0001: /*
0002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
0003: *
0004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
0005: *
0006: * The contents of this file are subject to the terms of either the GNU
0007: * General Public License Version 2 only ("GPL") or the Common
0008: * Development and Distribution License("CDDL") (collectively, the
0009: * "License"). You may not use this file except in compliance with the
0010: * License. You can obtain a copy of the License at
0011: * http://www.netbeans.org/cddl-gplv2.html
0012: * or nbbuild/licenses/CDDL-GPL-2-CP. See the License for the
0013: * specific language governing permissions and limitations under the
0014: * License. When distributing the software, include this License Header
0015: * Notice in each file and include the License file at
0016: * nbbuild/licenses/CDDL-GPL-2-CP. Sun designates this
0017: * particular file as subject to the "Classpath" exception as provided
0018: * by Sun in the GPL Version 2 section of the License file that
0019: * accompanied this code. If applicable, add the following below the
0020: * License Header, with the fields enclosed by brackets [] replaced by
0021: * your own identifying information:
0022: * "Portions Copyrighted [year] [name of copyright owner]"
0023: *
0024: * Contributor(s):
0025: *
0026: * The Original Software is NetBeans. The Initial Developer of the Original
0027: * Software is Sun Microsystems, Inc. Portions Copyright 2006 Sun
0028: * Microsystems, Inc. All Rights Reserved.
0029: *
0030: * If you wish your version of this file to be governed by only the CDDL
0031: * or only the GPL Version 2, indicate your decision by adding
0032: * "[Contributor] elects to include this software in this distribution
0033: * under the [CDDL or GPL Version 2] license." If you do not indicate a
0034: * single choice of license, a recipient has the option to distribute
0035: * your version of this file under either the CDDL, the GPL Version 2 or
0036: * to extend the choice of license to its licensees as provided above.
0037: * However, if you add GPL Version 2 code and therefore, elected the GPL
0038: * Version 2 license, then the option applies only if the new code is
0039: * made subject to such option by the copyright holder.
0040: */
0041:
0042: package org.netbeans.modules.websvc.wsitconf.wsdlmodelext;
0043:
0044: import java.io.IOException;
0045: import java.util.Collection;
0046: import java.util.Iterator;
0047: import java.util.List;
0048: import java.util.Set;
0049: import java.util.logging.Level;
0050: import java.util.logging.Logger;
0051: import javax.xml.namespace.QName;
0052: import org.netbeans.api.project.FileOwnerQuery;
0053: import org.netbeans.api.project.Project;
0054: import org.netbeans.modules.j2ee.dd.api.web.AuthConstraint;
0055: import org.netbeans.modules.j2ee.dd.api.web.DDProvider;
0056: import org.netbeans.modules.j2ee.dd.api.web.SecurityConstraint;
0057: import org.netbeans.modules.j2ee.dd.api.web.UserDataConstraint;
0058: import org.netbeans.modules.j2ee.dd.api.web.WebApp;
0059: import org.netbeans.modules.j2ee.dd.api.web.WebResourceCollection;
0060: import org.netbeans.modules.web.api.webmodule.WebModule;
0061: import org.netbeans.modules.websvc.wsitconf.spi.SecurityProfile;
0062: import org.netbeans.modules.websvc.wsitconf.spi.SecurityProfileRegistry;
0063: import org.netbeans.modules.websvc.wsitconf.spi.features.ClientDefaultsFeature;
0064: import org.netbeans.modules.websvc.wsitconf.spi.features.ServiceDefaultsFeature;
0065: import org.netbeans.modules.websvc.wsitmodelext.security.BootstrapPolicy;
0066: import org.netbeans.modules.websvc.wsitmodelext.security.SecurityPolicyQName;
0067: import org.netbeans.modules.websvc.wsitmodelext.security.TrustElement;
0068: import org.netbeans.modules.websvc.wsitconf.ui.ComboConstants;
0069: import org.netbeans.modules.websvc.wsitconf.ui.security.listmodels.*;
0070: import org.netbeans.modules.websvc.wsitconf.util.Util;
0071: import org.netbeans.modules.websvc.wsitmodelext.addressing.Address;
0072: import org.netbeans.modules.websvc.wsitmodelext.addressing.Address10;
0073: import org.netbeans.modules.websvc.wsitmodelext.policy.All;
0074: import org.netbeans.modules.websvc.wsitmodelext.policy.Policy;
0075: import org.netbeans.modules.websvc.wsitmodelext.policy.PolicyQName;
0076: import org.netbeans.modules.websvc.wsitmodelext.security.AsymmetricBinding;
0077: import org.netbeans.modules.websvc.wsitmodelext.security.SymmetricBinding;
0078: import org.netbeans.modules.websvc.wsitmodelext.security.TransportBinding;
0079: import org.netbeans.modules.websvc.wsitmodelext.security.WssElement;
0080: import org.netbeans.modules.websvc.wsitmodelext.security.tokens.InitiatorToken;
0081: import org.netbeans.modules.websvc.wsitmodelext.security.tokens.ProtectionToken;
0082: import org.netbeans.modules.websvc.wsitmodelext.security.tokens.RecipientToken;
0083: import org.netbeans.modules.websvc.wsitmodelext.security.tokens.SecureConversationToken;
0084: import org.netbeans.modules.xml.wsdl.model.*;
0085: import org.netbeans.modules.xml.wsdl.model.extensions.soap.SOAPAddress;
0086: import org.openide.filesystems.FileObject;
0087: import org.openide.util.Exceptions;
0088: import org.openide.util.NbBundle;
0089:
0090: /**
0091: *
0092: * @author Martin Grebac
0093: */
0094: public class ProfilesModelHelper {
0095:
0096: public static final String XWS_SECURITY_SERVER = "xws-security-server";
0097: public static final String XWS_SECURITY_CLIENT = "xws-security-client";
0098: public static final String WSSIP = "wssip";
0099: public static final String DEFAULT_PASSWORD = "wsit";
0100: public static final String DEFAULT_USERNAME = "wsit";
0101:
0102: private static final Logger logger = Logger
0103: .getLogger(ProfilesModelHelper.class.getName());
0104:
0105: /**
0106: * Creates a new instance of ProfilesModelHelper
0107: */
0108: public ProfilesModelHelper() {
0109: }
0110:
0111: public static boolean isSSLProfile(String s) {
0112: if (ComboConstants.PROF_MSGAUTHSSL.equals(s)
0113: || ComboConstants.PROF_SAMLSSL.equals(s)
0114: || ComboConstants.PROF_TRANSPORT.equals(s)) {
0115: return true;
0116: }
0117: return false;
0118: }
0119:
0120: /**
0121: * Returns security profile for Binding or BindingOperation
0122: */
0123: public static String getSecurityProfile(WSDLComponent c) {
0124: assert ((c instanceof BindingOperation) || (c instanceof Binding));
0125:
0126: Set<SecurityProfile> profiles = SecurityProfileRegistry
0127: .getDefault().getSecurityProfiles();
0128: for (SecurityProfile profile : profiles) {
0129: if (profile.isCurrentProfile(c)) {
0130: return profile.getDisplayName();
0131: }
0132: }
0133:
0134: return ComboConstants.PROF_GENERIC;
0135: }
0136:
0137: /**
0138: * Checks whether Secure Conversation is enabled
0139: */
0140: public static boolean isSCEnabled(WSDLComponent c) {
0141: assert ((c instanceof BindingOperation) || (c instanceof Binding));
0142: Policy p = PolicyModelHelper.getPolicyForElement(c);
0143: SymmetricBinding sb = (SymmetricBinding) PolicyModelHelper
0144: .getTopLevelElement(p, SymmetricBinding.class);
0145: if (sb == null)
0146: return false;
0147: WSDLComponent protTokenKind = SecurityTokensModelHelper
0148: .getTokenElement(sb, ProtectionToken.class);
0149: if (protTokenKind == null)
0150: return false;
0151: WSDLComponent protToken = SecurityTokensModelHelper
0152: .getTokenTypeElement(protTokenKind);
0153: if (protToken == null)
0154: return false;
0155: boolean secConv = (protToken instanceof SecureConversationToken);
0156: return secConv;
0157: }
0158:
0159: public static String getWSITSecurityProfile(WSDLComponent c) {
0160: if ((c instanceof Binding) || (c instanceof BindingOperation)) {
0161: Policy p = PolicyModelHelper.getPolicyForElement(c);
0162:
0163: SymmetricBinding sb = (SymmetricBinding) PolicyModelHelper
0164: .getTopLevelElement(p, SymmetricBinding.class);
0165: WSDLComponent protTokenKind = SecurityTokensModelHelper
0166: .getTokenElement(sb, ProtectionToken.class);
0167: WSDLComponent protToken = SecurityTokensModelHelper
0168: .getTokenTypeElement(protTokenKind);
0169: WSDLComponent secConvSecBinding = null;
0170: boolean secConv = (protToken instanceof SecureConversationToken);
0171:
0172: WSDLComponent bootPolicy = null;
0173:
0174: if (secConv) {
0175: bootPolicy = SecurityTokensModelHelper.getTokenElement(
0176: protToken, BootstrapPolicy.class);
0177: secConvSecBinding = SecurityPolicyModelHelper
0178: .getSecurityBindingTypeElement(bootPolicy);
0179: }
0180:
0181: TransportBinding tb = null;
0182: if (secConv
0183: && (secConvSecBinding instanceof TransportBinding)) {
0184: tb = (TransportBinding) secConvSecBinding;
0185: } else {
0186: tb = (TransportBinding) PolicyModelHelper
0187: .getTopLevelElement(p, TransportBinding.class);
0188: }
0189: if (tb != null) { // profiles 1,2,3
0190: // depends on message level policy
0191: if (c instanceof BindingOperation) {
0192: BindingInput input = ((BindingOperation) c)
0193: .getBindingInput();
0194: WSDLComponent tokenKind = SecurityTokensModelHelper
0195: .getSupportingToken(input,
0196: SecurityTokensModelHelper.ENDORSING);
0197: if (tokenKind != null) {
0198: return ComboConstants.PROF_MSGAUTHSSL; // profile 2 with secure conversation
0199: }
0200: tokenKind = SecurityTokensModelHelper
0201: .getSupportingToken(
0202: input,
0203: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0204: String tokenType = SecurityTokensModelHelper
0205: .getTokenType(tokenKind);
0206: if (ComboConstants.SAML.equals(tokenType)) { // profile3
0207: return ComboConstants.PROF_SAMLSSL;
0208: } else if ((ComboConstants.USERNAME
0209: .equals(tokenType))
0210: || (ComboConstants.X509.equals(tokenType))) { // profile2
0211: return ComboConstants.PROF_MSGAUTHSSL;
0212: }
0213: return ComboConstants.PROF_TRANSPORT;
0214: } else {
0215: WSDLComponent tokenKind = SecurityTokensModelHelper
0216: .getSupportingToken(c,
0217: SecurityTokensModelHelper.ENDORSING);
0218: if (tokenKind != null) {
0219: return ComboConstants.PROF_MSGAUTHSSL; // profile 2 with secure conversation
0220: }
0221: if (secConv) {
0222: Policy pp = PolicyModelHelper
0223: .getTopLevelElement(bootPolicy,
0224: Policy.class);
0225: tokenKind = SecurityTokensModelHelper
0226: .getSupportingToken(
0227: pp,
0228: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0229: } else {
0230: tokenKind = SecurityTokensModelHelper
0231: .getSupportingToken(
0232: c,
0233: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0234: }
0235: String tokenType = SecurityTokensModelHelper
0236: .getTokenType(tokenKind);
0237: if (ComboConstants.SAML.equals(tokenType)) { // profile3
0238: return ComboConstants.PROF_SAMLSSL;
0239: } else if ((ComboConstants.USERNAME
0240: .equals(tokenType))
0241: || (ComboConstants.X509.equals(tokenType))) { // profile2
0242: return ComboConstants.PROF_MSGAUTHSSL;
0243: }
0244: return ComboConstants.PROF_TRANSPORT;
0245: }
0246: }
0247:
0248: if (secConv
0249: && (secConvSecBinding instanceof SymmetricBinding)) {
0250: sb = (SymmetricBinding) secConvSecBinding;
0251: } else {
0252: sb = (SymmetricBinding) PolicyModelHelper
0253: .getTopLevelElement(p, SymmetricBinding.class);
0254: }
0255: if (sb != null) { // profiles 4,6,9,10,12
0256: protToken = (ProtectionToken) SecurityTokensModelHelper
0257: .getTokenElement(sb, ProtectionToken.class);
0258: if (protToken != null) {
0259: String tokenType = SecurityTokensModelHelper
0260: .getTokenType(protToken);
0261: if (ComboConstants.ISSUED.equals(tokenType)) { // profile 10
0262: return ComboConstants.PROF_STSISSUED;
0263: }
0264: if (ComboConstants.KERBEROS.equals(tokenType)) { // profile 9
0265: return ComboConstants.PROF_KERBEROS;
0266: }
0267: if (ComboConstants.X509.equals(tokenType)) { // profile 12, 6, 4
0268: WSDLComponent tokenKind = null;
0269: if (secConv) {
0270: Policy pp = PolicyModelHelper
0271: .getTopLevelElement(bootPolicy,
0272: Policy.class);
0273: tokenKind = SecurityTokensModelHelper
0274: .getSupportingToken(
0275: pp,
0276: SecurityTokensModelHelper.ENDORSING);
0277: } else {
0278: tokenKind = SecurityTokensModelHelper
0279: .getSupportingToken(
0280: c,
0281: SecurityTokensModelHelper.ENDORSING);
0282: }
0283:
0284: tokenType = SecurityTokensModelHelper
0285: .getTokenType(tokenKind);
0286: if (ComboConstants.ISSUED.equals(tokenType)) { // profile 12
0287: return ComboConstants.PROF_STSISSUEDENDORSE;
0288: }
0289: if (ComboConstants.X509.equals(tokenType)) { // profile 6
0290: return ComboConstants.PROF_ENDORSCERT;
0291: }
0292: if (tokenType == null) { // profile 4
0293: return ComboConstants.PROF_USERNAME;
0294: }
0295: }
0296: }
0297: }
0298:
0299: AsymmetricBinding ab = null;
0300: if (secConv
0301: && (secConvSecBinding instanceof AsymmetricBinding)) {
0302: ab = (AsymmetricBinding) secConvSecBinding;
0303: } else {
0304: ab = (AsymmetricBinding) PolicyModelHelper
0305: .getTopLevelElement(p, AsymmetricBinding.class);
0306: }
0307: if (ab != null) { // profiles 5,7,8,11
0308: InitiatorToken initToken = (InitiatorToken) SecurityTokensModelHelper
0309: .getTokenElement(ab, InitiatorToken.class);
0310: RecipientToken recipToken = (RecipientToken) SecurityTokensModelHelper
0311: .getTokenElement(ab, RecipientToken.class);
0312: if ((initToken != null) && (recipToken != null)) {
0313: String initTokenType = SecurityTokensModelHelper
0314: .getTokenType(initToken);
0315: String recipTokenType = SecurityTokensModelHelper
0316: .getTokenType(recipToken);
0317: if ((ComboConstants.X509.equals(initTokenType))
0318: && (ComboConstants.X509
0319: .equals(recipTokenType))) { // profile 5, 7
0320: if (c instanceof BindingOperation) {
0321: BindingInput input = ((BindingOperation) c)
0322: .getBindingInput();
0323: WSDLComponent tokenKind = SecurityTokensModelHelper
0324: .getSupportingToken(
0325: input,
0326: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0327: String tokenType = SecurityTokensModelHelper
0328: .getTokenType(tokenKind);
0329: if (ComboConstants.SAML.equals(tokenType)) { // profile7
0330: return ComboConstants.PROF_SAMLSENDER;
0331: } else if (tokenType == null) { // profile5
0332: return ComboConstants.PROF_MUTUALCERT;
0333: }
0334: } else {
0335: WSDLComponent tokenKind = null;
0336: if (secConv) {
0337: Policy pp = PolicyModelHelper
0338: .getTopLevelElement(bootPolicy,
0339: Policy.class);
0340: tokenKind = SecurityTokensModelHelper
0341: .getSupportingToken(
0342: pp,
0343: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0344: } else {
0345: tokenKind = SecurityTokensModelHelper
0346: .getSupportingToken(
0347: c,
0348: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0349: }
0350: String tokenType = SecurityTokensModelHelper
0351: .getTokenType(tokenKind);
0352: if (ComboConstants.SAML.equals(tokenType)) { // profile7
0353: return ComboConstants.PROF_SAMLSENDER;
0354: } else if (tokenType == null) { // profile5
0355: return ComboConstants.PROF_MUTUALCERT;
0356: }
0357: }
0358: }
0359: if ((ComboConstants.SAML.equals(initTokenType))
0360: && (ComboConstants.X509
0361: .equals(recipTokenType))) { // profile 8,
0362: return ComboConstants.PROF_SAMLHOLDER;
0363: }
0364: if ((ComboConstants.ISSUED.equals(initTokenType))
0365: && (ComboConstants.X509
0366: .equals(recipTokenType))) { // profile 11
0367: return ComboConstants.PROF_STSISSUEDCERT;
0368: }
0369: }
0370: }
0371: }
0372:
0373: return ComboConstants.PROF_GENERIC;
0374: }
0375:
0376: private static void updateServiceUrl(WSDLComponent c,
0377: boolean toHttps) {
0378:
0379: String from, to;
0380: if (toHttps) {
0381: from = "http:"; //NOI18N
0382: to = "https:"; //NOI18N
0383: } else {
0384: from = "https:"; //NOI18N
0385: to = "http:"; //NOI18N
0386: }
0387: if (c instanceof Binding) {
0388: Collection<Service> services = c.getModel()
0389: .getDefinitions().getServices();
0390: for (Service s : services) {
0391: Collection<Port> ports = s.getPorts();
0392: for (Port p : ports) {
0393: if (p.getBinding().references((Binding) c)) {
0394: List<Address> addresses = p
0395: .getExtensibilityElements(Address.class);
0396: if ((addresses != null)
0397: && (!addresses.isEmpty())) {
0398: for (Address a : addresses) {
0399: String addr = a.getAddress();
0400: if (addr != null) {
0401: a.setAddress(addr.replaceFirst(
0402: from, to));
0403: }
0404: }
0405: }
0406: List<Address10> addresses10 = p
0407: .getExtensibilityElements(Address10.class);
0408: if ((addresses10 != null)
0409: && (!addresses10.isEmpty())) {
0410: for (Address10 a : addresses10) {
0411: String addr = a.getAddress();
0412: if (addr != null) {
0413: a.setAddress(addr.replaceFirst(
0414: from, to));
0415: }
0416: }
0417: }
0418: List<SOAPAddress> soapAddresses = p
0419: .getExtensibilityElements(SOAPAddress.class);
0420: if ((soapAddresses != null)
0421: && (!soapAddresses.isEmpty())) {
0422: for (SOAPAddress a : soapAddresses) {
0423: String addr = a.getLocation();
0424: if (addr != null) {
0425: a.setLocation(addr.replaceFirst(
0426: from, to));
0427: }
0428: }
0429: }
0430: }
0431: }
0432: }
0433: }
0434: }
0435:
0436: public static boolean isServiceUrlHttps(Binding binding) {
0437: Collection<Service> services = binding.getModel()
0438: .getDefinitions().getServices();
0439: for (Service s : services) {
0440: Collection<Port> ports = s.getPorts();
0441: for (Port p : ports) {
0442: if (p.getBinding().references(binding)) {
0443: List<Address> addresses = p
0444: .getExtensibilityElements(Address.class);
0445: if ((addresses != null) && (!addresses.isEmpty())) {
0446: for (Address a : addresses) {
0447: String addr = a.getAddress();
0448: if ((addr != null)
0449: && (addr.contains("https:"))) {
0450: return true;
0451: }
0452: }
0453: }
0454: List<Address10> addresses10 = p
0455: .getExtensibilityElements(Address10.class);
0456: if ((addresses10 != null)
0457: && (!addresses10.isEmpty())) {
0458: for (Address10 a : addresses10) {
0459: String addr = a.getAddress();
0460: if ((addr != null)
0461: && (addr.contains("https:"))) {
0462: return true;
0463: }
0464: }
0465: }
0466: List<SOAPAddress> soapAddresses = p
0467: .getExtensibilityElements(SOAPAddress.class);
0468: if ((soapAddresses != null)
0469: && (!soapAddresses.isEmpty())) {
0470: for (SOAPAddress a : soapAddresses) {
0471: String addr = a.getLocation();
0472: if ((addr != null)
0473: && (addr.contains("https:"))) {
0474: return true;
0475: }
0476: }
0477: }
0478: }
0479: }
0480: }
0481: return false;
0482: }
0483:
0484: /** Sets security profile on Binding or BindingOperation
0485: */
0486: public static void setSecurityProfile(WSDLComponent c,
0487: String profile, String oldProfile, boolean updateServiceUrl) {
0488: assert (c != null);
0489: assert (profile != null);
0490: assert ((c instanceof BindingOperation) || (c instanceof Binding));
0491:
0492: SecurityProfile newP = SecurityProfileRegistry.getDefault()
0493: .getProfile(profile);
0494: SecurityProfile oldP = SecurityProfileRegistry.getDefault()
0495: .getProfile(oldProfile);
0496:
0497: if (oldP != null) {
0498: oldP.profileDeselected(c);
0499: }
0500: newP.profileSelected(c, updateServiceUrl);
0501: }
0502:
0503: public static boolean isServiceDefaultSetupSupported(String profile) {
0504: SecurityProfile p = SecurityProfileRegistry.getDefault()
0505: .getProfile(profile);
0506: return (p instanceof ServiceDefaultsFeature);
0507: }
0508:
0509: public static boolean isClientDefaultSetupSupported(String profile) {
0510: SecurityProfile p = SecurityProfileRegistry.getDefault()
0511: .getProfile(profile);
0512: return (p instanceof ClientDefaultsFeature);
0513: }
0514:
0515: public static boolean isServiceDefaultSetupUsed(String profile,
0516: Binding binding, Project project) {
0517: SecurityProfile p = SecurityProfileRegistry.getDefault()
0518: .getProfile(profile);
0519: if (p instanceof ServiceDefaultsFeature) {
0520: return ((ServiceDefaultsFeature) p)
0521: .isServiceDefaultSetupUsed(binding, project);
0522: }
0523: return false;
0524: }
0525:
0526: public static boolean isClientDefaultSetupUsed(String profile,
0527: Binding binding, WSDLComponent serviceBinding,
0528: Project project) {
0529: SecurityProfile p = SecurityProfileRegistry.getDefault()
0530: .getProfile(profile);
0531: if (p instanceof ClientDefaultsFeature) {
0532: return ((ClientDefaultsFeature) p)
0533: .isClientDefaultSetupUsed(binding,
0534: (Binding) serviceBinding, project);
0535: }
0536: return false;
0537: }
0538:
0539: public static void setClientDefaults(String profile,
0540: Binding binding, WSDLComponent serviceBinding,
0541: Project project) {
0542: SecurityProfile p = SecurityProfileRegistry.getDefault()
0543: .getProfile(profile);
0544: if (p instanceof ClientDefaultsFeature) {
0545: ((ClientDefaultsFeature) p).setClientDefaults(binding,
0546: serviceBinding, project);
0547: }
0548: }
0549:
0550: public static void setServiceDefaults(String profile,
0551: Binding binding, Project project) {
0552: SecurityProfile p = SecurityProfileRegistry.getDefault()
0553: .getProfile(profile);
0554: if (p instanceof ServiceDefaultsFeature) {
0555: ((ServiceDefaultsFeature) p).setServiceDefaults(binding,
0556: project);
0557: }
0558: }
0559:
0560: /** Sets security profile on Binding or BindingOperation
0561: */
0562: public static void setSecurityProfile(WSDLComponent c,
0563: String profile, boolean updateServiceUrl) {
0564: WSDLModel model = c.getModel();
0565:
0566: boolean isTransaction = model.isIntransaction();
0567: if (!isTransaction) {
0568: model.startTransaction();
0569: }
0570:
0571: PolicyModelHelper.createPolicy(c, true);
0572: try {
0573: // Profile #1
0574: if (ComboConstants.PROF_TRANSPORT.equals(profile)) {
0575: WSDLComponent bt = SecurityPolicyModelHelper
0576: .setSecurityBindingType(c,
0577: ComboConstants.TRANSPORT);
0578: SecurityTokensModelHelper.setTokenType(bt,
0579: ComboConstants.TRANSPORT, ComboConstants.HTTPS);
0580: SecurityPolicyModelHelper.setLayout(bt,
0581: ComboConstants.LAX);
0582: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0583: true);
0584: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0585: ComboConstants.BASIC128);
0586: SecurityPolicyModelHelper.enableWss(c, false);
0587: SecurityPolicyModelHelper.disableTrust10(c);
0588: SecurityTokensModelHelper.removeSupportingTokens(c);
0589: } else if (ComboConstants.PROF_MSGAUTHSSL.equals(profile)) { // Profile #2
0590: WSDLComponent bt = SecurityPolicyModelHelper
0591: .setSecurityBindingType(c,
0592: ComboConstants.TRANSPORT);
0593: SecurityTokensModelHelper.setTokenType(bt,
0594: ComboConstants.TRANSPORT, ComboConstants.HTTPS);
0595: SecurityPolicyModelHelper.setLayout(bt,
0596: ComboConstants.LAX);
0597: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0598: true);
0599: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0600: ComboConstants.BASIC128);
0601: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0602: false);
0603: SecurityPolicyModelHelper.disableTrust10(c);
0604: SecurityPolicyModelHelper
0605: .enableMustSupportRefKeyIdentifier(wss, true);
0606: SecurityTokensModelHelper.removeSupportingTokens(c);
0607: SecurityTokensModelHelper.setSupportingTokens(c,
0608: ComboConstants.USERNAME,
0609: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0610: } else if (ComboConstants.PROF_SAMLSSL.equals(profile)) { // Profile #3
0611: WSDLComponent bt = SecurityPolicyModelHelper
0612: .setSecurityBindingType(c,
0613: ComboConstants.TRANSPORT);
0614: SecurityTokensModelHelper.setTokenType(bt,
0615: ComboConstants.TRANSPORT, ComboConstants.HTTPS);
0616: SecurityPolicyModelHelper.setLayout(bt,
0617: ComboConstants.LAX);
0618: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0619: true);
0620: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0621: ComboConstants.BASIC128);
0622: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0623: false);
0624: SecurityPolicyModelHelper.disableTrust10(c);
0625: SecurityPolicyModelHelper
0626: .enableMustSupportRefKeyIdentifier(wss, true);
0627: SecurityTokensModelHelper.removeSupportingTokens(c);
0628: SecurityTokensModelHelper.setSupportingTokens(c,
0629: ComboConstants.SAML,
0630: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0631: } else if (ComboConstants.PROF_USERNAME.equals(profile)) { // Profile #4
0632: WSDLComponent bt = SecurityPolicyModelHelper
0633: .setSecurityBindingType(c,
0634: ComboConstants.SYMMETRIC);
0635: WSDLComponent tokenType = SecurityTokensModelHelper
0636: .setTokenType(bt, ComboConstants.PROTECTION,
0637: ComboConstants.X509);
0638: // SecurityPolicyModelHelper.enableRequireThumbprintReference(tokenType, true);
0639: SecurityTokensModelHelper.setTokenInclusionLevel(
0640: tokenType, ComboConstants.NEVER);
0641: SecurityPolicyModelHelper.setLayout(bt,
0642: ComboConstants.STRICT);
0643: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0644: true);
0645: SecurityPolicyModelHelper
0646: .enableSignEntireHeadersAndBody(bt, true);
0647: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0648: ComboConstants.BASIC128);
0649: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0650: true);
0651: SecurityPolicyModelHelper.disableTrust10(c);
0652: SecurityPolicyModelHelper
0653: .enableMustSupportRefKeyIdentifier(wss, true);
0654: SecurityPolicyModelHelper
0655: .enableMustSupportRefIssuerSerial(wss, true);
0656: SecurityPolicyModelHelper
0657: .enableMustSupportRefThumbprint(wss, true);
0658: SecurityPolicyModelHelper
0659: .enableMustSupportRefEncryptedKey(wss, true);
0660: SecurityTokensModelHelper.removeSupportingTokens(c);
0661: SecurityTokensModelHelper.setSupportingTokens(c,
0662: ComboConstants.USERNAME,
0663: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0664: } else if (ComboConstants.PROF_MUTUALCERT.equals(profile)) { // #5
0665: WSDLComponent bt = SecurityPolicyModelHelper
0666: .setSecurityBindingType(c,
0667: ComboConstants.ASYMMETRIC);
0668: WSDLComponent tokenType = SecurityTokensModelHelper
0669: .setTokenType(bt, ComboConstants.INITIATOR,
0670: ComboConstants.X509);
0671: SecurityTokensModelHelper.setTokenInclusionLevel(
0672: tokenType, ComboConstants.ALWAYSRECIPIENT);
0673: tokenType = SecurityTokensModelHelper.setTokenType(bt,
0674: ComboConstants.RECIPIENT, ComboConstants.X509);
0675: SecurityTokensModelHelper.setTokenInclusionLevel(
0676: tokenType, ComboConstants.NEVER);
0677: SecurityPolicyModelHelper.setLayout(bt,
0678: ComboConstants.STRICT);
0679: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0680: true);
0681: SecurityPolicyModelHelper
0682: .enableSignEntireHeadersAndBody(bt, true);
0683: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0684: ComboConstants.BASIC128);
0685: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0686: false);
0687: SecurityPolicyModelHelper.disableTrust10(c);
0688: SecurityPolicyModelHelper
0689: .enableMustSupportRefKeyIdentifier(wss, true);
0690: SecurityPolicyModelHelper
0691: .enableMustSupportRefIssuerSerial(wss, true);
0692: SecurityTokensModelHelper.removeSupportingTokens(c);
0693: } else if (ComboConstants.PROF_ENDORSCERT.equals(profile)) { //#6
0694: WSDLComponent bt = SecurityPolicyModelHelper
0695: .setSecurityBindingType(c,
0696: ComboConstants.SYMMETRIC);
0697: WSDLComponent tokenType = SecurityTokensModelHelper
0698: .setTokenType(bt, ComboConstants.PROTECTION,
0699: ComboConstants.X509);
0700: SecurityTokensModelHelper.setTokenInclusionLevel(
0701: tokenType, ComboConstants.NEVER);
0702: // SecurityPolicyModelHelper.enableRequireThumbprintReference(tokenType, true);
0703: SecurityPolicyModelHelper.setLayout(bt,
0704: ComboConstants.LAX);
0705: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0706: true);
0707: SecurityPolicyModelHelper
0708: .enableSignEntireHeadersAndBody(bt, true);
0709: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0710: ComboConstants.BASIC128);
0711: //wss
0712: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0713: true);
0714: SecurityPolicyModelHelper.disableTrust10(c);
0715: SecurityPolicyModelHelper
0716: .enableMustSupportRefKeyIdentifier(wss, true);
0717: SecurityPolicyModelHelper
0718: .enableMustSupportRefIssuerSerial(wss, true);
0719: SecurityPolicyModelHelper
0720: .enableMustSupportRefThumbprint(wss, true);
0721: SecurityPolicyModelHelper
0722: .enableMustSupportRefEncryptedKey(wss, true);
0723: //endorsing supporting token
0724: SecurityTokensModelHelper.removeSupportingTokens(c);
0725: tokenType = SecurityTokensModelHelper
0726: .setSupportingTokens(c, ComboConstants.X509,
0727: SecurityTokensModelHelper.ENDORSING);
0728: } else if (ComboConstants.PROF_SAMLSENDER.equals(profile)) { //#7
0729: WSDLComponent bt = SecurityPolicyModelHelper
0730: .setSecurityBindingType(c,
0731: ComboConstants.ASYMMETRIC);
0732: WSDLComponent tokenType = SecurityTokensModelHelper
0733: .setTokenType(bt, ComboConstants.INITIATOR,
0734: ComboConstants.X509);
0735: SecurityTokensModelHelper.setTokenInclusionLevel(
0736: tokenType, ComboConstants.ALWAYSRECIPIENT);
0737: tokenType = SecurityTokensModelHelper.setTokenType(bt,
0738: ComboConstants.RECIPIENT, ComboConstants.X509);
0739: SecurityTokensModelHelper.setTokenInclusionLevel(
0740: tokenType, ComboConstants.NEVER);
0741: SecurityPolicyModelHelper.setLayout(bt,
0742: ComboConstants.STRICT);
0743: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0744: true);
0745: SecurityPolicyModelHelper
0746: .enableSignEntireHeadersAndBody(bt, true);
0747: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0748: ComboConstants.BASIC128);
0749: //wss
0750: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0751: false);
0752: SecurityPolicyModelHelper.disableTrust10(c);
0753: SecurityPolicyModelHelper
0754: .enableMustSupportRefKeyIdentifier(wss, true);
0755: SecurityPolicyModelHelper
0756: .enableMustSupportRefIssuerSerial(wss, true);
0757: SecurityTokensModelHelper.removeSupportingTokens(c);
0758: SecurityTokensModelHelper.setSupportingTokens(c,
0759: ComboConstants.SAML,
0760: SecurityTokensModelHelper.SIGNED_SUPPORTING);
0761: } else if (ComboConstants.PROF_SAMLHOLDER.equals(profile)) { // #8
0762: WSDLComponent bt = SecurityPolicyModelHelper
0763: .setSecurityBindingType(c,
0764: ComboConstants.ASYMMETRIC);
0765: WSDLComponent tokenType = SecurityTokensModelHelper
0766: .setTokenType(bt, ComboConstants.INITIATOR,
0767: ComboConstants.SAML);
0768: SecurityTokensModelHelper.setTokenInclusionLevel(
0769: tokenType, ComboConstants.ALWAYSRECIPIENT);
0770: tokenType = SecurityTokensModelHelper.setTokenType(bt,
0771: ComboConstants.RECIPIENT, ComboConstants.X509);
0772: SecurityTokensModelHelper.setTokenInclusionLevel(
0773: tokenType, ComboConstants.NEVER);
0774: SecurityPolicyModelHelper.setLayout(bt,
0775: ComboConstants.STRICT);
0776: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0777: true);
0778: SecurityPolicyModelHelper
0779: .enableSignEntireHeadersAndBody(bt, true);
0780: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0781: ComboConstants.BASIC128);
0782: //wss
0783: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0784: false);
0785: SecurityPolicyModelHelper.disableTrust10(c);
0786: SecurityPolicyModelHelper
0787: .enableMustSupportRefKeyIdentifier(wss, true);
0788: SecurityPolicyModelHelper
0789: .enableMustSupportRefIssuerSerial(wss, true);
0790: SecurityTokensModelHelper.removeSupportingTokens(c);
0791: } else if (ComboConstants.PROF_KERBEROS.equals(profile)) { //#9
0792: WSDLComponent bt = SecurityPolicyModelHelper
0793: .setSecurityBindingType(c,
0794: ComboConstants.SYMMETRIC);
0795: WSDLComponent tokenType = SecurityTokensModelHelper
0796: .setTokenType(bt, ComboConstants.PROTECTION,
0797: ComboConstants.KERBEROS);
0798: SecurityTokensModelHelper.setTokenInclusionLevel(
0799: tokenType, ComboConstants.ONCE);
0800: SecurityPolicyModelHelper.setLayout(bt,
0801: ComboConstants.STRICT);
0802: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0803: true);
0804: SecurityPolicyModelHelper
0805: .enableSignEntireHeadersAndBody(bt, true);
0806: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0807: ComboConstants.BASIC128);
0808: //wss
0809: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0810: true);
0811: SecurityPolicyModelHelper.disableTrust10(c);
0812: SecurityPolicyModelHelper
0813: .enableMustSupportRefKeyIdentifier(wss, true);
0814: SecurityPolicyModelHelper
0815: .enableMustSupportRefIssuerSerial(wss, true);
0816: SecurityPolicyModelHelper
0817: .enableMustSupportRefThumbprint(wss, true);
0818: SecurityPolicyModelHelper
0819: .enableMustSupportRefEncryptedKey(wss, true);
0820: SecurityTokensModelHelper.removeSupportingTokens(c);
0821: } else if (ComboConstants.PROF_STSISSUED.equals(profile)) { //#10
0822: WSDLComponent bt = SecurityPolicyModelHelper
0823: .setSecurityBindingType(c,
0824: ComboConstants.SYMMETRIC);
0825: WSDLComponent tokenType = SecurityTokensModelHelper
0826: .setTokenType(bt, ComboConstants.PROTECTION,
0827: ComboConstants.ISSUED);
0828: SecurityTokensModelHelper.setTokenInclusionLevel(
0829: tokenType, ComboConstants.ALWAYSRECIPIENT);
0830: SecurityPolicyModelHelper.setLayout(bt,
0831: ComboConstants.LAX);
0832: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0833: true);
0834: SecurityPolicyModelHelper
0835: .enableSignEntireHeadersAndBody(bt, true);
0836: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0837: ComboConstants.BASIC128);
0838: //wss
0839: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0840: true);
0841: SecurityPolicyModelHelper
0842: .enableMustSupportRefKeyIdentifier(wss, true);
0843: SecurityPolicyModelHelper
0844: .enableMustSupportRefIssuerSerial(wss, true);
0845: SecurityPolicyModelHelper
0846: .enableMustSupportRefThumbprint(wss, true);
0847: SecurityPolicyModelHelper
0848: .enableMustSupportRefEncryptedKey(wss, true);
0849: //trust10
0850: TrustElement trust = SecurityPolicyModelHelper
0851: .enableTrust10(c);
0852: SecurityPolicyModelHelper
0853: .enableMustSupportIssuedTokens(trust, true);
0854: SecurityPolicyModelHelper.enableRequireClientEntropy(
0855: trust, true);
0856: SecurityPolicyModelHelper.enableRequireServerEntropy(
0857: trust, true);
0858: SecurityTokensModelHelper.removeSupportingTokens(c);
0859: } else if (ComboConstants.PROF_STSISSUEDCERT
0860: .equals(profile)) { //#11
0861: WSDLComponent bt = SecurityPolicyModelHelper
0862: .setSecurityBindingType(c,
0863: ComboConstants.ASYMMETRIC);
0864: WSDLComponent tokenType = SecurityTokensModelHelper
0865: .setTokenType(bt, ComboConstants.INITIATOR,
0866: ComboConstants.ISSUED);
0867: SecurityTokensModelHelper.setTokenInclusionLevel(
0868: tokenType, ComboConstants.ALWAYSRECIPIENT);
0869: tokenType = SecurityTokensModelHelper.setTokenType(bt,
0870: ComboConstants.RECIPIENT, ComboConstants.X509);
0871: SecurityTokensModelHelper.setTokenInclusionLevel(
0872: tokenType, ComboConstants.NEVER);
0873: SecurityPolicyModelHelper.setLayout(bt,
0874: ComboConstants.LAX);
0875: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0876: true);
0877: SecurityPolicyModelHelper
0878: .enableSignEntireHeadersAndBody(bt, true);
0879: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0880: ComboConstants.BASIC128);
0881: //wss
0882: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0883: true);
0884: SecurityPolicyModelHelper
0885: .enableMustSupportRefKeyIdentifier(wss, true);
0886: SecurityPolicyModelHelper
0887: .enableMustSupportRefIssuerSerial(wss, true);
0888: SecurityPolicyModelHelper
0889: .enableMustSupportRefThumbprint(wss, true);
0890: SecurityPolicyModelHelper
0891: .enableMustSupportRefEncryptedKey(wss, true);
0892: //trust10
0893: TrustElement trust = SecurityPolicyModelHelper
0894: .enableTrust10(c);
0895: SecurityPolicyModelHelper
0896: .enableMustSupportIssuedTokens(trust, true);
0897: SecurityPolicyModelHelper.enableRequireClientEntropy(
0898: trust, true);
0899: SecurityPolicyModelHelper.enableRequireServerEntropy(
0900: trust, true);
0901: SecurityTokensModelHelper.removeSupportingTokens(c);
0902: } else if (ComboConstants.PROF_STSISSUEDENDORSE
0903: .equals(profile)) { //#12
0904: WSDLComponent bt = SecurityPolicyModelHelper
0905: .setSecurityBindingType(c,
0906: ComboConstants.SYMMETRIC);
0907: WSDLComponent tokenType = SecurityTokensModelHelper
0908: .setTokenType(bt, ComboConstants.PROTECTION,
0909: ComboConstants.X509);
0910: SecurityTokensModelHelper.setTokenInclusionLevel(
0911: tokenType, ComboConstants.ALWAYS);
0912: // SecurityPolicyModelHelper.enableRequireThumbprintReference(tokenType, true);
0913: SecurityPolicyModelHelper.setLayout(bt,
0914: ComboConstants.LAX);
0915: SecurityPolicyModelHelper.enableIncludeTimestamp(bt,
0916: true);
0917: SecurityPolicyModelHelper
0918: .enableSignEntireHeadersAndBody(bt, true);
0919: AlgoSuiteModelHelper.setAlgorithmSuite(bt,
0920: ComboConstants.BASIC128);
0921: //wss
0922: WssElement wss = SecurityPolicyModelHelper.enableWss(c,
0923: true);
0924: SecurityPolicyModelHelper
0925: .enableMustSupportRefKeyIdentifier(wss, true);
0926: SecurityPolicyModelHelper
0927: .enableMustSupportRefIssuerSerial(wss, true);
0928: SecurityPolicyModelHelper
0929: .enableMustSupportRefThumbprint(wss, true);
0930: SecurityPolicyModelHelper
0931: .enableMustSupportRefEncryptedKey(wss, true);
0932: //trust10
0933: TrustElement trust = SecurityPolicyModelHelper
0934: .enableTrust10(c);
0935: SecurityPolicyModelHelper
0936: .enableMustSupportIssuedTokens(trust, true);
0937: SecurityPolicyModelHelper.enableRequireClientEntropy(
0938: trust, true);
0939: SecurityPolicyModelHelper.enableRequireServerEntropy(
0940: trust, true);
0941: //endorsing supporting token
0942: SecurityTokensModelHelper.removeSupportingTokens(c);
0943: tokenType = SecurityTokensModelHelper
0944: .setSupportingTokens(c, ComboConstants.ISSUED,
0945: SecurityTokensModelHelper.ENDORSING);
0946: }
0947: setMessageLevelSecurityProfilePolicies(c, profile);
0948: if (updateServiceUrl) {
0949: updateServiceUrl(c, isSSLProfile(profile));
0950: }
0951: } finally {
0952: if (!isTransaction) {
0953: model.endTransaction();
0954: }
0955: }
0956: }
0957:
0958: private static FileObject getDDFO(WSDLComponent c) {
0959: if (c != null) {
0960: WSDLModel model = c.getModel();
0961: FileObject fo = Util.getFOForModel(model);
0962: if (fo != null) {
0963: Project p = FileOwnerQuery.getOwner(fo);
0964: if (Util.isWebProject(p)) {
0965: WebModule wm = WebModule.getWebModule(fo);
0966: return wm.getDeploymentDescriptor();
0967: } else {
0968: return Util.getSunDDFO(p);
0969: }
0970: }
0971: }
0972: return null;
0973: }
0974:
0975: private static SecurityConstraint getSecurityConstraint(
0976: WSDLComponent c) {
0977: FileObject webXmlFO = getDDFO(c);
0978: if (webXmlFO != null) {
0979: WebApp webXmlDD = null;
0980: try {
0981: webXmlDD = DDProvider.getDefault().getDDRoot(webXmlFO);
0982: } catch (IOException ioe) {
0983: logger.log(Level.FINE, null, ioe); //ignore
0984: }
0985:
0986: String urlPattern = null;
0987:
0988: if (c instanceof Binding) {
0989: Collection<Service> ss = c.getModel().getDefinitions()
0990: .getServices();
0991: for (Service s : ss) {
0992: Collection<Port> pp = s.getPorts();
0993: for (Port port : pp) {
0994: QName qname = port.getBinding().getQName();
0995: String bName = ((Binding) c).getName();
0996: if (bName.equals(qname.getLocalPart())) {
0997: urlPattern = s.getName();
0998: }
0999: }
1000: }
1001: }
1002:
1003: if ((webXmlDD != null)
1004: && (webXmlDD.getStatus() != WebApp.STATE_INVALID_UNPARSABLE)) {
1005: SecurityConstraint[] constraints = webXmlDD
1006: .getSecurityConstraint();
1007: for (SecurityConstraint sc : constraints) {
1008: WebResourceCollection wrc = sc
1009: .getWebResourceCollection(0);
1010: if (wrc != null) {
1011: String wrcUrlPattern = wrc.getUrlPattern(0);
1012: if ((wrcUrlPattern != null)
1013: && wrcUrlPattern.contains(urlPattern)) {
1014: return sc;
1015: }
1016: }
1017: }
1018: }
1019: }
1020: return null;
1021: }
1022:
1023: public static void unsetSSLAttributes(final WSDLComponent c) {
1024: SecurityConstraint sc = getSecurityConstraint(c);
1025: if (sc != null) {
1026: try {
1027: FileObject webXmlFO = getDDFO(c);
1028: if (webXmlFO == null)
1029: return; // currently we only know what to do if it's WebProject and DD exists
1030: WebApp webXmlDD = DDProvider.getDefault().getDDRoot(
1031: webXmlFO);
1032: if ((webXmlDD != null)
1033: && (webXmlDD.getStatus() != WebApp.STATE_INVALID_UNPARSABLE)) {
1034: webXmlDD.removeSecurityConstraint(sc);
1035: webXmlDD.write(webXmlFO);
1036: }
1037: } catch (IOException ioe) {
1038: Exceptions.printStackTrace(ioe);
1039: }
1040: }
1041: }
1042:
1043: public static void setSSLAttributes(final WSDLComponent c) {
1044: if (getSecurityConstraint(c) == null) {
1045: FileObject webXmlFO = getDDFO(c);
1046: if (webXmlFO == null)
1047: return; // currently we only know what to do if it's WebProject and DD exists
1048: try {
1049: WebApp webXmlDD = DDProvider.getDefault().getDDRoot(
1050: webXmlFO);
1051: if ((webXmlDD != null)
1052: && (webXmlDD.getStatus() != WebApp.STATE_INVALID_UNPARSABLE)) {
1053: SecurityConstraint sc = (SecurityConstraint) webXmlDD
1054: .createBean("SecurityConstraint");
1055:
1056: AuthConstraint ac = (AuthConstraint) webXmlDD
1057: .createBean("AuthConstraint");
1058: ac.addRoleName("EMPLOYEE");
1059: sc.setAuthConstraint(ac);
1060:
1061: UserDataConstraint udc = (UserDataConstraint) webXmlDD
1062: .createBean("UserDataConstraint");
1063: udc.setTransportGuarantee("CONFIDENTIAL");
1064: sc.setUserDataConstraint(udc);
1065:
1066: String serviceName = null;
1067:
1068: String urlPattern = "/";
1069: boolean exit = false;
1070: if (c instanceof Binding) {
1071: Collection<Service> ss = c.getModel()
1072: .getDefinitions().getServices();
1073: for (Service s : ss) {
1074: Collection<Port> pp = s.getPorts();
1075: for (Port port : pp) {
1076: QName qname = port.getBinding()
1077: .getQName();
1078: String bName = ((Binding) c).getName();
1079: if (bName.equals(qname.getLocalPart())) {
1080: serviceName = s.getName();
1081: urlPattern = urlPattern
1082: .concat(serviceName + "/*");
1083: exit = true;
1084: break;
1085: }
1086: }
1087: if (exit)
1088: break;
1089: }
1090: }
1091: sc.setDisplayName(NbBundle.getMessage(
1092: ProfilesModelHelper.class,
1093: "LBL_SECCONSTRAINT_DNAME", serviceName));
1094: WebResourceCollection wrc = (WebResourceCollection) webXmlDD
1095: .createBean("WebResourceCollection");
1096: wrc.setHttpMethod(new String[] { "POST" });
1097: wrc.setUrlPattern(new String[] { urlPattern });
1098: wrc.setWebResourceName("Secure Area");
1099: sc.addWebResourceCollection(wrc);
1100:
1101: webXmlDD.addSecurityConstraint(sc);
1102: webXmlDD.write(webXmlFO);
1103: }
1104: } catch (IOException ioe) {
1105: Exceptions.printStackTrace(ioe);
1106: } catch (ClassNotFoundException ex) {
1107: Exceptions.printStackTrace(ex);
1108: }
1109: }
1110: }
1111:
1112: public static void setMessageLevelSecurityProfilePolicies(
1113: WSDLComponent c, String profile) {
1114: assert ((c instanceof BindingOperation) || (c instanceof Binding));
1115:
1116: if (c instanceof Binding) {
1117: Collection<BindingOperation> ops = ((Binding) c)
1118: .getBindingOperations();
1119: Iterator<BindingOperation> i = null;
1120: if ((ops != null) && (ops.size() > 0)) {
1121: i = ops.iterator();
1122: BindingOperation bOp = i.next();
1123: setMessageLevelSecurityProfilePolicies(bOp, profile);
1124: BindingInput inputB = bOp.getBindingInput();
1125: BindingOutput outputB = bOp.getBindingOutput();
1126: // BindingFault faultPolicy = bOp.getBindingFaults().;
1127: String inputPolicyUri = null;
1128: if (inputB != null) {
1129: inputPolicyUri = PolicyModelHelper
1130: .getPolicyUriForElement(inputB);
1131: }
1132: String outputPolicyUri = null;
1133: if (outputB != null) {
1134: outputPolicyUri = PolicyModelHelper
1135: .getPolicyUriForElement(outputB);
1136: }
1137: while (i.hasNext()) {
1138: BindingOperation op = i.next();
1139: if (inputB != null) {
1140: inputB = op.getBindingInput();
1141: PolicyModelHelper.attachPolicyToElement(
1142: inputPolicyUri, inputB);
1143: }
1144: if (outputB != null) {
1145: outputB = op.getBindingOutput();
1146: PolicyModelHelper.attachPolicyToElement(
1147: outputPolicyUri, outputB);
1148: }
1149: }
1150: }
1151: } else {
1152: setMessageLevelSecurityProfilePolicies(
1153: (BindingOperation) c, profile);
1154: }
1155: }
1156:
1157: public static void setMessageLevelSecurityProfilePolicies(
1158: BindingOperation o, String profile) {
1159: assert (o != null);
1160:
1161: WSDLModel model = o.getModel();
1162:
1163: BindingInput input = o.getBindingInput();
1164: BindingOutput output = o.getBindingOutput();
1165:
1166: Binding b = (Binding) o.getParent();
1167:
1168: boolean wss11 = SecurityPolicyModelHelper.isWss11(b);
1169: boolean rm = RMModelHelper.isRMEnabled(b);
1170:
1171: boolean isTransaction = model.isIntransaction();
1172: if (!isTransaction) {
1173: model.startTransaction();
1174: }
1175:
1176: try {
1177: //if (input != null) return;//PolicyModelHelper.removePolicyForElement(input);
1178: //if (output != null) return;//PolicyModelHelper.removePolicyForElement(output);
1179:
1180: // Profile #1
1181: if (ComboConstants.PROF_TRANSPORT.equals(profile)) {
1182: // do nothing, there are no msg level policies
1183: return;
1184: }
1185: // Profile #2
1186: if (ComboConstants.PROF_MSGAUTHSSL.equals(profile)) {
1187: return;
1188: }
1189: // Profile #3
1190: if (ComboConstants.PROF_SAMLSSL.equals(profile)) {
1191: return;
1192: }
1193: // Profile #4
1194: if (ComboConstants.PROF_USERNAME.equals(profile)) {
1195: SecurityPolicyModelHelper.setDefaultTargets(input,
1196: wss11, rm);
1197: SecurityPolicyModelHelper.setDefaultTargets(output,
1198: wss11, rm);
1199: return;
1200: }
1201: // Profile #5
1202: if (ComboConstants.PROF_MUTUALCERT.equals(profile)) {
1203: SecurityPolicyModelHelper.setDefaultTargets(input,
1204: true, rm);
1205: SecurityPolicyModelHelper.setDefaultTargets(output,
1206: true, rm);
1207: return;
1208: }
1209: // Profile #6
1210: if (ComboConstants.PROF_ENDORSCERT.equals(profile)) {
1211: SecurityPolicyModelHelper.setDefaultTargets(input,
1212: wss11, rm);
1213: SecurityPolicyModelHelper.setDefaultTargets(output,
1214: wss11, rm);
1215: return;
1216: }
1217: // Profile #7
1218: if (ComboConstants.PROF_SAMLSENDER.equals(profile)) {
1219: SecurityPolicyModelHelper.setDefaultTargets(input,
1220: wss11, rm);
1221: SecurityPolicyModelHelper.setDefaultTargets(output,
1222: wss11, rm);
1223: return;
1224: }
1225: // Profile #8
1226: if (ComboConstants.PROF_SAMLHOLDER.equals(profile)) {
1227: SecurityPolicyModelHelper.setDefaultTargets(input,
1228: wss11, rm);
1229: SecurityPolicyModelHelper.setDefaultTargets(output,
1230: wss11, rm);
1231: return;
1232: }
1233: // Profile #9
1234: if (ComboConstants.PROF_KERBEROS.equals(profile)) {
1235: SecurityPolicyModelHelper.setDefaultTargets(input,
1236: wss11, rm);
1237: SecurityPolicyModelHelper.setDefaultTargets(output,
1238: wss11, rm);
1239: return;
1240: }
1241: // Profile #10
1242: if (ComboConstants.PROF_STSISSUED.equals(profile)) {
1243: SecurityPolicyModelHelper.setDefaultTargets(input,
1244: wss11, rm);
1245: SecurityPolicyModelHelper.setDefaultTargets(output,
1246: wss11, rm);
1247: return;
1248: }
1249: // Profile #11
1250: if (ComboConstants.PROF_STSISSUEDCERT.equals(profile)) {
1251: SecurityPolicyModelHelper.setDefaultTargets(input,
1252: wss11, rm);
1253: SecurityPolicyModelHelper.setDefaultTargets(output,
1254: wss11, rm);
1255: return;
1256: }
1257: // Profile #12
1258: if (ComboConstants.PROF_STSISSUEDENDORSE.equals(profile)) {
1259: SecurityPolicyModelHelper.setDefaultTargets(input,
1260: wss11, rm);
1261: SecurityPolicyModelHelper.setDefaultTargets(output,
1262: wss11, rm);
1263: return;
1264: }
1265: } finally {
1266: if (!isTransaction) {
1267: model.endTransaction();
1268: }
1269: }
1270: }
1271:
1272: public static void enableSecureConversation(WSDLComponent c,
1273: boolean enable) {
1274:
1275: assert (c != null);
1276: assert ((c instanceof BindingOperation) || (c instanceof Binding));
1277:
1278: Binding b = null;
1279: if (c instanceof BindingOperation) {
1280: b = (Binding) c.getParent();
1281: } else {
1282: b = (Binding) c;
1283: }
1284:
1285: if (ProfilesModelHelper.isSCEnabled(b))
1286: return;
1287:
1288: WSDLModel model = c.getModel();
1289: WSDLComponentFactory wcf = model.getFactory();
1290:
1291: boolean isTransaction = model.isIntransaction();
1292: if (!isTransaction) {
1293: model.startTransaction();
1294: }
1295:
1296: try {
1297: if (enable) {
1298: WSDLComponent secBinding = SecurityPolicyModelHelper
1299: .getSecurityBindingTypeElement(c);
1300: WSDLComponent par = secBinding.getParent();
1301:
1302: boolean onlySign = SecurityPolicyModelHelper
1303: .isSignEntireHeadersAndBody(c);
1304: boolean includeTimestamp = SecurityPolicyModelHelper
1305: .isSignEntireHeadersAndBody(c);
1306: String algoSuite = AlgoSuiteModelHelper
1307: .getAlgorithmSuite(c);
1308:
1309: BootstrapPolicy bp = (BootstrapPolicy) wcf.create(par,
1310: SecurityPolicyQName.BOOTSTRAPPOLICY.getQName());
1311: par.addExtensibilityElement(bp);
1312: Policy p = PolicyModelHelper.createElement(bp,
1313: PolicyQName.POLICY.getQName(), Policy.class,
1314: false);
1315: p
1316: .addExtensibilityElement((ExtensibilityElement) secBinding
1317: .copy(p));
1318:
1319: for (int suppTokenType = 0; suppTokenType < 3; suppTokenType++) {
1320: ExtensibilityElement suppToken = (ExtensibilityElement) SecurityTokensModelHelper
1321: .getSupportingToken(c, suppTokenType);
1322: if (suppToken == null)
1323: continue;
1324: p
1325: .addExtensibilityElement((ExtensibilityElement) suppToken
1326: .copy(p));
1327: suppToken.getParent().removeExtensibilityElement(
1328: suppToken);
1329: }
1330:
1331: WSDLComponent bType = SecurityPolicyModelHelper
1332: .setSecurityBindingType(c,
1333: ComboConstants.SYMMETRIC);
1334: SecureConversationToken tType = (SecureConversationToken) SecurityTokensModelHelper
1335: .setTokenType(bType, ComboConstants.PROTECTION,
1336: ComboConstants.SECURECONVERSATION);
1337: SecurityTokensModelHelper.setTokenInclusionLevel(tType,
1338: ComboConstants.ALWAYSRECIPIENT);
1339: p = PolicyModelHelper.createElement(tType,
1340: PolicyQName.POLICY.getQName(), Policy.class,
1341: false);
1342: ExtensibilityElement bpcopy = (ExtensibilityElement) bp
1343: .copy(p);
1344: p.addExtensibilityElement(bpcopy);
1345: par.removeExtensibilityElement(bp);
1346: p = PolicyModelHelper.getTopLevelElement(bpcopy,
1347: Policy.class);
1348: WSDLComponent wss10 = SecurityPolicyModelHelper
1349: .getWss10(par);
1350: if (wss10 != null) {
1351: p
1352: .addExtensibilityElement((ExtensibilityElement) wss10
1353: .copy(p));
1354: }
1355: WssElement wss11 = SecurityPolicyModelHelper
1356: .getWss11(par);
1357: if (wss11 != null) {
1358: p
1359: .addExtensibilityElement((ExtensibilityElement) wss11
1360: .copy(p));
1361: }
1362: TrustElement trust = SecurityPolicyModelHelper
1363: .getTrust10(par);
1364: if (trust != null) {
1365: p
1366: .addExtensibilityElement((ExtensibilityElement) trust
1367: .copy(p));
1368: }
1369:
1370: // set top level secure conversation policy
1371: SecurityPolicyModelHelper.setLayout(bType,
1372: ComboConstants.STRICT);
1373: if (algoSuite != null) {
1374: AlgoSuiteModelHelper.setAlgorithmSuite(bType,
1375: algoSuite);
1376: } else {
1377: AlgoSuiteModelHelper.setAlgorithmSuite(bType,
1378: ComboConstants.BASIC128);
1379: }
1380: if (includeTimestamp) {
1381: SecurityPolicyModelHelper.enableIncludeTimestamp(
1382: bType, true);
1383: }
1384: if (onlySign) {
1385: SecurityPolicyModelHelper
1386: .enableSignEntireHeadersAndBody(bType, true);
1387: }
1388:
1389: boolean rm = RMModelHelper.isRMEnabled(b);
1390: SecurityPolicyModelHelper
1391: .setDefaultTargets(p, true, rm);
1392:
1393: SecurityPolicyModelHelper.disableWss(par);
1394: WssElement wss = SecurityPolicyModelHelper.enableWss(
1395: par, true);
1396: SecurityPolicyModelHelper
1397: .enableMustSupportRefKeyIdentifier(wss, true);
1398: SecurityPolicyModelHelper
1399: .enableMustSupportRefIssuerSerial(wss, true);
1400: SecurityPolicyModelHelper
1401: .enableMustSupportRefThumbprint(wss, true);
1402: SecurityPolicyModelHelper
1403: .enableMustSupportRefEncryptedKey(wss, true);
1404:
1405: SecurityPolicyModelHelper.disableTrust10(par);
1406: trust = SecurityPolicyModelHelper.enableTrust10(par);
1407: SecurityPolicyModelHelper.enableRequireClientEntropy(
1408: trust, true);
1409: SecurityPolicyModelHelper.enableRequireServerEntropy(
1410: trust, true);
1411: SecurityPolicyModelHelper
1412: .enableMustSupportIssuedTokens(trust, true);
1413:
1414: } else {
1415: WSDLComponent topSecBinding = SecurityPolicyModelHelper
1416: .getSecurityBindingTypeElement(c);
1417: WSDLComponent protTokenKind = SecurityTokensModelHelper
1418: .getTokenElement(topSecBinding,
1419: ProtectionToken.class);
1420: WSDLComponent protToken = SecurityTokensModelHelper
1421: .getTokenTypeElement(protTokenKind);
1422: WSDLComponent bootPolicy = SecurityTokensModelHelper
1423: .getTokenElement(protToken,
1424: BootstrapPolicy.class);
1425: WSDLComponent secBinding = SecurityPolicyModelHelper
1426: .getSecurityBindingTypeElement(bootPolicy);
1427:
1428: WSDLComponent par = topSecBinding.getParent()
1429: .getParent();
1430:
1431: par
1432: .addExtensibilityElement((ExtensibilityElement) secBinding
1433: .copy(par));
1434:
1435: for (int suppTokenType = 0; suppTokenType < 3; suppTokenType++) {
1436: ExtensibilityElement suppToken = (ExtensibilityElement) SecurityTokensModelHelper
1437: .getSupportingToken(secBinding.getParent(),
1438: suppTokenType);
1439: if (suppToken == null)
1440: continue;
1441: par
1442: .addExtensibilityElement((ExtensibilityElement) suppToken
1443: .copy(par));
1444: suppToken.getParent().removeExtensibilityElement(
1445: suppToken);
1446: }
1447:
1448: WssElement wss10 = SecurityPolicyModelHelper
1449: .getWss10(secBinding.getParent());
1450: if (wss10 != null) {
1451: par
1452: .addExtensibilityElement((ExtensibilityElement) wss10
1453: .copy(par));
1454: }
1455: WssElement wss11 = SecurityPolicyModelHelper
1456: .getWss11(secBinding.getParent());
1457: if (wss11 != null) {
1458: par
1459: .addExtensibilityElement((ExtensibilityElement) wss11
1460: .copy(par));
1461: }
1462: TrustElement trust = SecurityPolicyModelHelper
1463: .getTrust10(secBinding.getParent());
1464: if (trust != null) {
1465: par
1466: .addExtensibilityElement((ExtensibilityElement) trust
1467: .copy(par));
1468: }
1469:
1470: SecurityPolicyModelHelper.setSecurityBindingType(c,
1471: null);
1472: SecurityPolicyModelHelper.disableWss(c);
1473: SecurityPolicyModelHelper.disableTrust10(c);
1474:
1475: WSDLComponent copyto = PolicyModelHelper
1476: .getTopLevelElement(par, All.class);
1477: WSDLComponent bType = SecurityPolicyModelHelper
1478: .getSecurityBindingTypeElement(par);
1479: copyto
1480: .addExtensibilityElement((ExtensibilityElement) bType
1481: .copy(copyto));
1482: bType.getParent().removeExtensibilityElement(
1483: (ExtensibilityElement) bType);
1484: wss10 = SecurityPolicyModelHelper.getWss10(par);
1485: if (wss10 != null) {
1486: copyto
1487: .addExtensibilityElement((ExtensibilityElement) wss10
1488: .copy(copyto));
1489: wss10.getParent().removeExtensibilityElement(wss10);
1490: }
1491: wss11 = SecurityPolicyModelHelper.getWss11(par);
1492: if (wss11 != null) {
1493: copyto
1494: .addExtensibilityElement((ExtensibilityElement) wss11
1495: .copy(copyto));
1496: wss11.getParent().removeExtensibilityElement(wss11);
1497: }
1498: trust = SecurityPolicyModelHelper.getTrust10(par);
1499: if (trust != null) {
1500: copyto
1501: .addExtensibilityElement((ExtensibilityElement) trust
1502: .copy(copyto));
1503: trust.getParent().removeExtensibilityElement(trust);
1504: }
1505: for (int suppTokenType = 0; suppTokenType < 3; suppTokenType++) {
1506: ExtensibilityElement suppToken = (ExtensibilityElement) SecurityTokensModelHelper
1507: .getSupportingToken(par, suppTokenType);
1508: if (suppToken == null)
1509: continue;
1510: copyto
1511: .addExtensibilityElement((ExtensibilityElement) suppToken
1512: .copy(copyto));
1513: suppToken.getParent().removeExtensibilityElement(
1514: suppToken);
1515: }
1516: }
1517: } finally {
1518: if (!isTransaction) {
1519: model.endTransaction();
1520: }
1521: }
1522:
1523: }
1524: }
|