001: /*
002: * BEGIN_HEADER - DO NOT EDIT
003: *
004: * The contents of this file are subject to the terms
005: * of the Common Development and Distribution License
006: * (the "License"). You may not use this file except
007: * in compliance with the License.
008: *
009: * You can obtain a copy of the license at
010: * https://open-esb.dev.java.net/public/CDDLv1.0.html.
011: * See the License for the specific language governing
012: * permissions and limitations under the License.
013: *
014: * When distributing Covered Code, include this CDDL
015: * HEADER in each file and include the License file at
016: * https://open-esb.dev.java.net/public/CDDLv1.0.html.
017: * If applicable add the following below this CDDL HEADER,
018: * with the fields enclosed by brackets "[]" replaced with
019: * your own identifying information: Portions Copyright
020: * [year] [name of copyright owner]
021: */
022:
023: /*
024: * @(#)EndptSecConfig.java
025: * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
026: *
027: * END_HEADER - DO NOT EDIT
028: */
029: /**
030: * EndptSecConfigImpl.java
031: *
032: * SUN PROPRIETARY/CONFIDENTIAL.
033: * This software is the proprietary information of Sun Microsystems, Inc.
034: * Use is subject to license terms.
035: *
036: * Created on March 18, 2005, 12:20 PM
037: */package com.sun.jbi.internal.security.config;
038:
039: import com.sun.enterprise.security.jauth.AuthPolicy;
040: import com.sun.jbi.StringTranslator;
041: import com.sun.jbi.binding.security.Context;
042: import com.sun.jbi.internal.security.Constants;
043:
044: import java.util.logging.Logger;
045: import java.util.ArrayList;
046: import java.util.Set;
047: import org.w3c.dom.Document;
048: import org.w3c.dom.Element;
049: import org.w3c.dom.NodeList;
050: import org.w3c.dom.Text;
051:
052: /**
053: *
054: * @author Sun Microsystems, Inc.
055: */
056: public class EndptSecConfig implements EndpointSecurityConfig {
057: /** The Logger. */
058: private Logger mLogger;
059:
060: /** The String Translator. */
061: private StringTranslator mTranslator;
062:
063: /** The Endpoint Security Environment. */
064: private SecurityContext mSecurityEnv;
065:
066: /** The Message Protection Policy. */
067: private ArrayList mMsgSecPolicies;
068:
069: /** The default Message Protection Policy. */
070: private MessageSecPolicy mDefMsgSecPolicy;
071:
072: /** The Document. */
073: private Document mDom;
074:
075: /** The Endpoint to which this config applies. */
076: private EndpointInfo mEndpoint;
077:
078: /**
079: * Create a Endpoint Deployment Security Configuration with default settings.
080: *
081: */
082: public EndptSecConfig() {
083: mLogger = Logger.getLogger(Constants.PACKAGE);
084: mTranslator = com.sun.jbi.internal.security.SecurityService
085: .getStringTranslator(Constants.PACKAGE);
086:
087: mDefMsgSecPolicy = new MessageSecPolicyImpl(
088: new java.util.HashSet(), null, null, null);
089: mEndpoint = null;
090: mSecurityEnv = new BindingSecurityContext(mTranslator);
091: }
092:
093: /**
094: * Creates a new instance of EndptSecConfigImpl.
095: *
096: * @param translator is the StringTranslator
097: * @param dom is the dom for the Security Config data.
098: * @throws Exception on Errors.
099: */
100: public EndptSecConfig(Document dom, StringTranslator translator)
101: throws Exception {
102: mLogger = Logger.getLogger(Constants.PACKAGE);
103: mTranslator = translator;
104: mDom = dom;
105:
106: mDefMsgSecPolicy = new MessageSecPolicyImpl(
107: new java.util.HashSet(), null, null, null);
108: // --Parse the dom and get the SecurityEnvironment and all the Message Policies
109: parse(dom);
110: }
111:
112: /**
113: * Get the Message Protection Policy for a particular operation
114: * provided by the Endpoint.
115: *
116: * @param opName is the Operation Name.
117: * @return the Message Protection Policy for the Endpoint Operation.
118: */
119: public MessageSecPolicy getMessagePolicy(String opName) {
120: // -- Go through all the Message Policies and get the
121: // -- one for the operation
122: return getMatchingMessagePolicy(opName);
123: }
124:
125: /**
126: * Get the Security Environment for the Endpoint.
127: *
128: * @return the SecurityContext for the Endpoint
129: */
130: public SecurityContext getSecurityContext() {
131: return mSecurityEnv;
132: }
133:
134: /**
135: * Get the Endpoint Security Environment from the Endpoint Security Configuration
136: *
137: * @return the Security Context for the deployed endpoint.
138: * @throws Exception on errors.
139: */
140: private SecurityContext readSecurityContext() throws Exception {
141: // -- Get the SecurityContext from the Dom
142: Element ep = (Element) mDom.getElementsByTagName(
143: Constants.ELEMENT_ENDPOINT).item(0);
144:
145: NodeList list = ep
146: .getElementsByTagName(Constants.ELEMENT_SECENV);
147: BindingSecurityContext bsecCtx = new BindingSecurityContext(
148: mTranslator);
149: if (list.getLength() == 1) {
150: Element secElement = (Element) list.item(0);
151:
152: // -- Get the KeyStore information
153: list = secElement
154: .getElementsByTagName(Constants.ELEMENT_KEYSTORE_MANAGER);
155: if (list.getLength() == 1) {
156: Element element = (Element) list.item(0);
157: bsecCtx.setKeyStoreManagerName(((Text) element
158: .getFirstChild()).getData());
159: }
160:
161: list = secElement
162: .getElementsByTagName(Constants.ELEMENT_USER_DOMAIN);
163: if (list.getLength() == 1) {
164: Element element = (Element) list.item(0);
165: bsecCtx.setUserDomainName(((Text) element
166: .getFirstChild()).getData());
167: }
168:
169: list = secElement
170: .getElementsByTagName(Constants.ELEMENT_PROVIDER_ID);
171: if (list.getLength() == 1) {
172: Element element = (Element) list.item(0);
173: bsecCtx.setMessageProviderId(((Text) element
174: .getFirstChild()).getData());
175: }
176:
177: getTransportSecurityParameters(secElement, bsecCtx);
178:
179: }
180: return bsecCtx;
181:
182: }
183:
184: /**
185: * Get the Default Message Sec. Policy
186: *
187: * @return the default MessageSecurityPolicy
188: */
189: public MessageSecPolicy getDefaultMessagePolicy() {
190: return mDefMsgSecPolicy;
191: }
192:
193: /**
194: * Get the MessagePolicy matching the Operation Name.
195: *
196: * @param opName is the name of the Endpoint Opeartion whose matching
197: * policy is required.
198: * @return the MessageSecPolicy matching the opName
199: */
200: private MessageSecPolicy getMatchingMessagePolicy(String opName) {
201: java.util.Iterator itr = mMsgSecPolicies.iterator();
202: while (itr.hasNext()) {
203: MessageSecPolicy secPolicy = (MessageSecPolicy) itr.next();
204:
205: if (secPolicy.getOperations().contains(opName)) {
206: return secPolicy;
207: }
208: }
209:
210: mLogger
211: .info(mTranslator
212: .getString(
213: com.sun.jbi.internal.security.LocalStringConstants.BC_INFO_NO_EP_OP_SEC_POLICY,
214: new String[] {
215: opName,
216: "{"
217: + mEndpoint
218: .getTargetNamespace()
219: + "}"
220: + ":"
221: + mEndpoint
222: .getServiceName()
223: + ":"
224: + mEndpoint.getName() }));
225:
226: return null;
227: }
228:
229: /**
230: *
231: * @param dom is the Endpoint Security Config dom
232: * @throws Exception on errors.
233: */
234: private void parse(Document dom) throws Exception {
235: mEndpoint = readEndpointInfo();
236: mSecurityEnv = readSecurityContext();
237: mMsgSecPolicies = readMsgSecPolicies();
238: }
239:
240: /**
241: * Get the EndpointInfo to which this config applies.
242: *
243: * @return the Endpoint information.
244: */
245: public EndpointInfo getEndpointInfo() {
246: return mEndpoint;
247: }
248:
249: /**
250: * @return the Endpoint Information from the Deployment Configuration
251: * @throws Exception on Errors.
252: */
253: private EndpointInfo readEndpointInfo() throws Exception {
254:
255: Element ep = (Element) mDom.getElementsByTagName(
256: Constants.ELEMENT_ENDPOINT).item(0);
257:
258: return new EndpointInfoImpl(ep
259: .getAttribute(Constants.ATTR_NAME).trim(), ep
260: .getAttribute(Constants.ATTR_SERVICE).trim(),
261: new java.net.URI(ep.getAttribute(Constants.ATTR_TNS)
262: .trim()));
263: }
264:
265: /**
266: * Get all the Transport Security ( SSL ) configuration details from the
267: * TransportSecurity element. The values read are set as Name/Value pairs in
268: * the Security Context.
269: *
270: * @param current is the Element to get the parameters from
271: * @param ctx is the Context to add the parameters to.
272: */
273: private void getTransportSecurityParameters(Element current,
274: Context ctx) {
275: // -- Get all the parameter name-vale pairs
276: Element transportSec = (Element) current.getElementsByTagName(
277: Constants.ELEMENT_TRANSPORT_SECURITY).item(0);
278:
279: if (transportSec != null) {
280: Element client = (Element) transportSec
281: .getElementsByTagName(Constants.ELEMENT_CLIENT)
282: .item(0);
283:
284: // -- SSL Protocol value
285: Element sslProtocol = (Element) client
286: .getElementsByTagName(
287: Constants.ELEMENT_SSL_PROTOCOL).item(0);
288: if (sslProtocol != null) {
289: ctx
290: .setValue(
291: com.sun.jbi.internal.security.https.HttpConstants.PARAM_SSL_PROTOCOL,
292: ((Text) sslProtocol.getFirstChild())
293: .getData());
294: }
295:
296: // -- Use Default
297: Element useDef = (Element) client.getElementsByTagName(
298: Constants.ELEMENT_SSL_USE_DEFAULT).item(0);
299: if (useDef != null) {
300: ctx
301: .setValue(
302: com.sun.jbi.internal.security.https.HttpConstants.PARAM_SSL_USE_DEFAULT,
303: ((Text) useDef.getFirstChild())
304: .getData());
305: }
306:
307: // -- Client Alias
308: Element clientAlias = (Element) client
309: .getElementsByTagName(
310: Constants.ELEMENT_SSL_CLIENT_ALIAS).item(0);
311: if (clientAlias != null) {
312: ctx
313: .setValue(
314: com.sun.jbi.internal.security.https.HttpConstants.PARAM_SSL_CLIENT_ALIAS,
315: ((Text) clientAlias.getFirstChild())
316: .getData());
317: }
318:
319: Element server = (Element) transportSec
320: .getElementsByTagName(Constants.ELEMENT_SERVER)
321: .item(0);
322:
323: if (server != null) {
324: // -- Require Client Auth value
325: Element reqClientAuth = (Element) server
326: .getElementsByTagName(
327: Constants.ELEMENT_SSL_REQ_CLIENT_AUTH)
328: .item(0);
329: if (reqClientAuth != null) {
330: ctx
331: .setValue(
332: com.sun.jbi.internal.security.https.HttpConstants.PARAM_SSL_REQ_CLIENT_AUTH,
333: ((Text) reqClientAuth
334: .getFirstChild()).getData());
335: }
336: }
337: }
338: }
339:
340: /**
341: * @return the List of MessageSecurityPolicies defined in the Endpoint Configuration.
342: * @throws Exception on Errors
343: */
344: private ArrayList readMsgSecPolicies() throws Exception {
345: ArrayList secPolicies = new ArrayList();
346:
347: Element ep = (Element) mDom.getElementsByTagName(
348: Constants.ELEMENT_ENDPOINT).item(0);
349:
350: NodeList list = ep
351: .getElementsByTagName(Constants.ELEMENT_OPERATION);
352:
353: for (int i = 0; i < list.getLength(); i++) {
354: Element currentOp = (Element) list.item(i);
355:
356: // -- If there is a Provider then get that
357: NodeList prl = currentOp
358: .getElementsByTagName(Constants.ELEMENT_PROVIDER_ID);
359: String providerId = null;
360: if (prl.getLength() == 1) {
361: providerId = ((Text) prl.item(0).getFirstChild())
362: .getData().trim();
363: }
364:
365: Element reqPolicy = (Element) currentOp
366: .getElementsByTagName(Constants.ELEMENT_REQ_POLICY)
367: .item(0);
368:
369: Element respPolicy = (Element) currentOp
370: .getElementsByTagName(Constants.ELEMENT_RESP_POLICY)
371: .item(0);
372:
373: // -- Get all the operations the above policy applies to
374: // -- Keep the Policy with the operations.
375: NodeList opNames = currentOp
376: .getElementsByTagName(Constants.ELEMENT_NAME);
377:
378: Set opNameSet = new java.util.HashSet();
379: for (int j = 0; j < opNames.getLength(); j++) {
380: opNameSet.add(((Text) opNames.item(j).getFirstChild())
381: .getData().trim());
382: }
383:
384: // -- Add to the list
385: secPolicies.add(new MessageSecPolicyImpl(opNameSet,
386: getAuthPolicy(reqPolicy),
387: getAuthPolicy(respPolicy), providerId));
388: }
389: return secPolicies;
390: }
391:
392: /**
393: * @param policyElement is a Policy Element
394: * @return AuthPolicy
395: */
396: private AuthPolicy getAuthPolicy(Element policyElement) {
397: if (policyElement == null) {
398: return null;
399: }
400:
401: // -- Source Auth Type
402: String srcAuth = policyElement
403: .getAttribute(Constants.ATTR_AUTH_SRC);
404: int srcAuthType = AuthPolicy.SOURCE_AUTH_NONE;
405: if (srcAuth != null) {
406: if (srcAuth.equals(AuthPolicy.SENDER)) {
407: srcAuthType = AuthPolicy.SOURCE_AUTH_SENDER;
408: } else if (srcAuth.equals(AuthPolicy.CONTENT)) {
409: srcAuthType = AuthPolicy.SOURCE_AUTH_CONTENT;
410: }
411: }
412:
413: // -- Recipient Auth Type.
414: boolean rcpAuthReq = false;
415: String rcpAuth = policyElement
416: .getAttribute(Constants.ATTR_AUTH_RECP);
417: boolean beforeContent = false;
418: if (rcpAuth != null) {
419: if (rcpAuth.equals(AuthPolicy.BEFORE_CONTENT)) {
420: beforeContent = true;
421: rcpAuthReq = true;
422: } else if (rcpAuth.equals(AuthPolicy.AFTER_CONTENT)) {
423: beforeContent = false;
424: rcpAuthReq = true;
425: }
426: }
427:
428: return new AuthPolicy(srcAuthType, rcpAuthReq, beforeContent);
429: }
430:
431: }
|