use of com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken in project OpenAM by OpenRock.
the class DiscoveryService method processRequest.
/**
* Processes request.
* @param request in coming request <code>Message</code>
* @return response <code>Message</code>
* @exception Exception if an error occurred during the process.
*/
public Message processRequest(Message request) throws Exception {
List bodies = request.getBodies();
bodies = Utils.convertElementToJAXB(bodies);
if (!(bodies.size() == 1)) {
// log it
DiscoUtils.debug.error("DiscoService.processRequest: SOAP message" + " didn't contain one SOAP body.");
throw new Exception(DiscoUtils.bundle.getString("oneBody"));
}
String authnMech = request.getAuthenticationMechanism();
if (DiscoUtils.debug.messageEnabled()) {
DiscoUtils.debug.message("DiscoService.processRequest: " + "authentication mechanism =" + authnMech);
}
Set authnMechs = DiscoServiceManager.getSupportedAuthenticationMechanisms();
if ((authnMechs == null) || (!authnMechs.contains(authnMech))) {
DiscoUtils.debug.error("DiscoService.processRequest: Authentication" + "Mechanism used is not supported by this service:" + authnMech);
throw new Exception(DiscoUtils.bundle.getString("authnMechNotSupported"));
}
Message message = null;
ProviderHeader provH = null;
try {
provH = new ProviderHeader(DiscoServiceManager.getDiscoProviderID());
} catch (SOAPBindingException sbe) {
throw new DiscoveryException(sbe.getMessage());
}
if (DiscoServiceManager.useResponseAuthentication() || (authnMech.equals(Message.NULL_X509)) || (authnMech.equals(Message.NULL_SAML)) || (authnMech.equals(Message.NULL_BEARER)) || (authnMech.equals(Message.TLS_X509)) || (authnMech.equals(Message.TLS_SAML)) || (authnMech.equals(Message.TLS_BEARER)) || (authnMech.equals(Message.CLIENT_TLS_X509)) || (authnMech.equals(Message.CLIENT_TLS_SAML)) || (authnMech.equals(Message.CLIENT_TLS_BEARER)) || (authnMech.equals(Message.NULL_X509_WSF11)) || (authnMech.equals(Message.NULL_SAML_WSF11)) || (authnMech.equals(Message.NULL_BEARER_WSF11)) || (authnMech.equals(Message.TLS_X509_WSF11)) || (authnMech.equals(Message.TLS_SAML_WSF11)) || (authnMech.equals(Message.TLS_BEARER_WSF11)) || (authnMech.equals(Message.CLIENT_TLS_X509_WSF11)) || (authnMech.equals(Message.CLIENT_TLS_SAML_WSF11)) || (authnMech.equals(Message.CLIENT_TLS_BEARER_WSF11))) {
try {
SecurityTokenManager stm = new SecurityTokenManager(request.getToken());
BinarySecurityToken binaryToken = stm.getX509CertificateToken();
binaryToken.setWSFVersion(request.getWSFVersion());
message = new Message(provH, binaryToken);
message.setWSFVersion(request.getWSFVersion());
} catch (Exception e) {
DiscoUtils.debug.error("DiscoveryService.processRequest:" + "couldn't generate Message with X509 token: ", e);
throw new DiscoveryException(e.getMessage());
}
} else {
try {
message = new Message(provH);
} catch (Exception e) {
DiscoUtils.debug.error("DiscoveryService.processRequest:" + "couldn't generate Message: ", e);
throw new DiscoveryException(e.getMessage());
}
}
Object body = bodies.iterator().next();
if (body instanceof QueryType) {
message.setSOAPBody(lookup((QueryType) body, request));
} else if (body instanceof ModifyType) {
message.setSOAPBody(Utils.convertJAXBToElement(update((ModifyType) body, request)));
} else {
DiscoUtils.debug.error("DiscoService.processRequest: SOAPBody " + "is not a Disco message.");
throw new Exception(DiscoUtils.bundle.getString("bodyNotDisco"));
}
//message.setOtherHeader()
return message;
}
use of com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken in project OpenAM by OpenRock.
the class Message method parseSecurityElement.
/**
* Sets security profile type by parsing a security element.
*
* @param se a security element
* @throws SOAPBindingException if an error occurs while parsing
* the security element
*/
private void parseSecurityElement(Element securityE) throws SOAPBindingException {
if (securityE == null) {
securityProfileType = ANONYMOUS;
return;
}
String wsseNS = securityE.getNamespaceURI();
if (wsseNS == null) {
securityProfileType = ANONYMOUS;
return;
}
String wsuNS = null;
if (wsseNS.equals(WSSEConstants.NS_WSSE_WSF11)) {
wsfVersion = SOAPBindingConstants.WSF_11_VERSION;
wsuNS = WSSEConstants.NS_WSU_WSF11;
} else if (wsseNS.equals(WSSEConstants.NS_WSSE)) {
wsfVersion = SOAPBindingConstants.WSF_10_VERSION;
wsuNS = WSSEConstants.NS_WSU;
} else {
securityProfileType = ANONYMOUS;
return;
}
NodeList nl = securityE.getElementsByTagNameNS(wsseNS, SAMLConstants.TAG_SECURITYTOKENREFERENCE);
Element securityTokenRefE = null;
String uri = null;
if (nl != null && nl.getLength() > 0) {
securityTokenRefE = (Element) nl.item(0);
List list = XMLUtils.getElementsByTagNameNS1(securityTokenRefE, wsseNS, SAMLConstants.TAG_REFERENCE);
if (!list.isEmpty()) {
Element referenceE = (Element) list.get(0);
uri = XMLUtils.getNodeAttributeValue(referenceE, SAMLConstants.TAG_URI);
if (uri != null && uri.length() > 1 && uri.startsWith("#")) {
uri = uri.substring(1);
} else {
String msg = Utils.bundle.getString("invalidReferenceURI");
Utils.debug.error("Message.parseSecurityElement: " + msg);
throw new SOAPBindingException(msg);
}
if (Utils.debug.messageEnabled()) {
Utils.debug.message("Message.parseSecurityElement: " + "SecurityTokenReference Reference URI = " + uri);
}
}
}
securityProfileType = ANONYMOUS;
securityHeaders = new ArrayList();
nl = securityE.getChildNodes();
int length = nl.getLength();
for (int i = 0; i < length; i++) {
Node child = nl.item(i);
if (child.getNodeType() == Node.ELEMENT_NODE) {
String localName = child.getLocalName();
String ns = child.getNamespaceURI();
if (securityProfileType != ANONYMOUS) {
securityHeaders.add(child);
continue;
}
if (SAMLConstants.BINARYSECURITYTOKEN.equals(localName) && wsseNS.equals(ns)) {
Element binarySecurityTokenE = (Element) child;
String valuetype = XMLUtils.getNodeAttributeValue(binarySecurityTokenE, "ValueType");
Utils.debug.message("ValueType: " + valuetype);
if ((valuetype != null) && valuetype.endsWith("ServiceSessionContext")) {
securityHeaders.add(child);
continue;
}
if (uri != null) {
String id = XMLUtils.getNodeAttributeValueNS(binarySecurityTokenE, wsuNS, SAMLConstants.TAG_ID);
if (!uri.equals(id)) {
securityHeaders.add(child);
continue;
}
}
try {
binarySecurityToken = new BinarySecurityToken(binarySecurityTokenE);
messageCertificate = (X509Certificate) SecurityUtils.getCertificate(binarySecurityToken);
} catch (Exception ex) {
String msg = Utils.bundle.getString("cannotProcessBinarySecurityToken");
Utils.debug.error("Message.parseSecurityElement: " + msg);
throw new SOAPBindingException(msg);
}
if (Utils.debug.messageEnabled()) {
Utils.debug.message("Message.parseSecurityElement:" + " found binary security token");
}
securityProfileType = X509_TOKEN;
} else if (SAMLConstants.TAG_ASSERTION.equals(localName) && SAMLConstants.assertionSAMLNameSpaceURI.equals(ns)) {
Element assertionE = (Element) child;
if (uri != null) {
String assertionID = XMLUtils.getNodeAttributeValue(assertionE, SAMLConstants.TAG_ASSERTION_ID);
if (!uri.equals(assertionID)) {
securityHeaders.add(child);
continue;
}
}
try {
assertion = new SecurityAssertion(assertionE);
} catch (SAMLException ex) {
String msg = Utils.bundle.getString("cannotProcessSAMLAssertion");
Utils.debug.error("Message.parseSecurityElement: " + msg);
throw new SOAPBindingException(msg);
}
if (Utils.debug.messageEnabled()) {
Utils.debug.message("Message.parseSecurityElement:" + " found security assertion, " + "isBearer = " + assertion.isBearer());
}
if (assertion.isBearer()) {
securityProfileType = BEARER_TOKEN;
} else {
securityProfileType = SAML_TOKEN;
messageCertificate = (X509Certificate) SecurityUtils.getCertificate(assertion);
}
} else {
securityHeaders.add(child);
}
}
}
if (securityHeaders.isEmpty()) {
securityHeaders = null;
}
}
use of com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken in project OpenAM by OpenRock.
the class MessageProcessor method signMessage.
/**
* Signs the message.
* @param soapMessage SOAPMessage that needs to be signed.
* @param profile Security profile that needs to be used for signing.
* @param assertion Security Assertion
* @return SOAPMessage signed SOAPMessage.
*/
private SOAPMessage signMessage(SOAPMessage soapMessage, String profile, SecurityAssertion assertion) throws SOAPBindingException {
try {
SOAPHeader soapHeader = soapMessage.getSOAPPart().getEnvelope().getHeader();
if (soapHeader == null) {
soapMessage.getSOAPPart().getEnvelope().addHeader();
}
SOAPBody soapBody = soapMessage.getSOAPPart().getEnvelope().getBody();
if (soapBody == null) {
throw new SOAPBindingException(Utils.bundle.getString("nullSOAPBody"));
}
String bodyId = SAMLUtils.generateID();
soapBody.setAttributeNS(WSSEConstants.NS_WSU_WSF11, WSSEConstants.WSU_ID, bodyId);
List ids = new ArrayList();
ids.add(bodyId);
if (correlationId != null) {
ids.add(correlationId);
}
Certificate cert = null;
Element sigElem = null;
ByteArrayInputStream bin = null;
ByteArrayOutputStream bop = new ByteArrayOutputStream();
Document doc = null;
if (profile == null || profile.equals(Message.NULL_X509) || profile.equals(Message.TLS_X509) || profile.equals(Message.CLIENT_TLS_X509) || profile.equals(Message.NULL_X509_WSF11) || profile.equals(Message.TLS_X509_WSF11) || profile.equals(Message.CLIENT_TLS_X509_WSF11)) {
BinarySecurityToken binaryToken = addBinaryToken(soapMessage);
cert = SecurityUtils.getCertificate(binaryToken);
soapMessage.writeTo(bop);
bin = new ByteArrayInputStream(bop.toByteArray());
doc = XMLUtils.toDOMDocument(bin, Utils.debug);
sigElem = SecurityUtils.getSignatureManager().signWithWSSX509TokenProfile(doc, cert, "", ids, SOAPBindingConstants.WSF_11_VERSION);
} else if (profile.equals(Message.NULL_SAML) || profile.equals(Message.TLS_SAML) || profile.equals(Message.CLIENT_TLS_SAML) || profile.equals(Message.NULL_SAML_WSF11) || profile.equals(Message.TLS_SAML_WSF11) || profile.equals(Message.CLIENT_TLS_SAML_WSF11)) {
cert = SecurityUtils.getCertificate(assertion);
soapMessage.writeTo(bop);
new ByteArrayInputStream(bop.toByteArray());
bin = new ByteArrayInputStream(bop.toByteArray());
doc = XMLUtils.toDOMDocument(bin, Utils.debug);
sigElem = SecurityUtils.getSignatureManager().signWithWSSSAMLTokenProfile(doc, cert, assertion.getAssertionID(), "", ids, SOAPBindingConstants.WSF_11_VERSION);
}
if (sigElem == null) {
Utils.debug.error("MessageProcessor.signMessage: " + "SigElement is null");
throw new SOAPBindingException(Utils.bundle.getString("cannotSignMessage"));
}
Element securityHeader = getSecurityHeader(soapMessage);
securityHeader.appendChild(securityHeader.getOwnerDocument().importNode(sigElem, true));
return Utils.DocumentToSOAPMessage(sigElem.getOwnerDocument());
} catch (Exception ex) {
Utils.debug.error("MessageProcessor.signMessage: " + "Signing failed.", ex);
throw new SOAPBindingException(Utils.bundle.getString("cannotSignMessage"));
}
}
use of com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken in project OpenAM by OpenRock.
the class MessageProcessor method addBinaryToken.
/**
* Adds binary token to the security header.
*/
private BinarySecurityToken addBinaryToken(SOAPMessage msg) throws SOAPBindingException {
try {
SOAPHeader header = msg.getSOAPPart().getEnvelope().getHeader();
if (header == null) {
header = msg.getSOAPPart().getEnvelope().addHeader();
}
SecurityTokenManager manager = new SecurityTokenManager(null);
BinarySecurityToken binaryToken = manager.getX509CertificateToken();
binaryToken.setWSFVersion(SOAPBindingConstants.WSF_11_VERSION);
binaryToken.addToParent(header);
return binaryToken;
} catch (Exception ex) {
Utils.debug.error("MessageProcessor.addBinaryToken: " + "Could not add binary security token", ex);
throw new SOAPBindingException(Utils.bundle.getString("cannotAddCorrelationHeader"));
}
}
use of com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken in project OpenAM by OpenRock.
the class DSTRequestHandler method generateBinarySecurityToken.
/**
* Generates the binary security token if the security profile is X509.
* @param msg Request Message.
* @return BinarySecurityToken.
* @exception DSTException.
*/
private BinarySecurityToken generateBinarySecurityToken(Message msg) throws DSTException {
try {
SecurityTokenManager manager = new SecurityTokenManager(msg.getToken());
BinarySecurityToken binaryToken = manager.getX509CertificateToken();
binaryToken.setWSFVersion(msg.getWSFVersion());
return binaryToken;
} catch (Exception e) {
DSTUtils.debug.error("DSTRequestHandler:generateBinary" + "SecurityToken: Error in generating binary security token.", e);
throw new DSTException(e);
}
}
Aggregations