001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036:
037: /*
038: * WSTrustClientContractImpl.java
039: *
040: * Created on February 19, 2006, 8:14 AM
041: *
042: * To change this template, choose Tools | Options and locate the template under
043: * the Source Creation and Management node. Right-click the template and choose
044: * Open. You can then make changes to the template in the Source Editor.
045: */
046:
047: package com.sun.xml.ws.security.trust.impl;
048:
049: import com.sun.xml.ws.api.security.trust.WSTrustException;
050: import com.sun.xml.ws.policy.impl.bindings.AppliesTo;
051: import com.sun.xml.ws.security.IssuedTokenContext;
052: import com.sun.xml.ws.security.trust.Configuration;
053: import com.sun.xml.ws.security.trust.WSTrustClientContract;
054: import com.sun.xml.ws.security.trust.WSTrustConstants;
055: import com.sun.xml.ws.security.trust.elements.BinarySecret;
056: import com.sun.xml.ws.security.trust.elements.Entropy;
057: import com.sun.xml.ws.security.trust.elements.Lifetime;
058: import com.sun.xml.ws.security.trust.elements.RequestedSecurityToken;
059: import com.sun.xml.ws.security.trust.elements.RequestedAttachedReference;
060: import com.sun.xml.ws.security.trust.elements.RequestedProofToken;
061: import com.sun.xml.ws.security.trust.elements.RequestedUnattachedReference;
062: import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
063: import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse;
064: import com.sun.xml.ws.security.trust.logging.LogStringsMessages;
065: import com.sun.xml.ws.security.trust.util.WSTrustUtil;
066: import com.sun.xml.ws.security.wsu10.AttributedDateTime;
067: import com.sun.xml.wss.impl.misc.SecurityUtil;
068:
069: import java.net.URI;
070: import java.text.ParseException;
071: import java.text.SimpleDateFormat;
072: import java.util.Date;
073: import java.util.Locale;
074:
075: import java.util.logging.Level;
076: import java.util.logging.Logger;
077: import com.sun.xml.ws.security.trust.logging.LogDomainConstants;
078:
079: /**
080: *
081: * @author WS-Trust-Implementation team
082: */
083: public class WSTrustClientContractImpl implements WSTrustClientContract {
084:
085: private static final Logger log = Logger.getLogger(
086: LogDomainConstants.TRUST_IMPL_DOMAIN,
087: LogDomainConstants.TRUST_IMPL_DOMAIN_BUNDLE);
088:
089: //private static final int DEFAULT_KEY_SIZE = 256;
090:
091: //private final Configuration config;
092:
093: private static final SimpleDateFormat calendarFormatter = new SimpleDateFormat(
094: "yyyy-MM-dd'T'HH:mm:ss'.'sss'Z'", Locale.getDefault());
095:
096: /**
097: * Creates a new instance of WSTrustClientContractImpl
098: */
099: public WSTrustClientContractImpl(Configuration config) {
100: //this.config = config;
101: }
102:
103: /**
104: * Handle an RSTR returned by the Issuer and update Token information into the
105: * IssuedTokenContext.
106: */
107: public void handleRSTR(final RequestSecurityToken rst,
108: final RequestSecurityTokenResponse rstr,
109: final IssuedTokenContext context) throws WSTrustException {
110: if (rst.getRequestType().toString().equals(
111: WSTrustConstants.ISSUE_REQUEST)) {
112:
113: String appliesTo = null;
114: AppliesTo requestAppliesTo = rst.getAppliesTo();
115: if (requestAppliesTo != null) {
116: appliesTo = WSTrustUtil
117: .getAppliesToURI(requestAppliesTo);
118: }
119: //AppliesTo responseAppliesTo = rstr.getAppliesTo();
120:
121: final RequestedSecurityToken securityToken = rstr
122: .getRequestedSecurityToken();
123:
124: // Requested References
125: final RequestedAttachedReference attachedRef = rstr
126: .getRequestedAttachedReference();
127: final RequestedUnattachedReference unattachedRef = rstr
128: .getRequestedUnattachedReference();
129:
130: // RequestedProofToken
131: final RequestedProofToken proofToken = rstr
132: .getRequestedProofToken();
133:
134: // Obtain the secret key for the context
135: final byte[] key = getKey(rstr, proofToken, rst, appliesTo);
136:
137: if (key != null) {
138: context.setProofKey(key);
139: }
140:
141: //get the creation time and expires time and set it in the context
142: setLifetime(rstr, context);
143:
144: // if securityToken == null and proofToken == null
145: // throw exception
146: if (securityToken == null && proofToken == null) {
147: log.log(Level.SEVERE, LogStringsMessages
148: .WST_0018_TOKENS_NULL(appliesTo));
149: throw new WSTrustException(LogStringsMessages
150: .WST_0018_TOKENS_NULL(appliesTo));
151: }
152:
153: if (securityToken != null) {
154: context.setSecurityToken(securityToken.getToken());
155: }
156:
157: if (attachedRef != null) {
158: context.setAttachedSecurityTokenReference(attachedRef
159: .getSTR());
160: }
161:
162: if (unattachedRef != null) {
163: context
164: .setUnAttachedSecurityTokenReference(unattachedRef
165: .getSTR());
166: }
167: }
168: }
169:
170: /**
171: * Handle an RSTR returned by the Issuer and Respond to the Challenge
172: *
173: */
174: public RequestSecurityTokenResponse handleRSTRForNegotiatedExchange(
175: final RequestSecurityToken rst,
176: final RequestSecurityTokenResponse rstr,
177: final IssuedTokenContext context) throws WSTrustException {
178: throw new UnsupportedOperationException(
179: "Unsupported operation: handleRSTRForNegotiatedExchange");
180: }
181:
182: /**
183: * Create an RSTR for a client initiated IssuedTokenContext establishment,
184: * for example a Client Initiated WS-SecureConversation context.
185: *
186: */
187: public RequestSecurityTokenResponse createRSTRForClientInitiatedIssuedTokenContext(
188: final AppliesTo scopes, final IssuedTokenContext context)
189: throws WSTrustException {
190: throw new UnsupportedOperationException(
191: "Unsupported operation: createRSTRForClientInitiatedIssuedTokenContext");
192: }
193:
194: /**
195: * Contains Challenge
196: * @return true if the RSTR contains a SignChallenge/BinaryExchange or
197: * some other custom challenge recognized by this implementation.
198: */
199: public boolean containsChallenge(
200: final RequestSecurityTokenResponse rstr) {
201: throw new UnsupportedOperationException(
202: "Unsupported operation: containsChallenge");
203: }
204:
205: /**
206: * Return the <wst:ComputedKey> URI if any inside the RSTR, null otherwise
207: */
208: public URI getComputedKeyAlgorithmFromProofToken(
209: final RequestSecurityTokenResponse rstr) {
210: throw new UnsupportedOperationException(
211: "Unsupported operation: getComputedKeyAlgorithmFromProofToken");
212: }
213:
214: private void setLifetime(final RequestSecurityTokenResponse rstr,
215: final IssuedTokenContext context) throws WSTrustException {
216:
217: // Get Created and Expires from Lifetime
218: try {
219: final Lifetime lifetime = rstr.getLifetime();
220: final AttributedDateTime created = lifetime.getCreated();
221: final AttributedDateTime expires = lifetime.getExpires();
222: synchronized (calendarFormatter) {
223: final Date dateCreated = calendarFormatter
224: .parse(created.getValue());
225: final Date dateExpires = calendarFormatter
226: .parse(expires.getValue());
227:
228: // populate the IssuedTokenContext
229: context.setCreationTime(dateCreated);
230: context.setExpirationTime(dateExpires);
231: }
232: } catch (ParseException ex) {
233: throw new WSTrustException(ex.getMessage(), ex);
234: }
235: }
236:
237: private byte[] getKey(final RequestSecurityTokenResponse rstr,
238: final RequestedProofToken proofToken,
239: final RequestSecurityToken rst, final String appliesTo)
240: throws WSTrustException {
241: byte[] key = null;
242: if (proofToken != null) {
243: final String proofTokenType = proofToken
244: .getProofTokenType();
245: if (RequestedProofToken.COMPUTED_KEY_TYPE
246: .equals(proofTokenType)) {
247: key = computeKey(rstr, proofToken, rst);
248: } else if (RequestedProofToken.TOKEN_REF_TYPE
249: .equals(proofTokenType)) {
250: //ToDo
251: log.log(Level.SEVERE, LogStringsMessages
252: .WST_0001_UNSUPPORTED_PROOF_TOKEN_TYPE(
253: proofTokenType, appliesTo));
254: throw new WSTrustException(LogStringsMessages
255: .WST_0001_UNSUPPORTED_PROOF_TOKEN_TYPE(
256: proofTokenType, appliesTo));
257: } else if (RequestedProofToken.ENCRYPTED_KEY_TYPE
258: .equals(proofTokenType)) {
259: // ToDo
260: log.log(Level.SEVERE, LogStringsMessages
261: .WST_0001_UNSUPPORTED_PROOF_TOKEN_TYPE(
262: proofTokenType, appliesTo));
263: throw new WSTrustException(LogStringsMessages
264: .WST_0001_UNSUPPORTED_PROOF_TOKEN_TYPE(
265: proofTokenType, appliesTo));
266: } else if (RequestedProofToken.BINARY_SECRET_TYPE
267: .equals(proofTokenType)) {
268: final BinarySecret binarySecret = proofToken
269: .getBinarySecret();
270: key = binarySecret.getRawValue();
271: } else {
272: log.log(Level.SEVERE, LogStringsMessages
273: .WST_0019_INVALID_PROOF_TOKEN_TYPE(
274: proofTokenType, appliesTo));
275: throw new WSTrustException(LogStringsMessages
276: .WST_0019_INVALID_PROOF_TOKEN_TYPE(
277: proofTokenType, appliesTo));
278: }
279: }
280: return key;
281: }
282:
283: private byte[] computeKey(final RequestSecurityTokenResponse rstr,
284: final RequestedProofToken proofToken,
285: final RequestSecurityToken rst) throws WSTrustException,
286: UnsupportedOperationException {
287: // get ComputeKey algorithm URI, client entropy, server entropy and compute
288: // the SecretKey
289: final URI computedKey = proofToken.getComputedKey();
290: final Entropy clientEntropy = rst.getEntropy();
291: final Entropy serverEntropy = rstr.getEntropy();
292: final BinarySecret clientBinarySecret = clientEntropy
293: .getBinarySecret();
294: final BinarySecret serverBinarySecret = serverEntropy
295: .getBinarySecret();
296: byte[] clientEntropyBytes = null;
297: byte[] serverEntropyBytes = null;
298: if (clientBinarySecret != null) {
299: clientEntropyBytes = clientBinarySecret.getRawValue();
300: }
301: if (serverBinarySecret != null) {
302: serverEntropyBytes = serverBinarySecret.getRawValue();
303: }
304:
305: final int keySize = (int) rstr.getKeySize() / 8;
306: byte[] key = null;
307: if (computedKey.toString().equals(WSTrustConstants.CK_PSHA1)) {
308: try {
309: key = SecurityUtil.P_SHA1(clientEntropyBytes,
310: serverEntropyBytes, keySize);
311: } catch (Exception ex) {
312: log.log(Level.SEVERE, LogStringsMessages
313: .WST_0037_ERROR_COMPUTING_KEY(), ex);
314: throw new WSTrustException(LogStringsMessages
315: .WST_0037_ERROR_COMPUTING_KEY(), ex);
316: }
317: } else {
318: log.log(Level.SEVERE, LogStringsMessages
319: .WST_0026_INVALID_CK_ALGORITHM(computedKey));
320: throw new WSTrustException(LogStringsMessages
321: .WST_0026_INVALID_CK_ALGORITHM_E(computedKey));
322: }
323: return key;
324: }
325: }
|