001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036:
037: package com.sun.xml.ws.security.impl.policyconv;
038:
039: import com.sun.xml.ws.policy.AssertionSet;
040: import com.sun.xml.ws.policy.NestedPolicy;
041: import com.sun.xml.ws.policy.PolicyAssertion;
042: import com.sun.xml.ws.policy.PolicyException;
043: import com.sun.xml.ws.security.impl.policy.Constants;
044: import com.sun.xml.ws.security.impl.policy.LogStringsMessages;
045: import com.sun.xml.ws.security.impl.policy.PolicyUtil;
046: import com.sun.xml.ws.security.policy.IssuedToken;
047: import com.sun.xml.ws.security.policy.SamlToken;
048: import com.sun.xml.ws.security.policy.SecureConversationToken;
049: import com.sun.xml.ws.security.policy.Token;
050: import com.sun.xml.ws.security.policy.UserNameToken;
051: import com.sun.xml.ws.security.policy.X509Token;
052: import com.sun.xml.wss.impl.MessageConstants;
053: import com.sun.xml.wss.impl.policy.PolicyGenerationException;
054: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
055: import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
056: import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
057: import com.sun.xml.wss.impl.policy.mls.KeyBindingBase;
058: import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
059: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
060: import java.util.Iterator;
061: import java.util.Set;
062: import java.util.logging.Level;
063: import static com.sun.xml.ws.security.impl.policy.Constants.logger;
064:
065: /**
066: *
067: * @author K.Venugopal@sun.com
068: */
069: public class TokenProcessor {
070: protected boolean isServer = false;
071: protected boolean isIncoming = false;
072: private PolicyID pid = null;
073:
074: /** Creates a new instance of TokenProcessor */
075: public TokenProcessor(boolean isServer, boolean isIncoming,
076: PolicyID pid) {
077: this .isServer = isServer;
078: this .isIncoming = isIncoming;
079: this .pid = pid;
080: }
081:
082: protected void setX509TokenRefType(
083: AuthenticationTokenPolicy.X509CertificateBinding x509CB,
084: X509Token token) {
085: Set tokenRefTypes = token.getTokenRefernceType();
086: if (!tokenRefTypes.isEmpty()) {
087: if (tokenRefTypes
088: .contains(Token.REQUIRE_THUMBPRINT_REFERENCE)) {
089: if (logger.isLoggable(Level.FINEST)) {
090: logger.log(Level.FINEST,
091: " ReferenceType set to KeyBinding" + x509CB
092: + " is Thumbprint");
093: }
094: x509CB
095: .setReferenceType(SecurityPolicyUtil
096: .convertToXWSSConstants(Token.REQUIRE_THUMBPRINT_REFERENCE));
097: } else if (tokenRefTypes
098: .contains(Token.REQUIRE_KEY_IDENTIFIER_REFERENCE)) {
099: if (logger.isLoggable(Level.FINEST)) {
100: logger.log(Level.FINEST,
101: " ReferenceType set to KeyBinding" + x509CB
102: + " is KeyIdentifier");
103: }
104: x509CB
105: .setReferenceType(SecurityPolicyUtil
106: .convertToXWSSConstants(Token.REQUIRE_KEY_IDENTIFIER_REFERENCE));
107: } else if (tokenRefTypes
108: .contains(Token.REQUIRE_ISSUER_SERIAL_REFERENCE)) {
109: if (logger.isLoggable(Level.FINEST)) {
110: logger.log(Level.FINEST,
111: " ReferenceType set to KeyBinding "
112: + x509CB + " is IssuerSerial");
113: }
114: x509CB
115: .setReferenceType(SecurityPolicyUtil
116: .convertToXWSSConstants(Token.REQUIRE_ISSUER_SERIAL_REFERENCE));
117: } else {
118: if (logger.isLoggable(Level.FINEST)) {
119: logger.log(Level.FINEST, " ReferenceType " + x509CB
120: + " set is DirectReference");
121: }
122: x509CB
123: .setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
124: }
125: } else {
126: if (logger.isLoggable(Level.FINEST)) {
127: logger
128: .log(Level.FINEST,
129: " ReferenceType set is REQUIRE_THUMBPRINT_REFERENCE");
130: }
131: x509CB
132: .setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
133: }
134: }
135:
136: public void addKeyBinding(WSSPolicy policy, Token token,
137: boolean ignoreDK) throws PolicyException {
138: PolicyAssertion tokenAssertion = (PolicyAssertion) token;
139: if (PolicyUtil.isX509Token(tokenAssertion)) {
140: AuthenticationTokenPolicy.X509CertificateBinding x509CB = new AuthenticationTokenPolicy.X509CertificateBinding();
141: // (AuthenticationTokenPolicy.X509CertificateBinding)policy.newX509CertificateKeyBinding();
142: x509CB.setUUID(token.getTokenId());
143: setX509TokenRefType(x509CB, (X509Token) token);
144: setTokenInclusion(x509CB, (Token) tokenAssertion);
145: setTokenValueType(x509CB, tokenAssertion);
146: //x509CB.setPolicyToken(token);
147: if (!ignoreDK && ((X509Token) token).isRequireDerivedKeys()) {
148: DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
149: dtKB.setOriginalKeyBinding(x509CB);
150: policy.setKeyBinding(dtKB);
151: dtKB.setUUID(pid.generateID());
152:
153: } else {
154: policy.setKeyBinding(x509CB);
155: }
156:
157: } else if (PolicyUtil.isSamlToken(tokenAssertion)) {
158: AuthenticationTokenPolicy.SAMLAssertionBinding sab = new AuthenticationTokenPolicy.SAMLAssertionBinding();
159: //(AuthenticationTokenPolicy.SAMLAssertionBinding)policy.newSAMLAssertionKeyBinding();
160: sab.setUUID(token.getTokenId());
161: sab.setSTRID(token.getTokenId());
162: sab
163: .setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
164: setTokenInclusion(sab, (Token) tokenAssertion);
165: //sab.setPolicyToken((Token) tokenAssertion);
166: if (((SamlToken) token).isRequireDerivedKeys()) {
167: DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
168: dtKB.setOriginalKeyBinding(sab);
169: policy.setKeyBinding(dtKB);
170: dtKB.setUUID(pid.generateID());
171: } else {
172: policy.setKeyBinding(sab);
173: }
174: } else if (PolicyUtil.isIssuedToken(tokenAssertion)) {
175: IssuedTokenKeyBinding itkb = new IssuedTokenKeyBinding();
176: setTokenInclusion(itkb, (Token) tokenAssertion);
177: //itkb.setPolicyToken((Token) tokenAssertion);
178: itkb.setUUID(((Token) tokenAssertion).getTokenId());
179: IssuedToken it = (IssuedToken) tokenAssertion;
180: if (it.isRequireDerivedKeys()) {
181: DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
182: dtKB.setOriginalKeyBinding(itkb);
183: policy.setKeyBinding(dtKB);
184: dtKB.setUUID(pid.generateID());
185: } else {
186: policy.setKeyBinding(itkb);
187: }
188: } else if (PolicyUtil.isSecureConversationToken(tokenAssertion)) {
189: SecureConversationTokenKeyBinding sct = new SecureConversationTokenKeyBinding();
190: SecureConversationToken sctPolicy = (SecureConversationToken) tokenAssertion;
191: if (sctPolicy.isRequireDerivedKeys()) {
192: DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
193: dtKB.setOriginalKeyBinding(sct);
194: policy.setKeyBinding(dtKB);
195: dtKB.setUUID(pid.generateID());
196: } else {
197: policy.setKeyBinding(sct);
198: }
199: setTokenInclusion(sct, (Token) tokenAssertion);
200: //sct.setPolicyToken((Token)tokenAssertion);
201: sct.setUUID(((Token) tokenAssertion).getTokenId());
202: } else {
203: throw new UnsupportedOperationException(
204: "addKeyBinding for " + token + "is not supported");
205: }
206: if (logger.isLoggable(Level.FINEST)) {
207: logger.log(Level.FINEST, "KeyBinding type "
208: + policy.getKeyBinding()
209: + "has been added to policy" + policy);
210: }
211: }
212:
213: protected void setTokenInclusion(KeyBindingBase xwssToken,
214: Token token) throws PolicyException {
215: boolean change = false;
216: if (this .isServer && !isIncoming) {
217: if (!Token.INCLUDE_ALWAYS.equals(token.getIncludeToken())) {
218: xwssToken.setIncludeToken(Token.INCLUDE_NEVER);
219: if (logger.isLoggable(Level.FINEST)) {
220: logger.log(Level.FINEST,
221: "Token Inclusion value of INCLUDE NEVER has been set to Token"
222: + xwssToken);
223: }
224: return;
225: }
226: } else if (!this .isServer && isIncoming) {
227: if (Token.INCLUDE_ALWAYS_TO_RECIPIENT.equals(token
228: .getIncludeToken())
229: || Token.INCLUDE_ONCE.equals(token
230: .getIncludeToken())) {
231: xwssToken.setIncludeToken(Token.INCLUDE_NEVER);
232:
233: if (logger.isLoggable(Level.FINEST)) {
234: logger.log(Level.FINEST,
235: "Token Inclusion value of INCLUDE NEVER has been set to Token"
236: + xwssToken);
237: }
238: return;
239: }
240: }
241:
242: if (logger.isLoggable(Level.FINEST)) {
243: logger.log(Level.FINEST, "Token Inclusion value of"
244: + token.getIncludeToken()
245: + " has been set to Token" + xwssToken);
246: }
247: xwssToken.setIncludeToken(token.getIncludeToken());
248: }
249:
250: public WSSPolicy getWSSToken(Token token) throws PolicyException {
251: //TODO: IncludeToken
252:
253: if (PolicyUtil.isUsernameToken((PolicyAssertion) token)) {
254: AuthenticationTokenPolicy.UsernameTokenBinding key = null;
255: key = new AuthenticationTokenPolicy.UsernameTokenBinding();
256: try {
257: key.newTimestampFeatureBinding();
258: } catch (PolicyGenerationException ex) {
259: throw new PolicyException(ex);
260: }
261: key.setUUID(token.getTokenId());
262: setTokenInclusion(key, token);
263: UserNameToken ut = (UserNameToken) token;
264: if (!ut.hasPassword()) {
265: key.setNoPassword(true);
266: }
267: //key.setPolicyToken(token);
268: return key;
269: } else if (PolicyUtil.isSamlToken((PolicyAssertion) token)) {
270: AuthenticationTokenPolicy.SAMLAssertionBinding key = null;
271: key = new AuthenticationTokenPolicy.SAMLAssertionBinding();
272: setTokenInclusion(key, token);
273: key
274: .setAssertionType(AuthenticationTokenPolicy.SAMLAssertionBinding.SV_ASSERTION);
275: //key.setPolicyToken(token);
276: key.setUUID(token.getTokenId());
277: key.setSTRID(token.getTokenId());
278: return key;
279: } else if (PolicyUtil.isIssuedToken((PolicyAssertion) token)) {
280: IssuedTokenKeyBinding key = new IssuedTokenKeyBinding();
281: setTokenInclusion(key, token);
282: //key.setPolicyToken(token);
283: key.setUUID(token.getTokenId());
284: return key;
285: } else if (PolicyUtil
286: .isSecureConversationToken((PolicyAssertion) token)) {
287: SecureConversationTokenKeyBinding key = new SecureConversationTokenKeyBinding();
288: setTokenInclusion(key, token);
289: //key.setPolicyToken(token);
290: key.setUUID(token.getTokenId());
291: return key;
292: } else if (PolicyUtil.isX509Token((PolicyAssertion) token)) {
293: AuthenticationTokenPolicy.X509CertificateBinding xt = new AuthenticationTokenPolicy.X509CertificateBinding();
294: xt.setUUID(token.getTokenId());
295: //xt.setPolicyToken(token);
296: setTokenInclusion(xt, token);
297: setX509TokenRefType(xt, (X509Token) token);
298: return xt;
299: }
300: if (logger.isLoggable(Level.SEVERE)) {
301: logger.log(Level.SEVERE, LogStringsMessages
302: .SP_0107_UNKNOWN_TOKEN_TYPE(token));
303: }
304:
305: throw new UnsupportedOperationException("Unsupported " + token
306: + "format");
307: }
308:
309: public void setTokenValueType(
310: AuthenticationTokenPolicy.X509CertificateBinding x509CB,
311: PolicyAssertion tokenAssertion) {
312:
313: NestedPolicy policy = tokenAssertion.getNestedPolicy();
314: if (policy == null) {
315: return;
316: }
317: AssertionSet as = policy.getAssertionSet();
318: Iterator<PolicyAssertion> itr = as.iterator();
319: while (itr.hasNext()) {
320: PolicyAssertion policyAssertion = (PolicyAssertion) itr
321: .next();
322: if (policyAssertion.getName().getLocalPart().equals(
323: Constants.WssX509V1Token11)
324: || policyAssertion.getName().getLocalPart().equals(
325: Constants.WssX509V1Token10)) {
326: x509CB.setValueType(MessageConstants.X509v1_NS);
327: } else if (policyAssertion.getName().getLocalPart().equals(
328: Constants.WssX509V3Token10)
329: || policyAssertion.getName().getLocalPart().equals(
330: Constants.WssX509V3Token11)) {
331: x509CB.setValueType(MessageConstants.X509v3_NS);
332: }
333: }
334: }
335:
336: }
|