Examples with ProviderHeader com.sun.identity.liberty.ws.soapbinding.ProviderHeader used on opensource projects

Example 1 with ProviderHeader

use of com.sun.identity.liberty.ws.soapbinding.ProviderHeader in project OpenAM by OpenRock.

the class PPRequestHandler method processDSTRequest.

/**
     * Processes query/modify request.
     * @param request query or modify object.
     * @param requestMsg Request Message.
     * @param responseMsg Response Message.
     * @return Object processed response object.
     * @exception SOAPFaultException for the interaction redirects 
     * @exception Exception for any failure.
     */
public Object processDSTRequest(Object request, Message requestMsg, Message responseMsg) throws SOAPFaultException, DSTException {
    IDPPUtils.debug.message("PPRequestHandler:processRequest:Init");
    try {
        IDPPServiceManager serviceManager = IDPPServiceManager.getInstance();
        String providerID = serviceManager.getProviderID();
        ProviderHeader ph = new ProviderHeader(providerID);
        responseMsg.setProviderHeader(ph);
        if (serviceManager.isServiceInstanceUpdateEnabled()) {
            ServiceInstanceUpdateHeader siuHeader = getServiceInstanceUpdateHeader();
            responseMsg.setServiceInstanceUpdateHeader(siuHeader);
        }
        if (request instanceof QueryElement) {
            QueryElement query = (QueryElement) request;
            Document doc = IDPPUtils.getDocumentBuilder().newDocument();
            IDPPUtils.getMarshaller().setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapperImpl());
            IDPPUtils.getMarshaller().marshal(query, doc);
            return processQueryRequest(query, providerID, requestMsg, doc);
        } else if (request instanceof ModifyElement) {
            ModifyElement modify = (ModifyElement) request;
            Document doc = IDPPUtils.getDocumentBuilder().newDocument();
            IDPPUtils.getMarshaller().setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapperImpl());
            IDPPUtils.getMarshaller().marshal(modify, doc);
            return processModifyRequest(modify, providerID, requestMsg, doc);
        } else {
            IDPPUtils.debug.error("PPRequestHandler:processRequest:invalid" + " Request.");
            throw new DSTException(IDPPUtils.bundle.getString("invalidRequest"));
        }
    } catch (IDPPException ie) {
        IDPPUtils.debug.error("PPRequestHandler:processRequest fail", ie);
        throw new DSTException(ie);
    } catch (JAXBException je) {
        IDPPUtils.debug.error("PPRequestHandler:processRequest fail", je);
        throw new DSTException(IDPPUtils.bundle.getString("jaxbFailure"));
    } catch (SOAPBindingException sbe) {
        IDPPUtils.debug.error("PPRequestHandler:processRequest fail", sbe);
        throw new DSTException(sbe);
    }
}

Example 2 with ProviderHeader

use of com.sun.identity.liberty.ws.soapbinding.ProviderHeader in project OpenAM by OpenRock.

the class DiscoUtils method generateCredential.

private static String generateCredential(BitSet dirs, ResourceOffering current, Message message, String userDN, List credentials, SessionContext invoSession, String wscID, Object token) {
    SecurityAssertion assertion = null;
    try {
        SecurityTokenManager secuMgr = new SecurityTokenManager(token);
        NameIdentifier senderIdentity = null;
        String providerID = wscID;
        if ((providerID == null) || (providerID.length() == 0)) {
            ProviderHeader ph = message.getProviderHeader();
            if (ph != null) {
                providerID = ph.getProviderID();
            }
        }
        SessionContext invocatorSession = invoSession;
        if (invocatorSession == null) {
            invocatorSession = getSessionContext(message.getAssertion());
        }
        String tproviderID = current.getServiceInstance().getProviderID();
        if (invocatorSession != null) {
            try {
                ProviderManager pm = ProviderUtil.getProviderManager();
                SessionSubject sub = invocatorSession.getSessionSubject();
                NameIdentifier ni = sub.getNameIdentifier();
                if ((ni.getFormat() != null) && (ni.getFormat().equals("urn:liberty:iff:nameid:encrypted"))) {
                    ni = EncryptedNameIdentifier.getDecryptedNameIdentifier(ni, pm.getDecryptionKey(DiscoServiceManager.getDiscoProviderID()));
                }
                NameIdentifier newNi = null;
                NameIdentifierMapper niMapper = DiscoServiceManager.getNameIdentifierMapper();
                if (niMapper != null) {
                    String discoEntityID = DiscoServiceManager.getDiscoProviderID();
                    newNi = niMapper.getNameIdentifier(tproviderID, discoEntityID, ni, userDN);
                }
                if ((newNi != null) && !newNi.equals(ni)) {
                    sub.setNameIdentifier(newNi);
                    // modify IDPProvidedNameIdentifier, this should be
                    // a EncryptedIDPProvidedNameIdentifier, but not 
                    // defined by specification.
                    // Or set this to null once we make it optional
                    // in SessionSubject class implementation 
                    IDPProvidedNameIdentifier idpNi = sub.getIDPProvidedNameIdentifier();
                    if (idpNi != null) {
                        IDPProvidedNameIdentifier newIdpNi = new IDPProvidedNameIdentifier(newNi.getName(), newNi.getNameQualifier(), newNi.getFormat());
                        sub.setIDPProvidedNameIdentifier(newIdpNi);
                    }
                } else if (pm.isNameIDEncryptionEnabled(tproviderID)) {
                    sub.setNameIdentifier(EncryptedNameIdentifier.getEncryptedNameIdentifier(ni, tproviderID, pm.getEncryptionKey(tproviderID), pm.getEncryptionKeyAlgorithm(tproviderID), pm.getEncryptionKeyStrength(tproviderID)));
                } else {
                    sub.setNameIdentifier(ni);
                }
                invocatorSession.setSessionSubject(sub);
            } catch (Exception ex) {
                debug.error("DiscoUtils.handleDirective: En/Decryption" + " Exception:", ex);
                return null;
            }
        }
        Object resourceID = current.getEncryptedResourceID();
        if (resourceID == null) {
            resourceID = current.getResourceID();
            if (resourceID == null) {
                resourceID = (String) DiscoConstants.IMPLIED_RESOURCE;
            } else {
                resourceID = ((ResourceID) resourceID).getResourceID();
            }
        }
        if (dirs.get(BEARER)) {
            if (dirs.get(AUTHN) || dirs.get(AUTHO) || dirs.get(SESSION)) {
                if ((providerID != null) && (providerID.length() != 0)) {
                    senderIdentity = new NameIdentifier(providerID, null, DiscoConstants.PROVIDER_ID_FORMAT);
                } else {
                    senderIdentity = new NameIdentifier(userDN);
                }
                if (resourceID instanceof String) {
                    assertion = secuMgr.getSAMLBearerToken(senderIdentity, invocatorSession, (String) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
                } else {
                    assertion = secuMgr.getSAMLBearerToken(senderIdentity, invocatorSession, (EncryptedResourceID) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
                }
            }
        } else {
            if ((providerID != null) && (providerID.length() != 0)) {
                senderIdentity = new NameIdentifier(providerID, null, DiscoConstants.PROVIDER_ID_FORMAT);
            } else {
                senderIdentity = new NameIdentifier(userDN);
            }
            if (providerID != null) {
                secuMgr.setCertAlias(ProviderUtil.getProviderManager().getSigningKeyAlias(providerID));
            } else {
                X509Certificate wscCert = message.getPeerCertificate();
                if (wscCert == null) {
                    wscCert = message.getMessageCertificate();
                    if (wscCert == null) {
                        if (debug.messageEnabled()) {
                            debug.message("DiscoUtils.generateCredential:" + "client cert is null. Cannot generate " + "credential.");
                        }
                        return null;
                    }
                }
                secuMgr.setCertificate(wscCert);
            }
            if (resourceID instanceof String) {
                assertion = secuMgr.getSAMLAuthorizationToken(senderIdentity, invocatorSession, (String) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
            } else {
                assertion = secuMgr.getSAMLAuthorizationToken(senderIdentity, invocatorSession, (EncryptedResourceID) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
            }
        }
    } catch (Exception ex) {
        debug.error("DiscoUtils.generateCredential:" + "cannot generate credential: ", ex);
    }
    if (assertion == null) {
        debug.error("DiscoUtils.generateCredential: " + "cannot generate credential.");
        return null;
    } else {
        credentials.add(assertion);
        return assertion.getAssertionID();
    }
}

Example 3 with ProviderHeader

use of com.sun.identity.liberty.ws.soapbinding.ProviderHeader in project OpenAM by OpenRock.

the class DiscoveryClient method createRequest.

private Message createRequest() throws DiscoveryException {
    if (!processed) {
        processResourceOffering();
        processed = true;
    }
    // create new Message according to different secuMechID
    Message req = null;
    ProviderHeader provH = null;
    if (providerID != null) {
        try {
            provH = new ProviderHeader(providerID);
        } catch (SOAPBindingException sbe) {
            throw new DiscoveryException(sbe.getMessage());
        }
    }
    if (clientMech == Message.X509_TOKEN) {
        DiscoSDKUtils.debug.message("DiscoveryClient.createRequest: mech=x509");
        try {
            req = new Message(provH, token);
        } catch (SOAPBindingException sbe) {
            throw new DiscoveryException(sbe.getMessage());
        }
    } else if ((clientMech == Message.SAML_TOKEN) || (clientMech == Message.BEARER_TOKEN)) {
        if (DiscoSDKUtils.debug.messageEnabled()) {
            DiscoSDKUtils.debug.message("DiscoveryClient.createRequest: " + "mech=saml or bearer");
        }
        try {
            req = new Message(provH, assertion);
        } catch (SOAPBindingException sbe) {
            throw new DiscoveryException(sbe.getMessage());
        }
    } else {
        if (DiscoSDKUtils.debug.messageEnabled()) {
            DiscoSDKUtils.debug.message("DiscoveryClient.createRequest: " + "mech=anon");
        }
        try {
            req = new Message(provH);
        } catch (SOAPBindingException sbe) {
            throw new DiscoveryException(sbe.getMessage());
        }
    }
    if (clientAuth) {
        req.setClientAuthentication(clientAuth);
    }
    req.setWSFVersion(wsfVersion);
    return req;
}

Example 4 with ProviderHeader

use of com.sun.identity.liberty.ws.soapbinding.ProviderHeader in project OpenAM by OpenRock.

the class DSTClient method sendMessage.

/**
     * Sends the SOAP Message to the data service.
     * @param List of Request Objects.
     * @return List of Response Objects.
     * @exception DSTException for failure.
     */
private List sendMessage(List requestObjects) throws DSTException, InteractionRedirectException {
    DSTUtils.debug.message("DSTClient:sendMessage:Init");
    if (requestObjects == null || requestObjects.size() == 0) {
        DSTUtils.debug.message("DSTClient:sendMessage: requestobj are null");
        throw new DSTException(DSTUtils.bundle.getString("nullInputParams"));
    }
    try {
        Message msg = null;
        ProviderHeader provH = null;
        if (providerID != null) {
            provH = new ProviderHeader(providerID);
        }
        if (securityProfile == Message.X509_TOKEN) {
            if (token == null) {
                throw new DSTException(DSTUtils.bundle.getString("nullToken"));
            }
            DSTUtils.debug.message("DSTClient:sendMessage:using x509");
            msg = new Message(provH, token);
        } else if (securityProfile == Message.SAML_TOKEN) {
            DSTUtils.debug.message("DSTClient:sendMessage:using SAML");
            msg = new Message(provH, assertion);
        } else if (securityProfile == Message.BEARER_TOKEN) {
            DSTUtils.debug.message("DSTClient:sendMessage:using Bearer");
            msg = new Message(provH, assertion);
        } else if (securityProfile == Message.ANONYMOUS) {
            DSTUtils.debug.message("DSTClient:sendMessage:using Anonymous");
            msg = new Message(provH);
        } else {
            throw new DSTException(DSTUtils.bundle.getString("invalidSecurityProfile"));
        }
        msg.setSOAPBodies(requestObjects);
        msg.setWSFVersion(wsfVersion);
        if (clientAuthEnabled) {
            msg.setClientAuthentication(clientAuthEnabled);
        }
        if (DSTUtils.debug.messageEnabled()) {
            DSTUtils.debug.message("DSTClient:sendMessage: request:" + msg.toString());
        }
        Message response = null;
        if (httpRequest != null) {
            response = handleInteraction(msg);
        } else {
            response = Client.sendRequest(msg, soapURI, certAlias, soapAction);
        }
        if (DSTUtils.debug.messageEnabled()) {
            DSTUtils.debug.message("DSTClient:sendMessage:response = " + response.toString());
        }
        serviceInstanceUpdateHeader = response.getServiceInstanceUpdateHeader();
        return response.getBodies();
    } catch (SOAPBindingException sbe) {
        DSTUtils.debug.error("DSTClient:sendMessage:soapbindexception", sbe);
        throw new DSTException(sbe);
    } catch (SOAPFaultException sfe) {
        DSTUtils.debug.error("DSTClient:sendMessage:soapfault", sfe);
        serviceInstanceUpdateHeader = sfe.getSOAPFaultMessage().getServiceInstanceUpdateHeader();
        throw new DSTException(sfe);
    }
}