001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: package com.sun.xml.ws.security.opt.impl.keyinfo;
024:
025: import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
026: import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
027: import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
028: import com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey;
029: import com.sun.xml.ws.security.opt.impl.incoming.SAMLAssertion;
030: import com.sun.xml.ws.security.opt.impl.reference.DirectReference;
031: import com.sun.xml.ws.security.opt.impl.reference.KeyIdentifier;
032: import com.sun.xml.ws.security.opt.impl.message.GSHeaderElement;
033: import com.sun.xml.ws.security.secext10.SecurityTokenReferenceType;
034: import com.sun.xml.wss.XWSSecurityException;
035: import com.sun.xml.wss.impl.MessageConstants;
036: import com.sun.xml.wss.impl.misc.SecurityUtil;
037: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
038: import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
039: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
040: import com.sun.xml.wss.impl.policy.mls.PrivateKeyBinding;
041: import com.sun.xml.wss.logging.impl.opt.token.LogStringsMessages;
042:
043: import java.security.Key;
044: import java.security.PublicKey;
045: import java.security.cert.X509Certificate;
046: import java.util.HashMap;
047: import java.util.logging.Level;
048: import org.w3c.dom.Element;
049:
050: /**
051: *
052: * @author K.Venugopal@sun.com
053: */
054: public class SamlTokenBuilder extends TokenBuilder {
055:
056: private AuthenticationTokenPolicy.SAMLAssertionBinding keyBinding = null;
057: private boolean forSign = false;
058:
059: /** Creates a new instance of SamlTokenProcessor */
060: public SamlTokenBuilder(JAXBFilterProcessingContext context,
061: AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding,
062: boolean forSign) {
063: super (context);
064: this .forSign = forSign;
065: this .keyBinding = samlBinding;
066: }
067:
068: public BuilderResult process() throws XWSSecurityException {
069: BuilderResult result = new BuilderResult();
070: String assertionId = null;
071:
072: SecurityHeaderElement she = null;
073:
074: Element samlAssertion = keyBinding.getAssertion();
075: if (samlAssertion != null)
076: she = new GSHeaderElement(samlAssertion);
077: JAXBEncryptedKey ek = null;
078: String asID = "";
079: String id = "";
080: String keyEncAlgo = XMLCipher.RSA_v1dot5;
081: X509Certificate x509Cert = null;
082: if (samlAssertion != null) {
083: asID = samlAssertion.getAttributeNS(null, "AssertionID");
084: if (asID == null || asID.length() == 0) {
085: id = samlAssertion.getAttributeNS(null, "ID");
086: she.setId(id);
087: } else {
088: she.setId(asID);
089: }
090: } else {
091: she = (SecurityHeaderElement) context
092: .getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION);
093: asID = she.getId();
094: }
095: if (logger.isLoggable(Level.FINEST)) {
096: logger.log(Level.FINEST, "SAML Assertion id:" + asID);
097: }
098:
099: Key dataProtectionKey = null;
100: if (forSign) {
101: PrivateKeyBinding privKBinding = (PrivateKeyBinding) keyBinding
102: .getKeyBinding();
103: dataProtectionKey = privKBinding.getPrivateKey();
104: if (dataProtectionKey == null) {
105: logger.log(Level.SEVERE, LogStringsMessages
106: .WSS_1810_NULL_PRIVATEKEY_SAML());
107: throw new XWSSecurityException(
108: "PrivateKey null inside PrivateKeyBinding set for SAML Policy ");
109: }
110: if (she != null) {
111: if (context.getSecurityHeader().getChildElement(
112: she.getId()) == null) {
113: context.getSecurityHeader().add(she);
114: }
115: } else {
116: logger.log(Level.SEVERE, LogStringsMessages
117: .WSS_1811_NULL_SAML_ASSERTION());
118: throw new XWSSecurityException("SAML Assertion is NULL");
119: }
120: } else {
121: Key key = null;
122: //key = KeyResolver.resolveSamlAssertion(context.getSecurableSoapMessage(), samlBinding.getAssertion(), true, context, assertionID);
123:
124: SecurityHeaderElement assertion = (SecurityHeaderElement) context
125: .getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION);
126: key = ((SAMLAssertion) assertion).getKey();
127: x509Cert = context.getSecurityEnvironment().getCertificate(
128: context.getExtraneousProperties(), (PublicKey) key,
129: false);
130: if (x509Cert == null) {
131: logger.log(Level.SEVERE, LogStringsMessages
132: .WSS_1812_MISSING_CERT_SAMLASSERTION());
133: throw new XWSSecurityException(
134: "Could not locate Certificate corresponding to Key in SubjectConfirmation of SAML Assertion");
135: }
136:
137: if (!"".equals(keyBinding.getKeyAlgorithm())) {
138: keyEncAlgo = keyBinding.getKeyAlgorithm();
139: }
140: String dataEncAlgo = SecurityUtil
141: .getDataEncryptionAlgo(context);
142: dataProtectionKey = SecurityUtil
143: .generateSymmetricKey(dataEncAlgo);
144:
145: }
146: Element authorityBinding = keyBinding.getAuthorityBinding();
147: //assertionId = keyBinding.getAssertionId();
148:
149: String referenceType = keyBinding.getReferenceType();
150: if (referenceType
151: .equals(MessageConstants.EMBEDDED_REFERENCE_TYPE)) {
152: logger.log(Level.SEVERE, LogStringsMessages
153: .WSS_1813_UNSUPPORTED_EMBEDDEDREFERENCETYPE_SAML());
154: throw new XWSSecurityException(
155: "Embedded Reference Type for SAML Assertions not supported yet");
156: }
157:
158: assertionId = she.getId();
159:
160: //todo reference different keyreference types.
161: SecurityTokenReference samlSTR = null;
162: if (authorityBinding == null) {
163: KeyIdentifier keyIdentifier = new KeyIdentifier(context
164: .getSOAPVersion());
165: keyIdentifier.setValue(assertionId);
166: keyIdentifier
167: .setValueType(MessageConstants.WSSE_SAML_KEY_IDENTIFIER_VALUE_TYPE);
168: samlSTR = elementFactory
169: .createSecurityTokenReference(keyIdentifier);
170: if (id != null) {
171: samlSTR
172: .setTokenType(MessageConstants.WSSE_SAML_v2_0_TOKEN_TYPE);
173: } else {
174: samlSTR
175: .setTokenType(MessageConstants.WSSE_SAML_v1_1_TOKEN_TYPE);
176: }
177: //((SecurityTokenReferenceType)samlSTR).getAny().add(authorityBinding);
178: ((NamespaceContextEx) context.getNamespaceContext())
179: .addWSS11NS();
180: buildKeyInfo((SecurityTokenReference) samlSTR);
181: } else {
182: //TODO: handle authorityBinding != null
183: }
184:
185: if (!forSign) {
186: HashMap ekCache = context.getEncryptedKeyCache();
187: ek = (JAXBEncryptedKey) elementFactory.createEncryptedKey(
188: context.generateID(), keyEncAlgo, super .keyInfo,
189: x509Cert.getPublicKey(), dataProtectionKey);
190: context.getSecurityHeader().add(ek);
191: String ekId = ek.getId();
192: DirectReference dr = buildDirectReference(ekId,
193: MessageConstants.EncryptedKey_NS);
194: result.setKeyInfo(buildKeyInfo(dr, ""));
195: } else {
196: result.setKeyInfo(super .keyInfo);
197: }
198:
199: HashMap sentSamlKeys = (HashMap) context
200: .getExtraneousProperty(MessageConstants.STORED_SAML_KEYS);
201: if (sentSamlKeys == null)
202: sentSamlKeys = new HashMap();
203: sentSamlKeys.put(assertionId, dataProtectionKey);
204: context.setExtraneousProperty(
205: MessageConstants.STORED_SAML_KEYS, sentSamlKeys);
206:
207: result.setDataProtectionKey(dataProtectionKey);
208:
209: return result;
210: }
211:
212: }
|