All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.sun.xml.ws.security.opt.impl.tokens.UsernameToken Maven / Gradle / Ivy

There is a newer version: 4.0.3
Show newest version
/*
 * Copyright (c) 2010, 2020 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0, which is available at
 * http://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

/*
 * UsernameToken.java
 *
 * Created on September 6, 2006, 10:02 AM
 */

package com.sun.xml.ws.security.opt.impl.tokens;

import com.sun.xml.ws.security.opt.api.SecurityElementWriter;
import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
import com.sun.xml.ws.security.opt.impl.util.JAXBUtil;
import com.sun.xml.ws.security.secext10.AttributedString;
import com.sun.xml.ws.security.secext10.UsernameTokenType;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Logger;
import java.util.logging.Level;
import jakarta.xml.bind.JAXBElement;
import jakarta.xml.bind.Marshaller;
import jakarta.xml.bind.JAXBException;
import javax.xml.namespace.QName;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.stream.buffer.XMLStreamBufferResult;
import com.sun.xml.ws.security.secext10.ObjectFactory;
import javax.xml.stream.XMLStreamException;
import com.sun.xml.wss.impl.SecurityTokenException;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.ws.api.SOAPVersion;
import com.sun.xml.wss.logging.LogStringsMessages;

/**
 * Representation of UsernameToken SecurityHeaderElement
 * @author [email protected]
 */
public class UsernameToken extends UsernameTokenType
        implements com.sun.xml.ws.security.opt.api.tokens.UsernameToken,
        SecurityHeaderElement, SecurityElementWriter{
    
    public static final long MAX_NONCE_AGE = 900000; //milliseconds
    
    // password type
    private String passwordType = MessageConstants.PASSWORD_TEXT_NS;
    
    private String usernameValue = null;
    
    private String passwordValue = null;
    
    // password Digest value
    private String passwordDigestValue = null;
    
    private byte[] decodedNonce = null;
    
    // specifies a cryptographically random sequence
    private String nonceValue = null;
    
    // default nonce encoding
    private String nonceEncodingType = MessageConstants.BASE64_ENCODING_NS;
    
    // time stamp to indicate creation time
    private String createdValue = null;
    
    // flag to indicate whether BSP checks should be made or not.
    private boolean bsp = false;
    
    private boolean valuesSet = false;
    private SOAPVersion soapVersion = SOAPVersion.SOAP_11;
    private ObjectFactory objFac = new ObjectFactory();
    
    private static Logger log =
            Logger.getLogger(
            LogDomainConstants.WSS_API_DOMAIN,
            LogDomainConstants.WSS_API_DOMAIN_BUNDLE);
    
    /** Creates a new instance of UsernameToken */
    public UsernameToken(SOAPVersion sv) {
        this.soapVersion = sv;
    }
       
    /**
     * @return Returns the username.
     */
    public String getUsernameValue() {
        //AttributedString userName
        return usernameValue;
    }
    
    public void setUsernameValue(String username) {
        /*AttributedString ut = objFac.createAttributedString();
        ut.setValue(username);
        setUsername(ut);*/
        this.usernameValue = username;
    }
    
    /**
     * @return Returns the password which may be null meaning no password.
     */
    public String getPasswordValue() {
        return passwordValue;
    }
    
    /**
     * Sets the password.
     * @param passwd
     */
    public void setPasswordValue(String passwd){
        /*AttributedString password = objFac.createAttributedString();
        password.setValue(passwd);
        setPassword(password);*/
        passwordValue = passwd;
    }
    
    /**
     * @return Returns the passwordType.
     */
    public String getPasswordType() {
        return passwordType;
    }
    
    private void setPasswordType(String passwordType)
    throws SecurityTokenException {
        if (MessageConstants.PASSWORD_TEXT_NS.equals(passwordType)) {
            this.passwordType = MessageConstants.PASSWORD_TEXT_NS;
        } else if (MessageConstants.PASSWORD_DIGEST_NS.equals(passwordType)) {
            this.passwordType =  MessageConstants.PASSWORD_DIGEST_NS;
        } else {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0306_INVALID_PASSWD_TYPE(MessageConstants.PASSWORD_TEXT_NS, MessageConstants.PASSWORD_DIGEST_NS),
                    new Object[] {
                MessageConstants.PASSWORD_TEXT_NS,
                MessageConstants.PASSWORD_DIGEST_NS});
            throw new SecurityTokenException(
                    "Invalid password type. Must be one of   " +
                    MessageConstants.PASSWORD_TEXT_NS + " or " +
                    MessageConstants.PASSWORD_DIGEST_NS);
        }
    }
    
    /**
     * @return Returns the Nonce Encoding type.
     */
    public String getNonceEncodingType() {
        return this.nonceEncodingType;
    }    
    
    /**
     * Sets the nonce encoding type.
     * As per WSS:UserNameToken profile, for valid values, refer to
     * wsse:BinarySecurityToken schema.
     */
    private void setNonceEncodingType(String nonceEncodingType) {
        
        if (!MessageConstants.BASE64_ENCODING_NS.equals(nonceEncodingType)) {
            log.log(Level.SEVERE,LogStringsMessages.WSS_0307_NONCE_ENCTYPE_INVALID());
            throw new RuntimeException("Nonce encoding type invalid");
        }
        this.nonceEncodingType = MessageConstants.BASE64_ENCODING_NS;
    }
    
    /**
     * @return Returns the encoded nonce. Null indicates no nonce was set.
     */
    public String getNonceValue() throws SecurityTokenException {
        return nonceValue;
    }
    
    /**
     * Returns the created which may be null meaning no time of creation.
     */
    public String getCreatedValue() {
        return createdValue;
    }
    
    public String getPasswordDigestValue() {
        return this.passwordDigestValue;
    }
    
    /**
     * set the nonce value.If nonce value is null then it will create one.
     * @param nonceValue
     */
    public void setNonce(String nonceValue){
        if(nonceValue == null || MessageConstants.EMPTY_STRING.equals(nonceValue)){
            createNonce();
        }else{
            this.nonceValue = nonceValue;
        }
    }
    
    /**
     * set the creation time.
     * @param time If null or empty then this method would create one.
     */
    public void setCreationTime(String time) throws XWSSecurityException {
        if(time == null || MessageConstants.EMPTY_STRING.equals(time)){
            this.createdValue = getCreatedFromTimestamp();
        }else{
            this.createdValue = time;
        }
    }
          
    public void setDigestOn() throws SecurityTokenException {
        setPasswordType(MessageConstants.PASSWORD_DIGEST_NS);
    }
    
    public void isBSP(boolean flag) {
        bsp = flag;
    }
    
    public boolean isBSP() {
        return bsp;
    }
    
    public String getNamespaceURI() {
        return MessageConstants.WSSE_NS;
    }
    
    public String getLocalPart() {
        return MessageConstants.USERNAME_TOKEN_LNAME;
    }
    
    public String getAttribute(String nsUri, String localName) {
        QName qname = new QName(nsUri, localName);
        Map otherAttributes = this.getOtherAttributes();
        return otherAttributes.get(qname);
    }
    
    public String getAttribute(QName name) {
        Map otherAttributes = this.getOtherAttributes();
        return otherAttributes.get(name);
    }
    
    public javax.xml.stream.XMLStreamReader readHeader() throws javax.xml.stream.XMLStreamException {
        if(!this.valuesSet)
            setValues();
        XMLStreamBufferResult xbr = new XMLStreamBufferResult();
        JAXBElement utElem = objFac.createUsernameToken(this);
        try{
            getMarshaller().marshal(utElem, xbr);
            
        } catch(JAXBException je){
            throw new XMLStreamException(je);
        }
        return xbr.getXMLStreamBuffer().readAsXMLStreamReader();
    }
    
    public void writeTo(OutputStream os) {
        if(!this.valuesSet)
            setValues();
    }
    
    public void writeTo(javax.xml.stream.XMLStreamWriter streamWriter) throws javax.xml.stream.XMLStreamException {
        if(!this.valuesSet)
            setValues();
        JAXBElement utElem = objFac.createUsernameToken(this);
        try {
            // If writing to Zephyr, get output stream and use JAXB UTF-8 writer
            if (streamWriter instanceof Map) {
                OutputStream os = (OutputStream) ((Map) streamWriter).get("sjsxp-outputstream");
                if (os != null) {
                    streamWriter.writeCharacters("");        // Force completion of open elems
                    getMarshaller().marshal(utElem, os);
                    return;
                }
            }
            
            getMarshaller().marshal(utElem,streamWriter);
        } catch (JAXBException e) {
            throw new XMLStreamException(e);
        }
    }
    
    private Marshaller getMarshaller() throws JAXBException{
        return JAXBUtil.createMarshaller(soapVersion);
    }
    
    /*
     * Create a unique nonce. Default encoded with base64.
     * A nonce is a random value that the sender creates
     * to include in the username token that it sends.
     * Nonce is an effective counter measure against replay attacks.
     */
    private void createNonce() {
        
        this.decodedNonce = new byte[18];
        try {
            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
            random.nextBytes(decodedNonce);
        } catch (NoSuchAlgorithmException e) {
            log.log(Level.SEVERE,LogStringsMessages.WSS_0310_NO_SUCH_ALGORITHM(e.getMessage()),new Object[] {e.getMessage()});
            throw new RuntimeException(
                    "No such algorithm found" + e.getMessage());
        }
        if (MessageConstants.BASE64_ENCODING_NS == nonceEncodingType)
            this.nonceValue = Base64.encode(decodedNonce);
        else {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0389_UNRECOGNIZED_NONCE_ENCODING(nonceEncodingType), nonceEncodingType);
            throw new RuntimeException(
                    "Unrecognized encoding: " + nonceEncodingType);
        }
    }
    
    private String getCreatedFromTimestamp() throws XWSSecurityException {
        Timestamp ts = new Timestamp(soapVersion);
        ts.createDateTime();
        return ts.getCreated().getValue();
    }
    
    /*
     * Password Digest creation.
     * As per WSS-UsernameToken spec, if either or both of 
     * and  are present, then they must be included in the
     * digest as follows:
     *
     * Password_digest = Base64( SHA_1 (nonce + created + password) )
     *
     */
    private void createDigest() throws SecurityTokenException {
        
        String utf8String = "";
        if (createdValue != null) {
            utf8String = utf8String + createdValue;
        }
        
        // password is also optional
        if (passwordValue != null) {
            utf8String = utf8String + passwordValue;
        }
        
        byte[] utf8Bytes;
        try {
            utf8Bytes = utf8String.getBytes("utf-8");
        } catch (UnsupportedEncodingException uee) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0390_UNSUPPORTED_CHARSET_EXCEPTION());
            throw new SecurityTokenException(uee);
        }
        
        byte[] bytesToHash;
        if (decodedNonce != null) {
            bytesToHash = new byte[utf8Bytes.length + decodedNonce.length];
            for (int i = 0; i < decodedNonce.length; i++)
                bytesToHash[i] = decodedNonce[i];
            for (int i = decodedNonce.length; i < utf8Bytes.length + decodedNonce.length; i++)
                bytesToHash[i] = utf8Bytes[i - decodedNonce.length];
        } else {
            bytesToHash = utf8Bytes;
        }
        
        byte[] hash;
        try {
            MessageDigest sha = MessageDigest.getInstance("SHA-1");
            hash = sha.digest(bytesToHash);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0311_PASSWD_DIGEST_COULDNOT_BE_CREATED(e.getMessage()), new Object[] {e.getMessage()});
            throw new SecurityTokenException(
                    "Password Digest could not be created. " + e.getMessage());
        }
        this.passwordDigestValue = Base64.encode(hash);
    }
    
    private void setValues(){
        if(usernameValue != null){
            AttributedString ut = objFac.createAttributedString();
            ut.setValue(usernameValue);
            setUsername(ut);
        }
        
        if (passwordValue != null && !MessageConstants._EMPTY.equals(passwordValue) ){
            AttributedString pw = objFac.createAttributedString();
            if (MessageConstants.PASSWORD_DIGEST_NS == passwordType) {
                try {
                    createDigest();
                } catch (com.sun.xml.wss.impl.SecurityTokenException ex) {
                    ex.printStackTrace();
                }
                pw.setValue(passwordDigestValue);
                setPassword(pw);
            } else{
                pw.setValue(passwordValue);
                setPassword(pw);
            }
            QName qname = new QName("Type");
            pw.getOtherAttributes().put(qname, passwordType);
            
        }
        
        if(nonceValue != null){
            AttributedString non = objFac.createAttributedString();
            non.setValue(nonceValue);
            setNonce(non);
            if (nonceEncodingType != null) {
                QName qname = new QName("EncodingType");
                non.getOtherAttributes().put(qname, nonceEncodingType);
            }
        }
        
        if(createdValue != null){
            AttributedString cr = objFac.createAttributedString();
            cr.setValue(createdValue);
            setCreated(cr);
        }
        
        valuesSet = true;
    }
    
    /**
     * 
     * @param id 
     * @return 
     */
    public boolean refersToSecHdrWithId(String id) {
        return false;
    }
    @SuppressWarnings("unchecked")
    public void writeTo(javax.xml.stream.XMLStreamWriter streamWriter, HashMap props) throws javax.xml.stream.XMLStreamException {
        try{
            if(!this.valuesSet)
                setValues();
            Marshaller marshaller = getMarshaller();
            Iterator> itr = props.entrySet().iterator();
            while(itr.hasNext()){
                Map.Entry entry = itr.next();
                marshaller.setProperty((String)entry.getKey(), entry.getValue());
            }
            JAXBElement utElem = objFac.createUsernameToken(this);
            if (streamWriter instanceof Map) {
                OutputStream os = (OutputStream) ((Map) streamWriter).get("sjsxp-outputstream");
                if (os != null) {
                    streamWriter.writeCharacters("");        // Force completion of open elems
                    marshaller.marshal(utElem, os);
                    return;
                }
            }
            marshaller.marshal(utElem,streamWriter);
        }catch(JAXBException jbe){
            throw new XMLStreamException(jbe);
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy