str = new SecurityTokenReference((Element)elem);</span>
<span class="nc bnc" id="L333" title="All 2 branches missed."> if (str.containsReference()) {</span>
<span class="nc" id="L334"> tokenId = str.getReference().getURI();</span>
<span class="nc bnc" id="L335" title="All 2 branches missed."> } else if(str.containsKeyIdentifier()){</span>
<span class="nc" id="L336"> tokenId = str.getKeyIdentifierValue();</span>
}
<span class="nc" id="L338"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L339"> throw new TrustException(&quot;errorExtractingTokenId&quot;,e);</span>
<span class="nc" id="L340"> } </span>
}
<span class="fc" id="L342"> }</span>
private void processRenewTarget()throws TrustException{
<span class="fc" id="L346"> OMElement renewTargetElem = this.rstElement</span>
.getFirstChildWithName(new QName(this.wstNs,
RahasConstants.LocalNames.RENEW_TARGET));
<span class="pc bpc" id="L349" title="1 of 2 branches missed."> if (renewTargetElem != null) {</span>
<span class="nc" id="L351"> OMElement strElem = renewTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,</span>
&quot;SecurityTokenReference&quot;));
<span class="nc" id="L354"> Element elem = (Element)OMXMLBuilderFactory.createStAXOMBuilder(</span>
OMAbstractFactory.getMetaFactory(OMAbstractFactory.FEATURE_DOM).getOMFactory(),
strElem.getXMLStreamReader()).getDocumentElement();
try {
<span class="nc" id="L359"> SecurityTokenReference str = new SecurityTokenReference((Element)elem);</span>
<span class="nc bnc" id="L360" title="All 2 branches missed."> if (str.containsReference()) {</span>
<span class="nc" id="L361"> tokenId = str.getReference().getURI();</span>
<span class="nc bnc" id="L362" title="All 2 branches missed."> } else if(str.containsKeyIdentifier()){</span>
<span class="nc" id="L363"> tokenId = str.getKeyIdentifierValue();</span>
}
<span class="nc bnc" id="L365" title="All 2 branches missed."> if(tokenId == null){</span>
<span class="nc bnc" id="L366" title="All 2 branches missed."> if(str.containsKeyIdentifier()){</span>
<span class="nc" id="L367"> tokenId = str.getKeyIdentifierValue();</span>
}
}
<span class="nc" id="L370"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L371"> throw new TrustException(&quot;errorExtractingTokenId&quot;,e);</span>
<span class="nc" id="L372"> } </span>
}
<span class="fc" id="L374"> }</span>
/**
* Process wst:Entropy element in the request.
*/
private void processEntropy() throws TrustException {
<span class="fc" id="L380"> OMElement entropyElem = this.rstElement</span>
.getFirstChildWithName(new QName(this.wstNs,
RahasConstants.IssuanceBindingLocalNames.ENTROPY));
<span class="fc bfc" id="L384" title="All 2 branches covered."> if (entropyElem != null) {</span>
<span class="fc" id="L385"> OMElement binSecElem = entropyElem.getFirstElement();</span>
<span class="pc bpc" id="L386" title="3 of 6 branches missed."> if (binSecElem != null &amp;&amp; binSecElem.getText() != null</span>
&amp;&amp; !&quot;&quot;.equals(binSecElem.getText())) {
<span class="fc" id="L388"> this.requestEntropy = Base64Utils.decode(binSecElem.getText());</span>
} else {
<span class="nc" id="L390"> throw new TrustException(&quot;malformedEntropyElement&quot;,</span>
new String[]{entropyElem.toString()});
}
}
<span class="fc" id="L395"> }</span>
/**
* @return Returns the appliesToAddress.
*/
public String getAppliesToAddress() {
<span class="fc" id="L401"> return appliesToAddress;</span>
}
/**
* @return Returns the clientCert.
*/
public X509Certificate getClientCert() {
<span class="fc" id="L408"> return clientCert;</span>
}
/**
* @return Returns the computedKeyAlgo.
*/
public String getComputedKeyAlgo() {
<span class="nc" id="L415"> return computedKeyAlgo;</span>
}
/**
* @return Returns the ephmeralKey.
*/
public byte[] getEphmeralKey() {
<span class="fc" id="L422"> return ephmeralKey;</span>
}
/**
* @return Returns the inMessageContext.
*/
public MessageContext getInMessageContext() {
<span class="fc" id="L429"> return inMessageContext;</span>
}
/**
* @return Returns the keysize.
*/
public int getKeysize() {
<span class="fc" id="L436"> return keysize;</span>
}
/**
* @return Returns the keyType.
*/
public String getKeyType() {
<span class="fc" id="L443"> return keyType;</span>
}
/**
* @return Returns the principal.
*/
public Principal getPrincipal() {
<span class="fc" id="L450"> return principal;</span>
}
/**
* @return Returns the requestEntropy.
*/
public byte[] getRequestEntropy() {
<span class="fc" id="L457"> return requestEntropy;</span>
}
/**
* @return Returns the requestType.
*/
public String getRequestType() {
<span class="fc" id="L464"> return requestType;</span>
}
/**
* @return Returns the responseEntropy.
*/
public byte[] getResponseEntropy() {
<span class="fc" id="L471"> return responseEntropy;</span>
}
/**
* @return Returns the rstElement.
*/
public OMElement getRstElement() {
<span class="fc" id="L478"> return rstElement;</span>
}
/**
* @return Returns the tokenType.
*/
public String getTokenType() {
<span class="fc" id="L485"> return tokenType;</span>
}
/**
* @return Returns the version.
*/
public int getVersion() {
<span class="fc" id="L492"> return version;</span>
}
/**
* @return Returns the addressingNs.
*/
public String getAddressingNs() {
<span class="fc" id="L499"> return addressingNs;</span>
}
/**
* @return Returns the wstNs.
*/
public String getWstNs() {
<span class="fc" id="L506"> return wstNs;</span>
}
/**
* @return Returns the soapNs.
*/
public String getSoapNs() {
<span class="fc" id="L513"> return soapNs;</span>
}
/**
* @return Returns the tokenId.
*/
public String getTokenId() {
<span class="nc" id="L520"> return tokenId;</span>
}
/**
* @param responseEntropy The responseEntropy to set.
*/
public void setResponseEntropy(byte[] responseEntropy) {
<span class="fc" id="L527"> this.responseEntropy = responseEntropy;</span>
<span class="fc" id="L528"> }</span>
/**
* @param ephmeralKey The ephmeralKey to set.
*/
public void setEphmeralKey(byte[] ephmeralKey) {
<span class="fc" id="L534"> this.ephmeralKey = ephmeralKey;</span>
<span class="fc" id="L535"> }</span>
public String getClaimDialect() {
<span class="fc" id="L538"> return claimDialect;</span>
}
public OMElement getClaimElem() {
<span class="nc" id="L542"> return claimElem;</span>
}
public OMElement getAppliesToEpr() {
<span class="nc" id="L546"> return appliesToEpr;</span>
}
}
</pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.6.1.201212231917</span></div></body></html>