| <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../.resources/report.css" type="text/css"/><link rel="shortcut icon" href="../.resources/report.gif" type="image/gif"/><title>RahasData.java</title><link rel="stylesheet" href="../.resources/prettify.css" type="text/css"/><script type="text/javascript" src="../.resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="right"><a href="../.sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Coverage Report</a> > <a href="index.html" class="el_package">org.apache.rahas</a> > <span class="el_source">RahasData.java</span></div><h1>RahasData.java</h1><pre class="source lang-java linenums">/* |
| * Copyright 2004,2005 The Apache Software Foundation. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.rahas; |
| |
| import org.apache.axiom.om.OMAbstractFactory; |
| import org.apache.axiom.om.OMElement; |
| import org.apache.axiom.om.OMXMLBuilderFactory; |
| import org.apache.axiom.util.base64.Base64Utils; |
| import org.apache.axis2.addressing.AddressingConstants; |
| import org.apache.axis2.context.MessageContext; |
| import org.apache.ws.security.WSConstants; |
| import org.apache.ws.security.WSSecurityEngineResult; |
| import org.apache.ws.security.WSSecurityException; |
| import org.apache.ws.security.handler.WSHandlerConstants; |
| import org.apache.ws.security.handler.WSHandlerResult; |
| import org.apache.ws.security.message.token.SecurityTokenReference; |
| import org.opensaml.saml1.core.Assertion; |
| import org.w3c.dom.Element; |
| |
| import javax.xml.namespace.QName; |
| |
| import java.security.Principal; |
| import java.security.cert.X509Certificate; |
| import java.util.List; |
| |
| /** |
| * Common data items on WS-Trust request messages |
| */ |
| public class RahasData { |
| |
| private MessageContext inMessageContext; |
| |
| private OMElement rstElement; |
| |
| <span class="fc" id="L49"> private int version = -1;</span> |
| |
| private String wstNs; |
| |
| private String requestType; |
| |
| private String tokenType; |
| |
| private String tokenId; |
| |
| <span class="fc" id="L59"> private int keysize = -1;</span> |
| |
| private String computedKeyAlgo; |
| |
| private String keyType; |
| |
| private String appliesToAddress; |
| |
| private OMElement appliesToEpr; |
| |
| private Principal principal; |
| |
| private X509Certificate clientCert; |
| |
| private byte[] ephmeralKey; |
| |
| private byte[] requestEntropy; |
| |
| private byte[] responseEntropy; |
| |
| private String addressingNs; |
| |
| private String soapNs; |
| |
| private OMElement claimElem; |
| |
| private String claimDialect; |
| |
| private Assertion assertion; |
| /** |
| * Create a new RahasData instance and populate it with the information from |
| * the request. |
| * |
| * @throws TrustException <code>RequestSecurityToken</code> element is invalid. |
| */ |
| <span class="fc" id="L94"> public RahasData(MessageContext inMessageContext) throws TrustException {</span> |
| |
| <span class="fc" id="L96"> this.inMessageContext = inMessageContext;</span> |
| |
| //Check for an authenticated Principal |
| <span class="fc" id="L99"> this.processWSS4JSecurityResults();</span> |
| |
| // Find out the incoming addressing version |
| <span class="fc" id="L102"> this.addressingNs = (String) this.inMessageContext</span> |
| .getProperty(AddressingConstants.WS_ADDRESSING_VERSION); |
| |
| <span class="fc" id="L105"> this.rstElement = this.inMessageContext.getEnvelope().getBody()</span> |
| .getFirstElement(); |
| |
| <span class="fc" id="L108"> this.soapNs = this.inMessageContext.getEnvelope().getNamespace()</span> |
| .getNamespaceURI(); |
| |
| <span class="fc" id="L111"> this.wstNs = this.rstElement.getNamespace().getNamespaceURI();</span> |
| |
| <span class="fc" id="L113"> int ver = TrustUtil.getWSTVersion(this.wstNs);</span> |
| |
| <span class="pc bpc" id="L115" title="1 of 2 branches missed."> if (ver == -1) {</span> |
| <span class="nc" id="L116"> throw new TrustException(TrustException.INVALID_REQUEST);</span> |
| } else { |
| <span class="fc" id="L118"> this.version = ver;</span> |
| } |
| |
| <span class="fc" id="L121"> this.processRequestType();</span> |
| |
| <span class="fc" id="L123"> this.processTokenType();</span> |
| |
| <span class="fc" id="L125"> this.processKeyType();</span> |
| |
| <span class="fc" id="L127"> this.processKeySize();</span> |
| |
| <span class="fc" id="L129"> this.processAppliesTo();</span> |
| |
| <span class="fc" id="L131"> this.processEntropy();</span> |
| |
| <span class="fc" id="L133"> this.processClaims();</span> |
| |
| <span class="fc" id="L135"> this.processValidateTarget();</span> |
| |
| <span class="fc" id="L137"> this.processRenewTarget();</span> |
| |
| <span class="fc" id="L139"> }</span> |
| |
| /** |
| * Processes the authenticated user information from the WSS4J security |
| * results. |
| * |
| * @throws TrustException |
| */ |
| private void processWSS4JSecurityResults() throws TrustException { |
| |
| /* |
| * User can be identifier using a UsernameToken or a certificate - If a |
| * certificate is found then we use that to - identify the user and - |
| * encrypt the response (if required) - If a UsernameToken is found then |
| * we will not be encrypting the response |
| */ |
| |
| List<WSHandlerResult> results; |
| <span class="pc bpc" id="L157" title="1 of 2 branches missed."> if ((results = (List<WSHandlerResult>) this.inMessageContext</span> |
| .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) { |
| <span class="nc" id="L159"> throw new TrustException(TrustException.REQUEST_FAILED);</span> |
| } else { |
| |
| <span class="fc bfc" id="L162" title="All 2 branches covered."> for (WSHandlerResult result : results) {</span> |
| <span class="fc" id="L163"> List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();</span> |
| |
| <span class="fc bfc" id="L165" title="All 2 branches covered."> for (WSSecurityEngineResult wser : wsSecEngineResults) {</span> |
| <span class="fc" id="L166"> Object principalObject = wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);</span> |
| <span class="fc" id="L167"> int act = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);</span> |
| |
| <span class="pc bpc" id="L169" title="1 of 4 branches missed."> if (act == WSConstants.SIGN && principalObject != null) {</span> |
| <span class="fc" id="L170"> this.clientCert = (X509Certificate) wser</span> |
| .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); |
| <span class="fc" id="L172"> this.principal = (Principal) principalObject;</span> |
| <span class="pc bpc" id="L173" title="1 of 4 branches missed."> } else if (act == WSConstants.UT && principalObject != null) {</span> |
| <span class="fc" id="L174"> this.principal = (Principal) principalObject;</span> |
| <span class="fc bfc" id="L175" title="All 2 branches covered."> } else if (act == WSConstants.BST) {</span> |
| <span class="fc" id="L176"> final X509Certificate[] certificates =</span> |
| (X509Certificate[]) wser |
| .get(WSSecurityEngineResult.TAG_X509_CERTIFICATES); |
| <span class="fc" id="L179"> this.clientCert = certificates[0];</span> |
| <span class="fc" id="L180"> this.principal = this.clientCert.getSubjectDN();</span> |
| <span class="pc bpc" id="L181" title="1 of 2 branches missed."> } else if (act == WSConstants.ST_UNSIGNED) {</span> |
| <span class="nc" id="L182"> this.assertion = (Assertion) wser</span> |
| .get(WSSecurityEngineResult.TAG_SAML_ASSERTION); |
| |
| } |
| <span class="fc" id="L186"> }</span> |
| <span class="fc" id="L187"> }</span> |
| // If the principal or a SAML assertion is missing |
| <span class="pc bpc" id="L189" title="3 of 4 branches missed."> if (this.principal == null && this.assertion == null) {</span> |
| <span class="nc" id="L190"> throw new TrustException(TrustException.REQUEST_FAILED);</span> |
| } |
| } |
| <span class="fc" id="L193"> }</span> |
| |
| private void processAppliesTo() throws TrustException { |
| |
| <span class="fc" id="L197"> OMElement appliesToElem = this.rstElement</span> |
| .getFirstChildWithName(new QName(RahasConstants.WSP_NS, |
| RahasConstants.IssuanceBindingLocalNames. |
| APPLIES_TO)); |
| |
| <span class="fc bfc" id="L202" title="All 2 branches covered."> if (appliesToElem != null) {</span> |
| <span class="fc" id="L203"> OMElement eprElem = appliesToElem.getFirstElement();</span> |
| <span class="fc" id="L204"> this.appliesToEpr = eprElem;</span> |
| |
| // If there were no addressing headers |
| // The find the addressing version using the EPR element |
| <span class="fc bfc" id="L208" title="All 2 branches covered."> if (this.addressingNs == null) {</span> |
| <span class="fc" id="L209"> this.addressingNs = eprElem.getNamespace()</span> |
| .getNamespaceURI(); |
| } |
| |
| <span class="pc bpc" id="L213" title="1 of 2 branches missed."> if (eprElem != null) {</span> |
| |
| //Of the epr is a web service then try to get the addr |
| |
| <span class="fc" id="L217"> OMElement addrElem = eprElem</span> |
| .getFirstChildWithName(new QName( |
| this.addressingNs, |
| AddressingConstants.EPR_ADDRESS)); |
| <span class="pc bpc" id="L221" title="3 of 6 branches missed."> if (addrElem != null && addrElem.getText() != null</span> |
| && !"".equals(addrElem.getText().trim())) { |
| <span class="fc" id="L223"> this.appliesToAddress = addrElem.getText().trim();</span> |
| } |
| <span class="fc" id="L225"> } else {</span> |
| <span class="nc" id="L226"> throw new TrustException("invalidAppliesToElem");</span> |
| } |
| } |
| <span class="fc" id="L229"> }</span> |
| |
| private void processRequestType() throws TrustException { |
| <span class="fc" id="L232"> OMElement reqTypeElem = this.rstElement</span> |
| .getFirstChildWithName(new QName(this.wstNs, |
| RahasConstants.LocalNames.REQUEST_TYPE)); |
| |
| <span class="pc bpc" id="L236" title="3 of 6 branches missed."> if (reqTypeElem == null ||</span> |
| reqTypeElem.getText() == null || |
| reqTypeElem.getText().trim().length() == 0) { |
| <span class="nc" id="L239"> throw new TrustException(TrustException.INVALID_REQUEST);</span> |
| } else { |
| <span class="fc" id="L241"> this.requestType = reqTypeElem.getText().trim();</span> |
| } |
| <span class="fc" id="L243"> }</span> |
| |
| private void processTokenType() { |
| <span class="fc" id="L246"> OMElement tokTypeElem = this.rstElement</span> |
| .getFirstChildWithName(new QName(this.wstNs, |
| RahasConstants.LocalNames.TOKEN_TYPE)); |
| |
| <span class="pc bpc" id="L250" title="2 of 6 branches missed."> if (tokTypeElem != null && tokTypeElem.getText() != null</span> |
| && !"".equals(tokTypeElem.getText().trim())) { |
| <span class="fc" id="L252"> this.tokenType = tokTypeElem.getText().trim();</span> |
| } |
| <span class="fc" id="L254"> }</span> |
| |
| /** |
| * Find the value of the KeyType element of the RST |
| */ |
| private void processKeyType() { |
| <span class="fc" id="L260"> OMElement keyTypeElem = this.rstElement</span> |
| .getFirstChildWithName(new QName(this.wstNs, |
| RahasConstants.IssuanceBindingLocalNames.KEY_TYPE)); |
| <span class="fc bfc" id="L263" title="All 2 branches covered."> if (keyTypeElem != null) {</span> |
| <span class="fc" id="L264"> String text = keyTypeElem.getText();</span> |
| <span class="pc bpc" id="L265" title="2 of 4 branches missed."> if (text != null && !"".equals(text.trim())) {</span> |
| <span class="fc" id="L266"> this.keyType = text.trim();</span> |
| } |
| } |
| <span class="fc" id="L269"> }</span> |
| |
| /** |
| * Finds the KeySize and creates an empty ephmeral key. |
| * |
| * @throws TrustException |
| */ |
| private void processKeySize() throws TrustException { |
| <span class="fc" id="L277"> OMElement keySizeElem =</span> |
| this.rstElement |
| .getFirstChildWithName(new QName(this.wstNs, |
| RahasConstants.IssuanceBindingLocalNames. |
| KEY_SIZE)); |
| <span class="fc bfc" id="L282" title="All 2 branches covered."> if (keySizeElem != null) {</span> |
| <span class="fc" id="L283"> String text = keySizeElem.getText();</span> |
| <span class="pc bpc" id="L284" title="2 of 4 branches missed."> if (text != null && !"".equals(text.trim())) {</span> |
| try { |
| //Set key size |
| <span class="fc" id="L287"> this.keysize = Integer.parseInt(text.trim());</span> |
| |
| //Create an empty array to hold the key |
| <span class="fc" id="L290"> this.ephmeralKey = new byte[this.keysize/8];</span> |
| <span class="nc" id="L291"> } catch (NumberFormatException e) {</span> |
| <span class="nc" id="L292"> throw new TrustException(TrustException.INVALID_REQUEST,</span> |
| new String[]{"invalid wst:Keysize value"}, e); |
| <span class="fc" id="L294"> }</span> |
| } |
| } |
| <span class="fc" id="L297"> this.keysize = -1;</span> |
| <span class="fc" id="L298"> }</span> |
| |
| /** |
| * Processes a claims. |
| * |
| */ |
| private void processClaims() throws TrustException{ |
| <span class="fc" id="L305"> claimElem = this.rstElement</span> |
| .getFirstChildWithName(new QName(this.wstNs, |
| RahasConstants.IssuanceBindingLocalNames.CLAIMS)); |
| |
| <span class="pc bpc" id="L309" title="1 of 2 branches missed."> if(claimElem != null){</span> |
| <span class="nc" id="L310"> claimDialect = claimElem.getAttributeValue(new QName(this.wstNs,</span> |
| RahasConstants.ATTR_CLAIMS_DIALECT)); |
| } |
| |
| <span class="fc" id="L314"> }</span> |
| |
| private void processValidateTarget()throws TrustException{ |
| |
| <span class="fc" id="L318"> OMElement validateTargetElem = this.rstElement</span> |
| .getFirstChildWithName(new QName(this.wstNs, |
| RahasConstants.LocalNames.VALIDATE_TARGET)); |
| |
| <span class="pc bpc" id="L322" title="1 of 2 branches missed."> if (validateTargetElem != null) {</span> |
| |
| <span class="nc" id="L324"> OMElement strElem = validateTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,</span> |
| "SecurityTokenReference")); |
| |
| <span class="nc" id="L327"> Element elem = (Element)OMXMLBuilderFactory.createStAXOMBuilder(</span> |
| OMAbstractFactory.getMetaFactory(OMAbstractFactory.FEATURE_DOM).getOMFactory(), |
| strElem.getXMLStreamReader()).getDocumentElement(); |
| |
| try { |
| <span class="nc" id="L332"> SecurityTokenReference str = new SecurityTokenReference((Element)elem);</span> |
| <span class="nc bnc" id="L333" title="All 2 branches missed."> if (str.containsReference()) {</span> |
| <span class="nc" id="L334"> tokenId = str.getReference().getURI();</span> |
| <span class="nc bnc" id="L335" title="All 2 branches missed."> } else if(str.containsKeyIdentifier()){</span> |
| <span class="nc" id="L336"> tokenId = str.getKeyIdentifierValue();</span> |
| } |
| <span class="nc" id="L338"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L339"> throw new TrustException("errorExtractingTokenId",e);</span> |
| <span class="nc" id="L340"> } </span> |
| } |
| <span class="fc" id="L342"> }</span> |
| |
| private void processRenewTarget()throws TrustException{ |
| |
| <span class="fc" id="L346"> OMElement renewTargetElem = this.rstElement</span> |
| .getFirstChildWithName(new QName(this.wstNs, |
| RahasConstants.LocalNames.RENEW_TARGET)); |
| <span class="pc bpc" id="L349" title="1 of 2 branches missed."> if (renewTargetElem != null) {</span> |
| |
| <span class="nc" id="L351"> OMElement strElem = renewTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,</span> |
| "SecurityTokenReference")); |
| |
| <span class="nc" id="L354"> Element elem = (Element)OMXMLBuilderFactory.createStAXOMBuilder(</span> |
| OMAbstractFactory.getMetaFactory(OMAbstractFactory.FEATURE_DOM).getOMFactory(), |
| strElem.getXMLStreamReader()).getDocumentElement(); |
| |
| try { |
| <span class="nc" id="L359"> SecurityTokenReference str = new SecurityTokenReference((Element)elem);</span> |
| <span class="nc bnc" id="L360" title="All 2 branches missed."> if (str.containsReference()) {</span> |
| <span class="nc" id="L361"> tokenId = str.getReference().getURI();</span> |
| <span class="nc bnc" id="L362" title="All 2 branches missed."> } else if(str.containsKeyIdentifier()){</span> |
| <span class="nc" id="L363"> tokenId = str.getKeyIdentifierValue();</span> |
| } |
| <span class="nc bnc" id="L365" title="All 2 branches missed."> if(tokenId == null){</span> |
| <span class="nc bnc" id="L366" title="All 2 branches missed."> if(str.containsKeyIdentifier()){</span> |
| <span class="nc" id="L367"> tokenId = str.getKeyIdentifierValue();</span> |
| } |
| } |
| <span class="nc" id="L370"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L371"> throw new TrustException("errorExtractingTokenId",e);</span> |
| <span class="nc" id="L372"> } </span> |
| } |
| <span class="fc" id="L374"> }</span> |
| |
| /** |
| * Process wst:Entropy element in the request. |
| */ |
| private void processEntropy() throws TrustException { |
| <span class="fc" id="L380"> OMElement entropyElem = this.rstElement</span> |
| .getFirstChildWithName(new QName(this.wstNs, |
| RahasConstants.IssuanceBindingLocalNames.ENTROPY)); |
| |
| <span class="fc bfc" id="L384" title="All 2 branches covered."> if (entropyElem != null) {</span> |
| <span class="fc" id="L385"> OMElement binSecElem = entropyElem.getFirstElement();</span> |
| <span class="pc bpc" id="L386" title="3 of 6 branches missed."> if (binSecElem != null && binSecElem.getText() != null</span> |
| && !"".equals(binSecElem.getText())) { |
| <span class="fc" id="L388"> this.requestEntropy = Base64Utils.decode(binSecElem.getText());</span> |
| } else { |
| <span class="nc" id="L390"> throw new TrustException("malformedEntropyElement",</span> |
| new String[]{entropyElem.toString()}); |
| } |
| |
| } |
| <span class="fc" id="L395"> }</span> |
| |
| /** |
| * @return Returns the appliesToAddress. |
| */ |
| public String getAppliesToAddress() { |
| <span class="fc" id="L401"> return appliesToAddress;</span> |
| } |
| |
| /** |
| * @return Returns the clientCert. |
| */ |
| public X509Certificate getClientCert() { |
| <span class="fc" id="L408"> return clientCert;</span> |
| } |
| |
| /** |
| * @return Returns the computedKeyAlgo. |
| */ |
| public String getComputedKeyAlgo() { |
| <span class="nc" id="L415"> return computedKeyAlgo;</span> |
| } |
| |
| /** |
| * @return Returns the ephmeralKey. |
| */ |
| public byte[] getEphmeralKey() { |
| <span class="fc" id="L422"> return ephmeralKey;</span> |
| } |
| |
| /** |
| * @return Returns the inMessageContext. |
| */ |
| public MessageContext getInMessageContext() { |
| <span class="fc" id="L429"> return inMessageContext;</span> |
| } |
| |
| /** |
| * @return Returns the keysize. |
| */ |
| public int getKeysize() { |
| <span class="fc" id="L436"> return keysize;</span> |
| } |
| |
| /** |
| * @return Returns the keyType. |
| */ |
| public String getKeyType() { |
| <span class="fc" id="L443"> return keyType;</span> |
| } |
| |
| /** |
| * @return Returns the principal. |
| */ |
| public Principal getPrincipal() { |
| <span class="fc" id="L450"> return principal;</span> |
| } |
| |
| /** |
| * @return Returns the requestEntropy. |
| */ |
| public byte[] getRequestEntropy() { |
| <span class="fc" id="L457"> return requestEntropy;</span> |
| } |
| |
| /** |
| * @return Returns the requestType. |
| */ |
| public String getRequestType() { |
| <span class="fc" id="L464"> return requestType;</span> |
| } |
| |
| /** |
| * @return Returns the responseEntropy. |
| */ |
| public byte[] getResponseEntropy() { |
| <span class="fc" id="L471"> return responseEntropy;</span> |
| } |
| |
| /** |
| * @return Returns the rstElement. |
| */ |
| public OMElement getRstElement() { |
| <span class="fc" id="L478"> return rstElement;</span> |
| } |
| |
| /** |
| * @return Returns the tokenType. |
| */ |
| public String getTokenType() { |
| <span class="fc" id="L485"> return tokenType;</span> |
| } |
| |
| /** |
| * @return Returns the version. |
| */ |
| public int getVersion() { |
| <span class="fc" id="L492"> return version;</span> |
| } |
| |
| /** |
| * @return Returns the addressingNs. |
| */ |
| public String getAddressingNs() { |
| <span class="fc" id="L499"> return addressingNs;</span> |
| } |
| |
| /** |
| * @return Returns the wstNs. |
| */ |
| public String getWstNs() { |
| <span class="fc" id="L506"> return wstNs;</span> |
| } |
| |
| /** |
| * @return Returns the soapNs. |
| */ |
| public String getSoapNs() { |
| <span class="fc" id="L513"> return soapNs;</span> |
| } |
| |
| /** |
| * @return Returns the tokenId. |
| */ |
| public String getTokenId() { |
| <span class="nc" id="L520"> return tokenId;</span> |
| } |
| |
| /** |
| * @param responseEntropy The responseEntropy to set. |
| */ |
| public void setResponseEntropy(byte[] responseEntropy) { |
| <span class="fc" id="L527"> this.responseEntropy = responseEntropy;</span> |
| <span class="fc" id="L528"> }</span> |
| |
| /** |
| * @param ephmeralKey The ephmeralKey to set. |
| */ |
| public void setEphmeralKey(byte[] ephmeralKey) { |
| <span class="fc" id="L534"> this.ephmeralKey = ephmeralKey;</span> |
| <span class="fc" id="L535"> }</span> |
| |
| public String getClaimDialect() { |
| <span class="fc" id="L538"> return claimDialect;</span> |
| } |
| |
| public OMElement getClaimElem() { |
| <span class="nc" id="L542"> return claimElem;</span> |
| } |
| |
| public OMElement getAppliesToEpr() { |
| <span class="nc" id="L546"> return appliesToEpr;</span> |
| } |
| |
| |
| } |
| </pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.6.1.201212231917</span></div></body></html> |