001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036:
037: package com.sun.xml.ws.security.opt.impl.incoming;
038:
039: import com.sun.xml.ws.security.opt.api.NamespaceContextInfo;
040: import com.sun.xml.ws.security.opt.api.PolicyBuilder;
041: import com.sun.xml.ws.security.opt.api.SecurityElementWriter;
042: import com.sun.xml.ws.security.opt.api.TokenValidator;
043: import com.sun.xml.ws.security.opt.impl.incoming.processor.BSTProcessor;
044: import com.sun.xml.ws.security.opt.impl.util.XMLStreamReaderFactory;
045: import com.sun.xml.wss.impl.FilterProcessingContext;
046: import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
047: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
048: import java.security.cert.X509Certificate;
049: import java.util.HashMap;
050: import java.io.OutputStream;
051:
052: import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
053: import com.sun.xml.stream.buffer.XMLStreamBuffer;
054: import com.sun.xml.stream.buffer.XMLStreamBufferException;
055: import com.sun.xml.stream.buffer.XMLStreamBufferMark;
056: import com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator;
057: import javax.xml.stream.XMLStreamException;
058: import javax.xml.stream.XMLStreamReader;
059: import javax.xml.stream.XMLInputFactory;
060:
061: import com.sun.xml.wss.impl.MessageConstants;
062: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
063: import com.sun.xml.wss.ProcessingContext;
064: import com.sun.xml.wss.impl.SecurableSoapMessage;
065:
066: import com.sun.xml.ws.security.opt.impl.util.StreamUtil;
067: import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
068: import com.sun.xml.wss.logging.LogDomainConstants;
069: import java.io.ByteArrayInputStream;
070: import java.io.IOException;
071: import java.io.InputStream;
072: import java.security.cert.CertificateException;
073: import java.security.cert.CertificateFactory;
074: import java.security.cert.X509Certificate;
075: import java.util.logging.Logger;
076: import javax.xml.stream.StreamFilter;
077: import javax.xml.stream.XMLStreamReader;
078: import org.jvnet.staxex.XMLStreamReaderEx;
079: import org.jvnet.staxex.Base64Data;
080: import com.sun.xml.wss.impl.misc.Base64;
081: import javax.xml.stream.XMLStreamException;
082: import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
083: import java.util.logging.Level;
084: import com.sun.xml.wss.logging.impl.opt.LogStringsMessages;
085:
086: /**
087: *
088: * @author K.Venugopal@sun.com
089: */
090: public class BinarySecurityToken implements
091: com.sun.xml.ws.security.opt.api.keyinfo.BinarySecurityToken,
092: SecurityHeaderElement, PolicyBuilder, TokenValidator,
093: NamespaceContextInfo, SecurityElementWriter {
094:
095: private String valueType = null;
096: private String encodingType = null;
097: private String id = "";
098: private XMLStreamBuffer mark = null;
099: private String namespaceURI = null;
100: private String localPart = null;
101: //private BSTProcessor filter = new BSTProcessor();
102: private AuthenticationTokenPolicy.X509CertificateBinding policy = null;
103: private HashMap<String, String> nsDecls;
104:
105: private static final Logger logger = Logger.getLogger(
106: LogDomainConstants.IMPL_OPT_DOMAIN,
107: LogDomainConstants.IMPL_OPT_DOMAIN_BUNDLE);
108:
109: private byte[] bstValue = null;
110: private X509Certificate cert = null;
111:
112: public BinarySecurityToken(XMLStreamReader reader,
113: StreamReaderBufferCreator creator, HashMap nsDecl,
114: XMLInputFactory staxIF) throws XMLStreamException,
115: XMLStreamBufferException {
116: localPart = reader.getLocalName();
117: namespaceURI = reader.getNamespaceURI();
118: id = reader.getAttributeValue(MessageConstants.WSU_NS, "Id");
119: valueType = reader.getAttributeValue(MessageConstants.WSSE_NS,
120: MessageConstants.WSE_VALUE_TYPE);
121: encodingType = reader.getAttributeValue(null, "EncodingType");
122: mark = new XMLStreamBufferMark(nsDecl, creator);
123: creator.createElementFragment(reader, true);
124: policy = new AuthenticationTokenPolicy.X509CertificateBinding();
125: policy.setUUID(id);
126: policy.setValueType(valueType);
127: policy.setEncodingType(encodingType);
128: this .nsDecls = nsDecl;
129: XMLStreamReader bstReader = mark.readAsXMLStreamReader();
130: bstReader.next();
131: digestBST(bstReader);
132: }
133:
134: public String getValueType() {
135: return valueType;
136: }
137:
138: public String getEncodingType() {
139: return encodingType;
140: }
141:
142: public byte[] getTokenValue() {
143: return bstValue;
144: }
145:
146: public String getId() {
147: return id;
148: }
149:
150: public boolean refersToSecHdrWithId(final String id) {
151: throw new UnsupportedOperationException();
152: }
153:
154: public void setId(String id) {
155: throw new UnsupportedOperationException();
156: }
157:
158: public String getNamespaceURI() {
159: return namespaceURI;
160: }
161:
162: public String getLocalPart() {
163: return localPart;
164: }
165:
166: public javax.xml.stream.XMLStreamReader readHeader()
167: throws javax.xml.stream.XMLStreamException {
168: return mark.readAsXMLStreamReader();
169: }
170:
171: public void writeTo(OutputStream os) {
172: throw new UnsupportedOperationException();
173: }
174:
175: public void writeTo(javax.xml.stream.XMLStreamWriter streamWriter)
176: throws javax.xml.stream.XMLStreamException {
177: mark.writeToXMLStreamWriter(streamWriter);
178: }
179:
180: public WSSPolicy getPolicy() {
181: return policy;
182:
183: }
184:
185: public void validate(ProcessingContext context)
186: throws com.sun.xml.wss.XWSSecurityException {
187: X509Certificate cert = getCertificate();
188: if (context.getSecurityEnvironment().isSelfCertificate(cert)) {
189: //nothing to do if this is service certificate
190: return;
191: }
192:
193: if (!context.getSecurityEnvironment().validateCertificate(cert)) {
194: throw SecurableSoapMessage.newSOAPFaultException(
195: MessageConstants.WSSE_INVALID_SECURITY_TOKEN,
196: "Certificate validation failed", null);
197: }
198: context.getSecurityEnvironment().updateOtherPartySubject(
199: DefaultSecurityEnvironmentImpl
200: .getSubject((FilterProcessingContext) context),
201: cert);
202: }
203:
204: public HashMap<String, String> getInscopeNSContext() {
205: return nsDecls;
206: }
207:
208: public X509Certificate getCertificate() {
209: return cert;
210: }
211:
212: public void writeTo(javax.xml.stream.XMLStreamWriter streamWriter,
213: HashMap props) throws javax.xml.stream.XMLStreamException {
214: throw new UnsupportedOperationException();
215: }
216:
217: private void digestBST(XMLStreamReader reader)
218: throws XMLStreamException {
219: if (reader.getEventType() == XMLStreamReader.START_ELEMENT) {
220: reader.next();
221: }
222: if (reader.getEventType() == XMLStreamReader.CHARACTERS) {
223: if (reader instanceof XMLStreamReaderEx) {
224: try {
225: CharSequence data = ((XMLStreamReaderEx) reader)
226: .getPCDATA();
227: if (data instanceof Base64Data) {
228: Base64Data binaryData = (Base64Data) data;
229: //bstValue = binaryData.getExact();
230: buildCertificate(binaryData.getInputStream());
231: return;
232: }
233: } catch (XMLStreamException ex) {
234: logger.log(Level.SEVERE, LogStringsMessages
235: .WSS_1603_ERROR_READING_STREAM(ex));
236: throw new XWSSecurityRuntimeException(
237: LogStringsMessages
238: .WSS_1603_ERROR_READING_STREAM(ex));
239: } catch (IOException ex) {
240: logger.log(Level.SEVERE, LogStringsMessages
241: .WSS_1603_ERROR_READING_STREAM(ex));
242: throw new XWSSecurityRuntimeException(
243: LogStringsMessages
244: .WSS_1603_ERROR_READING_STREAM(ex));
245: }
246: }
247:
248: try {
249: bstValue = Base64.decode(StreamUtil.getCV(reader));
250: buildCertificate(new ByteArrayInputStream(bstValue));
251:
252: } catch (Base64DecodingException ex) {
253: logger.log(Level.SEVERE, LogStringsMessages
254: .WSS_1604_ERROR_DECODING_BASE_64_DATA(ex));
255: throw new XWSSecurityRuntimeException(
256: LogStringsMessages
257: .WSS_1604_ERROR_DECODING_BASE_64_DATA(ex));
258: } catch (XMLStreamException ex) {
259: logger.log(Level.SEVERE, LogStringsMessages
260: .WSS_1604_ERROR_DECODING_BASE_64_DATA(ex));
261: throw new XWSSecurityRuntimeException(
262: LogStringsMessages
263: .WSS_1604_ERROR_DECODING_BASE_64_DATA(ex));
264: }
265: } else {
266: logger.log(Level.SEVERE, LogStringsMessages
267: .WSS_1603_ERROR_READING_STREAM(null));
268: throw new XWSSecurityRuntimeException(LogStringsMessages
269: .WSS_1603_ERROR_READING_STREAM(null));
270: }
271:
272: if (reader.getEventType() != reader.END_ELEMENT) {
273: reader.next();
274: } //else it is end of BST.
275: }
276:
277: private void buildCertificate(InputStream certValue) {
278: try {
279: CertificateFactory certFact;
280: certFact = CertificateFactory.getInstance("X.509");
281: cert = (X509Certificate) certFact
282: .generateCertificate(certValue);
283: } catch (CertificateException ex) {
284: logger.log(Level.SEVERE, LogStringsMessages
285: .WSS_1605_ERROR_GENERATING_CERTIFICATE(ex));
286: throw new XWSSecurityRuntimeException(LogStringsMessages
287: .WSS_1605_ERROR_GENERATING_CERTIFICATE(ex));
288: }
289: }
290: }
|