Save This Page
Home » rampart-dist-1.4-src » org.apache » rahas » impl » [javadoc | source]
    1   package org.apache.rahas.impl;
    2   
    3   import java.security.PublicKey;
    4   import java.security.cert.X509Certificate;
    5   import java.text.DateFormat;
    6   import java.util.Arrays;
    7   import java.util.Date;
    8   
    9   import org.apache.axiom.om.OMElement;
   10   import org.apache.axiom.om.OMNode;
   11   import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
   12   import org.apache.axiom.soap.SOAPEnvelope;
   13   import org.apache.axis2.context.MessageContext;
   14   import org.apache.axis2.description.Parameter;
   15   import org.apache.rahas.RahasConstants;
   16   import org.apache.rahas.RahasData;
   17   import org.apache.rahas.Token;
   18   import org.apache.rahas.TokenRenewer;
   19   import org.apache.rahas.TokenStorage;
   20   import org.apache.rahas.TrustException;
   21   import org.apache.rahas.TrustUtil;
   22   import org.apache.ws.security.WSSecurityException;
   23   import org.apache.ws.security.components.crypto.Crypto;
   24   import org.apache.ws.security.components.crypto.CryptoFactory;
   25   import org.apache.ws.security.util.XmlSchemaDateFormat;
   26   import org.apache.xml.security.signature.XMLSignature;
   27   import org.opensaml.SAMLAssertion;
   28   import org.opensaml.SAMLException;
   29   import org.w3c.dom.Element;
   30   import org.w3c.dom.Node;
   31   
   32   public class SAMLTokenRenewer implements TokenRenewer {
   33       
   34       private String configParamName;
   35   
   36       private OMElement configElement;
   37   
   38       private String configFile;
   39   
   40       public SOAPEnvelope renew(RahasData data) throws TrustException {
   41           
   42           // retrieve the message context
   43           MessageContext inMsgCtx = data.getInMessageContext();
   44           
   45           SAMLTokenIssuerConfig config = null;
   46           if (this.configElement != null) {
   47               config = new SAMLTokenIssuerConfig(configElement
   48                               .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
   49           }
   50   
   51           // Look for the file
   52           if (config == null && this.configFile != null) {
   53               config = new SAMLTokenIssuerConfig(this.configFile);
   54           }
   55   
   56           // Look for the param
   57           if (config == null && this.configParamName != null) {
   58               Parameter param = inMsgCtx.getParameter(this.configParamName);
   59               if (param != null && param.getParameterElement() != null) {
   60                   config = new SAMLTokenIssuerConfig(param
   61                           .getParameterElement().getFirstChildWithName(
   62                                   SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
   63               } else {
   64                   throw new TrustException("expectedParameterMissing",
   65                           new String[] { this.configParamName });
   66               }
   67           }
   68   
   69           if (config == null) {
   70               throw new TrustException("configurationIsNull");
   71           }
   72           
   73           // retrieve the list of tokens from the message context
   74           TokenStorage tkStorage = TrustUtil.getTokenStore(inMsgCtx);
   75           
   76           try {
   77               // Set the DOM impl to DOOM
   78               DocumentBuilderFactoryImpl.setDOOMRequired(true);
   79   
   80               // Create envelope
   81               SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
   82                       .getEnvelope().getNamespace().getNamespaceURI());
   83   
   84               // Create RSTR element, with respective version
   85               OMElement rstrElem;
   86               int wstVersion = data.getVersion();
   87               if (RahasConstants.VERSION_05_02 == wstVersion) {
   88                   rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
   89                           wstVersion, env.getBody());
   90               } else {
   91                   OMElement rstrcElem = TrustUtil
   92                           .createRequestSecurityTokenResponseCollectionElement(
   93                                   wstVersion, env.getBody());
   94                   rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
   95                           wstVersion, rstrcElem);
   96               }
   97               
   98               Crypto crypto;
   99               if (config.cryptoElement != null) { 
  100                   // crypto props defined as elements
  101                   crypto = CryptoFactory.getInstance(TrustUtil
  102                           .toProperties(config.cryptoElement), inMsgCtx
  103                           .getAxisService().getClassLoader());
  104               } else { 
  105                   // crypto props defined in a properties file
  106                   crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
  107                           inMsgCtx.getAxisService().getClassLoader());
  108               }
  109   
  110               // Create TokenType element
  111               TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
  112                       RahasConstants.TOK_TYPE_SAML_10);
  113               
  114               // Creation and expiration times
  115               Date creationTime = new Date();
  116               Date expirationTime = new Date();
  117               expirationTime.setTime(creationTime.getTime() + config.ttl);
  118               
  119               // Use GMT time in milliseconds
  120               DateFormat zulu = new XmlSchemaDateFormat();
  121   
  122               // Add the Lifetime element
  123               TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
  124                       .format(creationTime), zulu.format(expirationTime));
  125   
  126               // Obtain the token
  127               Token tk = tkStorage.getToken(data.getTokenId());
  128   
  129               OMElement assertionOMElement = tk.getToken();
  130               SAMLAssertion samlAssertion = null;
  131   
  132               try {
  133                   samlAssertion = new SAMLAssertion((Element) assertionOMElement);
  134                   samlAssertion.unsign();
  135                   samlAssertion.setNotBefore(creationTime);
  136                   samlAssertion.setNotOnOrAfter(expirationTime);
  137                   
  138                   // sign the assertion
  139                   X509Certificate[] issuerCerts = crypto
  140                           .getCertificates(config.issuerKeyAlias);
  141   
  142                   String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
  143                   String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
  144                   if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
  145                       sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
  146                   }
  147                   java.security.Key issuerPK = crypto.getPrivateKey(
  148                           config.issuerKeyAlias, config.issuerKeyPassword);
  149                   
  150                   samlAssertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
  151                   
  152                   // Create the RequestedSecurityToken element and add the SAML token
  153                   // to it
  154                   OMElement reqSecTokenElem = TrustUtil
  155                           .createRequestedSecurityTokenElement(wstVersion, rstrElem);
  156                   
  157                   Node tempNode = samlAssertion.toDOM();
  158                   reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
  159                           .getOwnerDocument().importNode(tempNode, true));
  160   
  161   
  162               } catch (SAMLException e) {
  163                   throw new TrustException("Cannot create SAML Assertion",e);             
  164               } catch (WSSecurityException e) {
  165                   throw new TrustException("Cannot create SAML Assertion",e);
  166               } catch (Exception e) {
  167                   throw new TrustException("Cannot create SAML Assertion",e);
  168               }
  169               return env;
  170           } finally {
  171               DocumentBuilderFactoryImpl.setDOOMRequired(false);
  172           }
  173   
  174       }
  175   
  176       /**
  177        * {@inheritDoc}
  178        */
  179       public void setConfigurationFile(String configFile) {
  180           this.configFile = configFile;
  181   
  182       }
  183       
  184       /**
  185        * {@inheritDoc}
  186        */
  187       public void setConfigurationElement(OMElement configElement) {
  188           this.configElement = configElement;
  189       }
  190   
  191       /**
  192        * {@inheritDoc}
  193        */
  194       public void setConfigurationParamName(String configParamName) {
  195           this.configParamName = configParamName;
  196       }
  197   
  198   
  199   }

Save This Page
Home » rampart-dist-1.4-src » org.apache » rahas » impl » [javadoc | source]