src/org/apache/ws/sandbox/security/trust/issue/X509ToSCTIssuer.java - ws-wss4j - Git at Google

 /*
  * Copyright  2003-2004 The Apache Software Foundation.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
  *  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
  */
 package org.apache.ws.sandbox.security.trust.issue;

 import org.apache.ws.security.SOAPConstants;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.message.token.BinarySecurity;
 import org.apache.ws.security.message.token.X509Security;
 import org.apache.ws.sandbox.security.trust.STSUtil;
 import org.apache.ws.sandbox.security.trust.WSTrustException;
 import org.apache.ws.sandbox.security.trust.message.token.BaseToken;
 import org.apache.ws.sandbox.security.trust.message.token.Lifetime;
 import org.apache.ws.sandbox.security.trust.message.token.RequestSecurityTokenResponse;
 import org.apache.ws.sandbox.security.trust.message.token.RequestType;
 import org.apache.ws.sandbox.security.trust.message.token.RequestedSecurityToken;
 import org.apache.ws.sandbox.security.trust.message.token.TokenType;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 /**
  * @author Malinda Kaushalye
  *
  * Issue SCTs based on X509 certificates.
  * Developers have to override the method getSecuritContextToken()
  * @see org.apache.ws.sandbox.security.trust.STIssuer#issue(org.w3c.dom.Document, org.w3c.dom.Document)
  */
 public abstract class X509ToSCTIssuer implements STIssuer {
 	X509Security x509;
 	int lifeTime = 2*60;//default in minutes
 	Crypto crypto;
 	protected String alias="";

 	/**
 	 *
 	 */
 	public X509ToSCTIssuer() {
 		super();

 	}

 	/* (non-Javadoc)
 	 * @see org.apache.ws.security.trust.STIssuer#issue(org.w3c.dom.Document, org.w3c.dom.Document)
 	 */
 	public Document issue(Document req, Document res) throws Exception {


 		Element elemTokenType=(Element)WSSecurityUtil.findElement(req,TokenType.TOKEN.getLocalPart(),TokenType.TOKEN.getNamespaceURI());
 		TokenType tokenType=new TokenType(elemTokenType);

 		Element elemRequestType=(Element)WSSecurityUtil.findElement(req,RequestType.TOKEN.getLocalPart(),RequestType.TOKEN.getNamespaceURI());
 		RequestType requestType=new RequestType(elemRequestType);

 		Element elemBase=(Element)WSSecurityUtil.findElement(req,BaseToken.TOKEN.getLocalPart(),BaseToken.TOKEN.getNamespaceURI());
 		BaseToken base=new BaseToken(elemBase);

 		BinarySecurity binarySecurity=STSUtil.findBinarySecurityToken(req);
 		//x509=new X509Security(binarySecurity.getElement());
 		Element sct=this.getSecuritContextToken(res,x509);

 		/////////////////////////////////////////////////////////////////////////////
 		//Now we build the response
 		RequestSecurityTokenResponse requestSecurityTokenResponse=new RequestSecurityTokenResponse(res);

 		RequestedSecurityToken requestedSecurityToken=new RequestedSecurityToken(res);
 		//Token Type
 		TokenType tokenTypeRes=new TokenType(res);
 		tokenTypeRes.setValue(tokenType.getValue());
 		//Request Type
 		RequestType requestTypeRes=new RequestType(res);
 		requestTypeRes.setValue(requestType.getValue());

 		//It is RECOMMENDED that the issuer return this element with issued tokens so the
 		//requestor knows the actual validity period without having to parse the
 		//returned token.
 		Lifetime lt=new Lifetime(res,this.getLifeTime());
 //		Element elemLifeTime = lt.getElement();
 //
 //		//append to req'ed token
 ////		requestedSecurityToken.addToken(tokenTypeRes.getElement());
 ////		requestedSecurityToken.addToken(requestTypeRes.getElement());
 //		requestedSecurityToken.addToken(sct);
 //
 //
 //		RequestedProofToken requestedProofToken=new RequestedProofToken(res);
 //		if(!this.alias.equals("")){
 //			requestedProofToken.build(res, this.crypto, this.alias, requestedProofToken.getElement());
 //		}
 //
 //	//	append to response
 //		requestSecurityTokenResponse.addToken(tokenTypeRes.getElement());
 //		requestSecurityTokenResponse.addToken(requestTypeRes.getElement());
 //		requestSecurityTokenResponse.addToken(elemLifeTime);
 //
 //		requestSecurityTokenResponse.addToken(requestedSecurityToken.getElement());
 //		requestSecurityTokenResponse.addToken(requestedProofToken.getElement());
 //		requestSecurityTokenResponse.setContext(TrustConstants.ISSUE_SECURITY_TOKEN);
 //
 //

 		//append to the body
 		Element elemEnv=res.getDocumentElement();
 		SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(elemEnv);
 		Element elemBody=WSSecurityUtil.findBodyElement(elemEnv.getOwnerDocument(),soapConstants);

 		//Option1: Use the exisiting response element
 		//Element cld1=(Element)elemBody.getFirstChild().appendChild(requestedSecurityToken.getElement());


 		//Option2:remove old and create new response element
 		Element cld0=(Element)elemBody.removeChild((Element)elemBody.getFirstChild());
 		//Element cld1=(Element)elemBody.appendChild(requestSecurityTokenResponse.getElement());


 		return res;
 	}
 	/**
 	 * Override this method to generate the SCT.
 	 * Application developers can verify the requester
 	 * according to their own mechanism (e.g. Searching a database)
 	 * The whole request is handed over to the end user to make the process more flexible.
 	 */
 	public abstract Element getSecuritContextToken(Document doc,X509Security x509Sec)throws WSTrustException;

 	/**
 	 * @return  Duration in minutes
 	 */
 	public int getLifeTime() {
 		return lifeTime;
 	}

 	/**
 	 * @return
 	 */
 	public X509Security getX509() {
 		return x509;
 	}

 	/**
 	 *
 	 * @param time Duration in minutes
 	 */
 	public void setLifeTime(int time) {
 		lifeTime = time;
 	}

 	/**
 	 * @return
 	 */
 	public Crypto getCrypto() {
 		return crypto;
 	}

 	/**
 	 * @param crypto
 	 */
 	public void setCrypto(Crypto crypto) {
 		this.crypto = crypto;
 	}

 	/**
 	 * @return
 	 */
 	public String getAlias() {
 		return alias;
 	}

 	/**
 	 * @param string
 	 */
 	public void setAlias(String string) {
 		alias = string;
 	}

 }
	/*
	* Copyright 2003-2004 The Apache Software Foundation.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/
	package org.apache.ws.sandbox.security.trust.issue;

	import org.apache.ws.security.SOAPConstants;
	import org.apache.ws.security.components.crypto.Crypto;
	import org.apache.ws.security.message.token.BinarySecurity;
	import org.apache.ws.security.message.token.X509Security;
	import org.apache.ws.sandbox.security.trust.STSUtil;
	import org.apache.ws.sandbox.security.trust.WSTrustException;
	import org.apache.ws.sandbox.security.trust.message.token.BaseToken;
	import org.apache.ws.sandbox.security.trust.message.token.Lifetime;
	import org.apache.ws.sandbox.security.trust.message.token.RequestSecurityTokenResponse;
	import org.apache.ws.sandbox.security.trust.message.token.RequestType;
	import org.apache.ws.sandbox.security.trust.message.token.RequestedSecurityToken;
	import org.apache.ws.sandbox.security.trust.message.token.TokenType;
	import org.apache.ws.security.util.WSSecurityUtil;
	import org.w3c.dom.Document;
	import org.w3c.dom.Element;
	/**
	* @author Malinda Kaushalye
	*
	* Issue SCTs based on X509 certificates.
	* Developers have to override the method getSecuritContextToken()
	* @see org.apache.ws.sandbox.security.trust.STIssuer#issue(org.w3c.dom.Document, org.w3c.dom.Document)
	*/
	public abstract class X509ToSCTIssuer implements STIssuer {
	X509Security x509;
	int lifeTime = 2*60;//default in minutes
	Crypto crypto;
	protected String alias="";

	/**
	*
	*/
	public X509ToSCTIssuer() {
	super();

	}

	/* (non-Javadoc)
	* @see org.apache.ws.security.trust.STIssuer#issue(org.w3c.dom.Document, org.w3c.dom.Document)
	*/
	public Document issue(Document req, Document res) throws Exception {


	Element elemTokenType=(Element)WSSecurityUtil.findElement(req,TokenType.TOKEN.getLocalPart(),TokenType.TOKEN.getNamespaceURI());
	TokenType tokenType=new TokenType(elemTokenType);

	Element elemRequestType=(Element)WSSecurityUtil.findElement(req,RequestType.TOKEN.getLocalPart(),RequestType.TOKEN.getNamespaceURI());
	RequestType requestType=new RequestType(elemRequestType);

	Element elemBase=(Element)WSSecurityUtil.findElement(req,BaseToken.TOKEN.getLocalPart(),BaseToken.TOKEN.getNamespaceURI());
	BaseToken base=new BaseToken(elemBase);

	BinarySecurity binarySecurity=STSUtil.findBinarySecurityToken(req);
	//x509=new X509Security(binarySecurity.getElement());
	Element sct=this.getSecuritContextToken(res,x509);

	/////////////////////////////////////////////////////////////////////////////
	//Now we build the response
	RequestSecurityTokenResponse requestSecurityTokenResponse=new RequestSecurityTokenResponse(res);

	RequestedSecurityToken requestedSecurityToken=new RequestedSecurityToken(res);
	//Token Type
	TokenType tokenTypeRes=new TokenType(res);
	tokenTypeRes.setValue(tokenType.getValue());
	//Request Type
	RequestType requestTypeRes=new RequestType(res);
	requestTypeRes.setValue(requestType.getValue());

	//It is RECOMMENDED that the issuer return this element with issued tokens so the
	//requestor knows the actual validity period without having to parse the
	//returned token.
	Lifetime lt=new Lifetime(res,this.getLifeTime());
	// Element elemLifeTime = lt.getElement();
	//
	// //append to req'ed token
	//// requestedSecurityToken.addToken(tokenTypeRes.getElement());
	//// requestedSecurityToken.addToken(requestTypeRes.getElement());
	// requestedSecurityToken.addToken(sct);
	//
	//
	// RequestedProofToken requestedProofToken=new RequestedProofToken(res);
	// if(!this.alias.equals("")){
	// requestedProofToken.build(res, this.crypto, this.alias, requestedProofToken.getElement());
	// }
	//
	// // append to response
	// requestSecurityTokenResponse.addToken(tokenTypeRes.getElement());
	// requestSecurityTokenResponse.addToken(requestTypeRes.getElement());
	// requestSecurityTokenResponse.addToken(elemLifeTime);
	//
	// requestSecurityTokenResponse.addToken(requestedSecurityToken.getElement());
	// requestSecurityTokenResponse.addToken(requestedProofToken.getElement());
	// requestSecurityTokenResponse.setContext(TrustConstants.ISSUE_SECURITY_TOKEN);
	//
	//

	//append to the body
	Element elemEnv=res.getDocumentElement();
	SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(elemEnv);
	Element elemBody=WSSecurityUtil.findBodyElement(elemEnv.getOwnerDocument(),soapConstants);

	//Option1: Use the exisiting response element
	//Element cld1=(Element)elemBody.getFirstChild().appendChild(requestedSecurityToken.getElement());


	//Option2:remove old and create new response element
	Element cld0=(Element)elemBody.removeChild((Element)elemBody.getFirstChild());
	//Element cld1=(Element)elemBody.appendChild(requestSecurityTokenResponse.getElement());


	return res;
	}
	/**
	* Override this method to generate the SCT.
	* Application developers can verify the requester
	* according to their own mechanism (e.g. Searching a database)
	* The whole request is handed over to the end user to make the process more flexible.
	*/
	public abstract Element getSecuritContextToken(Document doc,X509Security x509Sec)throws WSTrustException;

	/**
	* @return Duration in minutes
	*/
	public int getLifeTime() {
	return lifeTime;
	}

	/**
	* @return
	*/
	public X509Security getX509() {
	return x509;
	}

	/**
	*
	* @param time Duration in minutes
	*/
	public void setLifeTime(int time) {
	lifeTime = time;
	}

	/**
	* @return
	*/
	public Crypto getCrypto() {
	return crypto;
	}

	/**
	* @param crypto
	*/
	public void setCrypto(Crypto crypto) {
	this.crypto = crypto;
	}

	/**
	* @return
	*/
	public String getAlias() {
	return alias;
	}

	/**
	* @param string
	*/
	public void setAlias(String string) {
	alias = string;
	}

	}