com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of webservices-osgi Show documentation
Show all versions of webservices-osgi Show documentation
Metro Web Services Runtime OSGi Bundle
/*
* Copyright (c) 2010, 2021 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0, which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
* $Id: AuthenticationTokenPolicy.java,v 1.2 2010-10-21 15:37:33 snajper Exp $
*/
package com.sun.xml.wss.impl.policy.mls;
//import com.sun.xml.wss.saml.internal.impl.AssertionImpl;
import com.sun.xml.ws.security.opt.impl.tokens.UsernameToken;
import java.security.cert.X509Certificate;
//import com.sun.xml.wss.saml.AuthorityBinding;
import com.sun.xml.wss.impl.policy.MLSPolicy;
import com.sun.xml.wss.impl.policy.PolicyGenerationException;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.MessageConstants;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Element;
/**
* Objects of this class represent a concrete WSS Authentication
* token as FeatureBinding. The following WSS Authentication Tokens
* are supported :
*
* - A
UsernameToken
* - A
X509Certificate
* - A
SAMLAssertion
*
*
*/
public class AuthenticationTokenPolicy extends WSSFeatureBindingExtension {
/**
* Feature Bindings
*
* (1) UsernameTokenBinding
* (2) X509CertificateBinding
* (3) SAMLAssertionBinding
*
* Key Bindings
*/
/**
* Default Constructor
*/
public AuthenticationTokenPolicy() {
setPolicyIdentifier(PolicyTypeUtil.AUTH_POLICY_TYPE);
}
/**
* Equals operator
* @param policy WSSPolicy to be compared for equality
* @return true if the policy is equal to this policy
*/
public boolean equals(WSSPolicy policy) {
boolean _assert = false;
try {
if (!PolicyTypeUtil.authenticationTokenPolicy(policy)) {
return false;
}
AuthenticationTokenPolicy aPolicy = (AuthenticationTokenPolicy) policy;
_assert = ((WSSPolicy) getFeatureBinding()).equals((WSSPolicy) aPolicy.getFeatureBinding());
} catch (Exception cce) {
}
return _assert;
}
/*
* Equality comparision ignoring the Targets
* @param policy the policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equalsIgnoreTargets(WSSPolicy policy) {
return equals(policy);
}
/**
* Clone operator
* @return a clone of this AuthenticationTokenPolicy
*/
public Object clone() {
AuthenticationTokenPolicy atPolicy = new AuthenticationTokenPolicy();
try {
WSSPolicy fBinding = (WSSPolicy) getFeatureBinding();
WSSPolicy kBinding = (WSSPolicy) getKeyBinding();
if (fBinding != null) {
atPolicy.setFeatureBinding((MLSPolicy) fBinding.clone());
}
if (kBinding != null) {
atPolicy.setKeyBinding((MLSPolicy) kBinding.clone());
}
} catch (Exception e) {
}
return atPolicy;
}
/**
* @return the type of the policy
*/
public String getType() {
return PolicyTypeUtil.AUTH_POLICY_TYPE;
}
/**
* A policy representing a WSS UsernameToken. An instance of
* this class can be used as concrete feature binding for an
* AuthenticationTokenPolicy.
* Different parameters in this policy are applicable depending
* upon whether this policy is used to construct a wss:UsernameToken
* (sender side policy) or it is used to verify an incoming UsernameToken
* (receiver side policy). Information on applicability will be indicated
* where appropriate.
*/
public static class UsernameTokenBinding extends KeyBindingBase {
/**
* Feature Bindings
*
* (1) TimestampPolicy
*
* Key Bindings
*/
String nonce = MessageConstants._EMPTY;
String username = MessageConstants._EMPTY;
String password = MessageConstants._EMPTY;
String _referenceType = MessageConstants._EMPTY;
UsernameToken usernametoken=null;
String _valueType = MessageConstants._EMPTY;
// setting this to false for PlugFest/Policy
boolean useNonce = false;
// setting this to false for PlugFest/Policy
boolean doDigest = false;
boolean noPasswd = false;
long maxNonceAge = 0;
private String strId=null;
String _keyAlgorithm = MessageConstants._EMPTY;
private byte[] sKey = null;
private SecretKey secretKey = null;
private SecretKey Key = null;
private boolean endorsing;
boolean useCreated = false;
/**
* Default Constructor
*/
public UsernameTokenBinding() {
setPolicyIdentifier(PolicyTypeUtil.USERNAMETOKEN_TYPE);
}
/**
* Constructor
*
* @param username username to be sent
* @param password password to be sent
* @param nonce nonce
* @param doDigest if password should be digested
* @param creationTime timestamp
*/
public UsernameTokenBinding(String username, String password, String nonce, boolean doDigest, String creationTime) {
this();
this.username = username;
this.password = password;
this.nonce = nonce;
this.doDigest = doDigest;
}
public String getReferenceType() {
return this._referenceType;
//throw new UnsupportedOperationException("Not yet implemented");
}
public UsernameToken getUsernameToken() {
return this.usernametoken;
}
public void isEndorsing(boolean flag) {
this.endorsing = flag;
}
public boolean isEndorsing() {
return this.endorsing;
}
public void setUsernameToken(UsernameToken token) {
if (isReadOnly()) {
throw new RuntimeException("Can not set UsernameToken : Policy is ReadOnly");
}
this.usernametoken = token;
}
public void setReferenceType(String referenceType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set ReferenceType of UsernameToken : Policy is ReadOnly");
}
this._referenceType = referenceType;
}
/**
* Create and set the FeatureBinding for this WSSPolicy to a TimestampPolicy * @return a new TimestampPolicy as a FeatureBinding for this WSSPolicy
* @exception PolicyGenerationException if TimestampPolicy is not a valid FeatureBinding for this WSSPolicy
* @see SignaturePolicy
* @see EncryptionPolicy
* @see AuthenticationTokenPolicy
*/
public MLSPolicy newTimestampFeatureBinding() throws PolicyGenerationException {
if (isReadOnly()) {
throw new RuntimeException("Can not create a feature binding of Timestamp type for ReadOnly " + _policyIdentifier);
}
if (!(_policyIdentifier == PolicyTypeUtil.USERNAMETOKEN_TYPE) && !(_policyIdentifier == PolicyTypeUtil.SIGNATURE_POLICY_FEATUREBINDING_TYPE)) {
throw new PolicyGenerationException("Can not create a feature binding of Timestamp type for " + _policyIdentifier);
}
this._featureBinding = new TimestampPolicy();
return _featureBinding;
}
/**
* set the username
* @param username
*/
public void setUsername(String username) {
if (isReadOnly()) {
throw new RuntimeException("Can not set Username : Policy is ReadOnly");
}
this.username = username;
}
/**
* set the password
* @param password
*/
public void setPassword(String password) {
if (isReadOnly()) {
throw new RuntimeException("Can not set Password : Policy is ReadOnly");
}
this.password = password;
}
/**
* set the nonce
* @param nonce
*/
public void setNonce(String nonce) {
if (isReadOnly()) {
throw new RuntimeException("Can not set Nonce : Policy is ReadOnly");
}
this.nonce = nonce;
}
/**
* setter for a boolean flag indicating whether a nonce should be
* while constructing a wss:UsernameToken from this Policy
* @param useNonce
*/
public void setUseNonce(boolean useNonce) {
if (isReadOnly()) {
throw new RuntimeException("Can not set useNonce flag : Policy is ReadOnly");
}
this.useNonce = useNonce;
}
public void setUseCreated(boolean useCreated) {
if (isReadOnly()) {
throw new RuntimeException("Can not set useCreated flag : Policy is ReadOnly");
}
this.useCreated = useCreated;
}
/**
* setter for a boolean flag indicating whether the password should be
* digested while constructing a wss:UsernameToken from this Policy
* @param doDigest
*/
public void setDigestOn(boolean doDigest) {
if (isReadOnly()) {
throw new RuntimeException("Can not set digest flag : Policy is ReadOnly");
}
this.doDigest = doDigest;
}
/**
* set the maximum age in Milliseconds for which a receiving entity should
* cache the nonce associated with this policy. A receiver may
* cache received nonces for this period (or more) to minimize nonce-replay attacks
* This parameter is applicable when this UsernameToken is used as a Receiver requirement.
* @param nonceAge
*/
public void setMaxNonceAge(long nonceAge) {
if (isReadOnly()) {
throw new RuntimeException("Can not set maxNonceAge flag : Policy is ReadOnly");
}
this.maxNonceAge = nonceAge;
}
/**
* get the username
* @return username
*/
public String getUsername() {
return this.username;
}
/**
* get the password
* @return password
*/
public String getPassword() {
return this.password;
}
/**
* get the nonce
* @return nonce
*/
public String getNonce() {
return this.nonce;
}
/**
* get the useNonce flag
* @return true if the useNonce flag is set to true
*/
public boolean getUseNonce() {
return this.useNonce;
}
public boolean getUseCreated() {
return this.useCreated;
}
/**
* @return if password is digested
*/
public boolean getDigestOn() {
return this.doDigest;
}
/**
* @return the maxNonceAge
*/
public long getMaxNonceAge() {
return this.maxNonceAge;
}
public boolean hasNoPassword() {
return noPasswd;
}
public void setNoPassword(boolean value) {
this.noPasswd = value;
}
public void setSTRID(String id) {
if (isReadOnly()) {
throw new RuntimeException("Can not set STRID attribute : Policy is ReadOnly");
}
this.strId = id;
}
public String getSTRID() {
return this.strId;
}
public void setValueType(String valueType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set valueType of usernameToken : " + "Policy is ReadOnly");
}
this._valueType = valueType;
}
public void setKeyAlgorithm(String keyAlgorithm) {
if (isReadOnly()) {
throw new RuntimeException("Can not set KeyAlgorithm : Policy is ReadOnly");
}
this._keyAlgorithm = keyAlgorithm;
}
/**
* @return the keyAlgorithm
*/
public String getKeyAlgorithm() {
return _keyAlgorithm;
}
public void setSecretKey(SecretKey secretKey) {
this.secretKey = secretKey;
}
public void setSecretKey(byte[] secretKey) {
sKey = secretKey;
}
public SecretKey getSecretKey(String algorithm) {
if (Key == null) {
Key = new SecretKeySpec(sKey, algorithm);
}
return Key;
}
public SecretKey getSecretKey() {
return secretKey;
}
/**
* Equals operator
* @return true if the binding is equal to this UsernameToken Policy
*/
public boolean equals(WSSPolicy policy) {
boolean assrt = false;
try {
if (!PolicyTypeUtil.usernameTokenPolicy(policy)) {
return false;
}
UsernameTokenBinding utBinding = (UsernameTokenBinding) policy;
assrt = (useNonce == utBinding.getUseNonce() && doDigest == utBinding.getDigestOn() &&
useCreated == utBinding.getUseCreated());
} catch (Exception e) {
}
return assrt;
}
/*
* Equality comparision ignoring the Targets
* @param policy the policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equalsIgnoreTargets(WSSPolicy policy) {
return equals(policy);
}
/**
*@return a clone of this policy
*/
public Object clone() {
UsernameTokenBinding utBinding = new UsernameTokenBinding();
try {
utBinding.setUsername(username);
utBinding.setPassword(password);
utBinding.setNonce(nonce);
utBinding.setUseNonce(useNonce);
utBinding.setUseCreated(useCreated);
utBinding.setReferenceType(_referenceType);
utBinding.setDigestOn(doDigest);
utBinding.setUsernameToken(usernametoken);
utBinding.setUUID(UUID);
WSSPolicy kBinding = (WSSPolicy) this.getKeyBinding();
if (kBinding != null) {
utBinding.setKeyBinding((MLSPolicy) kBinding.clone());
}
utBinding.isEndorsing(this.endorsing);
//utBinding.setPolicyToken(this.getPolicyToken());
utBinding.setIncludeToken(this.getIncludeToken());
utBinding.setPolicyTokenFlag(this.policyTokenWasSet());
utBinding.isOptional(_isOptional);
} catch (Exception e){
e.printStackTrace();
}
return utBinding;
}
/**
* @return the type of the policy
*/
public String getType() {
return PolicyTypeUtil.USERNAMETOKEN_TYPE;
}
public String toString() {
return PolicyTypeUtil.USERNAMETOKEN_TYPE + "::" + getUsername();
}
}
/**
* A policy representing a WSS X509Certificate. An instance of
* this class can be used as concrete feature binding for an
* AuthenticationTokenPolicy.
*/
public static class X509CertificateBinding extends KeyBindingBase {
/**
* Feature Bindings
*
* Key Bindings
*
* (1) PrivateKeyBinding
*/
String _valueType = MessageConstants._EMPTY;
String _encodingType = MessageConstants._EMPTY;
String _referenceType = MessageConstants._EMPTY;
//X509CRL _crl = null;
//CertPath _certPath = null;
X509Certificate _certificate = null;
String _keyAlgorithm = MessageConstants._EMPTY;
String _certificateIdentifier = "";
String strId = null;
/**
* Default Constructor
*/
public X509CertificateBinding() {
setPolicyIdentifier(PolicyTypeUtil.X509CERTIFICATE_TYPE);
}
/**
* @param certificateIdentifier X509Certificate identifiers like alias
* @param keyAlgorithm Key algorithm to be used
*/
public X509CertificateBinding(String certificateIdentifier, String keyAlgorithm) {
this();
this._certificateIdentifier = certificateIdentifier;
this._keyAlgorithm = keyAlgorithm;
}
/**
* Create and set the KeyBinding for this WSSPolicy to a PrivateKeyBinding
* @return a new PrivateKeyBinding as a KeyBinding for this WSSPolicy
*/
public MLSPolicy newPrivateKeyBinding() {
if (isReadOnly()) {
throw new RuntimeException("Can not create PrivateKeyBinding : Policy is Readonly");
}
this._keyBinding = new PrivateKeyBinding();
return _keyBinding;
}
/**
* set the ValueType
* @param valueType Token type like X509v3, X509PKIPathv1, PKCS7
*/
public void setValueType(String valueType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set ValueType of X509Certificate : Policy is ReadOnly");
}
this._valueType = valueType;
}
/**
* set the EncodingType
* @param encodingType encoding type like base64
*/
public void setEncodingType(String encodingType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set EncodingType of X509Certificate : Policy is ReadOnly");
}
this._encodingType = encodingType;
}
/**
* set the ReferenceType
* @param referenceType KeyIdentifier, Direct etc.,.
*/
public void setReferenceType(String referenceType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set ReferenceType of X509Certificate : Policy is ReadOnly");
}
this._referenceType = referenceType;
}
/**
* set the Certificate Identifier
* @param certificateIdentifier alias, key identifier etc.,.
*/
public void setCertificateIdentifier(String certificateIdentifier) {
if (isReadOnly()) {
throw new RuntimeException("Can not set X509Certificate Identifier : Policy is ReadOnly");
}
this._certificateIdentifier = certificateIdentifier;
}
/**
* set the Certificate
* @param certificate X509Certificate
*/
public void setX509Certificate(X509Certificate certificate) {
if (isReadOnly()) {
throw new RuntimeException("Can not set X509Certificate : Policy is ReadOnly");
}
this._certificate = certificate;
}
/**
* @return valueType
*/
public String getValueType() {
return this._valueType;
}
/**
* @return encodingType
*/
public String getEncodingType() {
return this._encodingType;
}
/**
* @return referenceType
*/
public String getReferenceType() {
return this._referenceType;
}
/**
* @return certificateIdentifier
*/
public String getCertificateIdentifier() {
return this._certificateIdentifier;
}
/**
* @return X509Certificate
*/
public X509Certificate getX509Certificate() {
return this._certificate;
}
/**
* @param keyAlgorithm the keyAlgorithm
*/
public void setKeyAlgorithm(String keyAlgorithm) {
if (isReadOnly()) {
throw new RuntimeException("Can not set KeyAlgorithm : Policy is ReadOnly");
}
this._keyAlgorithm = keyAlgorithm;
}
/**
* @return the keyAlgorithm
*/
public String getKeyAlgorithm() {
return _keyAlgorithm;
}
/*
* @param id the wsu:id of the wsse:SecurityTokenReference to
* be generated for this X509Certificate Token. Applicable while
* sending a message (sender side policy)
*/
public void setSTRID(String id) {
if (isReadOnly()) {
throw new RuntimeException("Can not set STRID attribute : Policy is ReadOnly");
}
this.strId = id;
}
/*
* @return the wsu:id of the wsse:SecurityTokenReference to
* be generated for this X509Certificate Token, if specified,
* null otherwise.
*/
public String getSTRID() {
return this.strId;
}
/**
* @param policy the policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equals(WSSPolicy policy) {
boolean assrt = false;
try {
if (!PolicyTypeUtil.x509CertificateBinding(policy)) {
return false;
}
X509CertificateBinding ctBinding = (X509CertificateBinding) policy;
boolean b1 = _valueType.equals("") ? true : _valueType.equals(ctBinding.getValueType());
if (!b1) {
return false;
}
boolean b2 = _encodingType.equals("") ? true : _encodingType.equals(ctBinding.getEncodingType());
if (!b2) {
return false;
}
boolean b3 = _referenceType.equals("") ? true : _referenceType.equals(ctBinding.getReferenceType());
if (!b3) {
return false;
}
boolean b4 = _keyAlgorithm.equals("") ? true : _keyAlgorithm.equals(ctBinding.getKeyAlgorithm());
if (!b4) {
return false;
}
if (strId == null && ctBinding.getSTRID() == null) {
return true;
}
if (strId != null && strId.equals(ctBinding.getSTRID())) {
return true;
}
} catch (Exception e) {
}
return false;
}
/*
* Equality comparision ignoring the Targets
* @param policy the policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equalsIgnoreTargets(WSSPolicy policy) {
return equals(policy);
}
/**
* Clone operator
* @return clone of this policy
*/
public Object clone() {
X509CertificateBinding x509Binding = new X509CertificateBinding();
try {
x509Binding.setValueType(_valueType);
x509Binding.setEncodingType(_encodingType);
x509Binding.setReferenceType(_referenceType);
x509Binding.setKeyAlgorithm(_keyAlgorithm);
x509Binding.setCertificateIdentifier(_certificateIdentifier);
x509Binding.setX509Certificate(_certificate);
x509Binding.setUUID(UUID);
x509Binding.setSTRID(this.strId);
WSSPolicy kBinding = (WSSPolicy) this.getKeyBinding();
if (kBinding != null) {
x509Binding.setKeyBinding((MLSPolicy) kBinding.clone());
}
//x509Binding.setPolicyToken(this.getPolicyToken());
x509Binding.setIncludeToken(this.getIncludeToken());
x509Binding.setPolicyTokenFlag(this.policyTokenWasSet());
x509Binding.isOptional(_isOptional);
} catch (Exception e) {
}
return x509Binding;
}
/**
* @return the type of the policy
*/
public String getType() {
return PolicyTypeUtil.X509CERTIFICATE_TYPE;
}
public String toString() {
return PolicyTypeUtil.X509CERTIFICATE_TYPE + "::" + getCertificateIdentifier() + "::" + strId + "::" + _referenceType;
}
}
/**
* A policy representing Kerberos Token. An instance of
* this class can be used as concrete feature binding for an
* AuthenticationTokenPolicy
*/
public static class KerberosTokenBinding extends KeyBindingBase {
String _valueType = MessageConstants._EMPTY;
String _encodingType = MessageConstants._EMPTY;
String _referenceType = MessageConstants._EMPTY;
byte[] _token = null;
private String strId;
String _keyAlgorithm = MessageConstants._EMPTY;
SecretKey _secretKey = null;
/**
* Default constructor
*/
public KerberosTokenBinding() {
setPolicyIdentifier(PolicyTypeUtil.KERBEROS_BST_TYPE);
}
/**
* set the ValueType
* @param valueType attribute like Kerberosv5_AP_REQ
*/
public void setValueType(String valueType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set valueType of KerberosToken : " + "Policy is ReadOnly");
}
this._valueType = valueType;
}
/**
* set the ReferenceType
* @param referenceType allowed values are Direct and KeyIdentifier
*/
public void setReferenceType(String referenceType){
if (isReadOnly()) {
throw new RuntimeException("Can not set referenceType of KerberosToken : " + "Policy is ReadOnly");
}
this._referenceType = referenceType;
}
public void setEncodingType(String encodingType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set EncodingType of KerberosToken : " + "Policy is ReadOnly");
}
this._encodingType = encodingType;
}
public void setTokenValue(byte[] token) {
if (isReadOnly()) {
throw new RuntimeException("Can not set TokenValue of KerberosToken : " + "Policy is ReadOnly");
}
this._token = token;
}
/*
* @param id the wsu:id of the wsse:SecurityTokenReference to
* be generated for this Kerberos Token. Applicable while
* sending a message (sender side policy)
*/
public void setSTRID(String id) {
if (isReadOnly()) {
throw new RuntimeException("Can not set STRID attribute : Policy is ReadOnly");
}
this.strId = id;
}
/*
* @return the wsu:id of the wsse:SecurityTokenReference to
* be generated for this Kerberos Token, if specified,
* null otherwise.
*/
public String getSTRID() {
return this.strId;
}
/**
* @return valueType
*/
public String getValueType() {
return this._valueType;
}
/**
* @return referenceType
*/
public String getReferenceType(){
return this._referenceType;
}
/**
* @return encodingType
*/
public String getEncodingType() {
return this._encodingType;
}
/**
* @return Token Value
*/
public byte[] getTokenValue() {
return this._token;
}
/**
* @param keyAlgorithm the keyAlgorithm
*/
public void setKeyAlgorithm(String keyAlgorithm) {
if (isReadOnly()) {
throw new RuntimeException("Can not set KeyAlgorithm : Policy is ReadOnly");
}
this._keyAlgorithm = keyAlgorithm;
}
/**
* @return the keyAlgorithm
*/
public String getKeyAlgorithm() {
return _keyAlgorithm;
}
/**
* Set the symmetric key
* @param secretKey the SecretKey
*/
public void setSecretKey(SecretKey secretKey) {
this._secretKey = secretKey;
}
/**
* @return SecretKey the symmetric key
*/
public SecretKey getSecretKey() {
return this._secretKey;
}
/**
* Clone operator
* @return clone of this policy
*/
public Object clone() {
KerberosTokenBinding ktBinding = new KerberosTokenBinding();
try {
ktBinding.setValueType(_valueType);
ktBinding.setEncodingType(_encodingType);
ktBinding.setTokenValue(_token);
ktBinding.setKeyAlgorithm(_keyAlgorithm);
ktBinding.setUUID(UUID);
SecretKeySpec ky0 = (SecretKeySpec) _secretKey;
if (ky0 != null) {
SecretKeySpec key = new SecretKeySpec(ky0.getEncoded(), ky0.getAlgorithm());
ktBinding.setSecretKey(key);
}
WSSPolicy kBinding = (WSSPolicy) this.getKeyBinding();
if (kBinding != null) {
ktBinding.setKeyBinding((MLSPolicy) kBinding.clone());
}
ktBinding.setIncludeToken(this.getIncludeToken());
ktBinding.setPolicyTokenFlag(this.policyTokenWasSet());
} catch (Exception e) {
}
return ktBinding;
}
/**
* @param policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equals(WSSPolicy policy) {
boolean assrt = false;
try {
if (!PolicyTypeUtil.kerberosTokenBinding(policy)) {
return false;
}
KerberosTokenBinding ktBinding = (KerberosTokenBinding) policy;
boolean b1 = _valueType.equals("") ? true : _valueType.equals(ktBinding.getValueType());
if (!b1) {
return false;
}
boolean b2 = _encodingType.equals("") ? true : _encodingType.equals(ktBinding.getEncodingType());
if (!b2) {
return false;
}
boolean b3 = _keyAlgorithm.equals("") ? true : _keyAlgorithm.equals(ktBinding.getKeyAlgorithm());
if (!b3) {
return false;
}
return true;
} catch (Exception e) {
}
return false;
}
/*
* Equality comparision ignoring the Targets
* @param policy the policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equalsIgnoreTargets(WSSPolicy policy) {
return equals(policy);
}
/**
* @return the type of the policy
*/
public String getType() {
return PolicyTypeUtil.KERBEROS_BST_TYPE;
}
/**
* override the method from KeyBindingBase as we will support IncludeToken=Once
* in Kerberos token profile
* @param include the value of IncludeToken parameter
*/
public void setIncludeToken(String include) {
if(INCLUDE_ALWAYS.equals(include) || INCLUDE_ALWAYS_TO_RECIPIENT.equals(include)){
throw new UnsupportedOperationException("IncludeToken policy " + include +
" is not supported for Kerberos Tokens, Consider using Once");
}
this.includeToken = include;
policyToken = true;
}
}
/**
* A policy representing a SAML Assertion. An instance of
* this class can be used as concrete feature binding for an
* AuthenticationTokenPolicy.
*/
public static class SAMLAssertionBinding extends KeyBindingBase implements LazyKeyBinding {
/**
* Feature Bindings
* Key Bindings
*/
String _type = "";
String _keyAlgorithm = "";
String _keyIdentifier = "";
String _referenceType = "";
String _authorityIdentifier = "";
String strId = null;
String assertionId = null;
String samlVersion = null;
public static final String V10_ASSERTION = "SAML10Assertion";
public static final String V11_ASSERTION = "SAML11Assertion";
public static final String V20_ASSERTION = "SAML20Assertion";
/**
* Sender-Vouches Subject ConfirmationMethod
*/
public static final String SV_ASSERTION = "SV";
/**
* Holder-Of-Key Subject ConfirmationMethod
*/
public static final String HOK_ASSERTION = "HOK";
Element _assertion = null;
Element _authorityBinding = null;
XMLStreamReader samlAssertion = null;
/**
* Default constructor
*/
public SAMLAssertionBinding() {
setPolicyIdentifier(PolicyTypeUtil.SAMLASSERTION_TYPE);
}
/**
* Constructor
* @param type the SubjectConfirmation type of the SAML assertion, one of SV, HOK
* @param keyIdentifier an abstract identifier for the Confirmation Key
* @param authorityIdentifier an abstract identifier for the issuing authority
* @param referenceType the reference type for references to the SAML Assertion,
* should be one of KeyIdentifier, Embedded reference type as defined by
* WSS SAML Token profile 1.0.
*/
public SAMLAssertionBinding(String type, String keyIdentifier, String authorityIdentifier, String referenceType) {
this();
this._type = type;
this._keyIdentifier = keyIdentifier;
this._authorityIdentifier = authorityIdentifier;
this._referenceType = referenceType;
}
/**
* set the SubjectConfirmation type of the SAML assertion
* @param type the SubjectConfirmation type of the SAML assertion, one of SV, HOK
*/
public void setAssertionType(String type) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAMLAssertionType : Policy is ReadOnly");
}
if (SV_ASSERTION.equals(type)) {
this._type = SV_ASSERTION;
} else if (HOK_ASSERTION.equals(type)) {
this._type = HOK_ASSERTION;
} else {
//throw error
}
}
public void setSAMLVersion(String ver) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAMLAssertionType : Policy is ReadOnly");
}
this.samlVersion = ver;
}
public String getSAMLVersion() {
return samlVersion;
}
/**
* Create and set the KeyBinding for this WSSPolicy to a PrivateKeyBinding
* @return a new PrivateKeyBinding as a KeyBinding for this WSSPolicy
*/
public MLSPolicy newPrivateKeyBinding() {
if (isReadOnly()) {
throw new RuntimeException("Can not create PrivateKeyBinding : Policy is Readonly");
}
this._keyBinding = new PrivateKeyBinding();
return _keyBinding;
}
/**
* set the abstract identifier for the Confirmation Key
* @param ki the abstract identifier for the Confirmation Key
*/
public void setKeyIdentifier(String ki) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAML KeyIdentifier : Policy is ReadOnly");
}
this._keyIdentifier = ki;
}
/**
* set the abstract identifier for the issuing authority
* @param uri the URI of the Assertion Issuer
*/
public void setAuthorityIdentifier(String uri) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAML AuthorityIdentifier : Policy is ReadOnly");
}
this._authorityIdentifier = uri;
}
/**
* set the ReferenceType to be used for references to the SAML Assertion
* @param rtype reference type (one of KeyIdentifier, Embedded)
*/
public void setReferenceType(String rtype) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAML ReferenceType : Policy is ReadOnly");
}
this._referenceType = rtype;
}
/**
* set the SAML AuthorityBinding element, identifying a remote assertion
* @param authorityBinding
*/
public void setAuthorityBinding(Element authorityBinding) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAML AuthorityBinding : Policy is ReadOnly");
}
this._authorityBinding = authorityBinding;
}
/**
* set the SAML Assertion
* @param assertion the SAML Assertion
*/
public void setAssertion(Element assertion) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAML Assertion : Policy is ReadOnly");
}
this._assertion = assertion;
}
public void setAssertion(XMLStreamReader reader) {
this.samlAssertion = reader;
}
/**
* set the keyAlgorithm to be used
* @param algorithm the keyAlgorithm to be used
*/
public void setKeyAlgorithm(String algorithm) {
if (isReadOnly()) {
throw new RuntimeException("Can not set KeyAlgorithm : Policy is ReadOnly");
}
this._keyAlgorithm = algorithm;
}
/**
* @return key algorithm
*/
public String getKeyAlgorithm() {
return this._keyAlgorithm;
}
/**
* @return reference type
*/
public String getReferenceType() {
return this._referenceType;
}
/**
* @return type of SAMLAssertion (SV/HOK)
*/
public String getAssertionType() {
return this._type;
}
/**
* @return identifier to key bound to the Assertion
*/
public String getKeyIdentifier() {
return this._keyIdentifier;
}
/**
* @return identifier to Authority issueing the Assertion
*/
public String getAuthorityIdentifier() {
return this._authorityIdentifier;
}
/**
* @return authority binding component of the assertion
*/
public Element getAuthorityBinding() {
return this._authorityBinding;
}
/**
* @return SAML assertion
*/
public Element getAssertion() {
return this._assertion;
}
public XMLStreamReader getAssertionReader() {
return this.samlAssertion;
}
/**
* equals operator
* @param policy the policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equals(WSSPolicy policy) {
try {
if (!PolicyTypeUtil.samlTokenPolicy(policy)) {
return false;
}
SAMLAssertionBinding sBinding = (SAMLAssertionBinding) policy;
// this kind of equals is still incorrect
boolean b1 = _type.equals("") ? true : _type.equals(sBinding.getAssertionType());
if (!b1) {
return false;
}
boolean b2 = _authorityIdentifier.equals("") ? true : _authorityIdentifier.equals(sBinding.getAuthorityIdentifier());
if (!b2) {
return false;
}
boolean b3 = _referenceType.equals("") ? true : _referenceType.equals(sBinding.getReferenceType());
if (!b3) {
return false;
}
boolean b6 = _keyAlgorithm.equals("") ? true : _keyAlgorithm.equals(sBinding.getKeyAlgorithm());
if (!b6) {
return false;
}
boolean b7 = (strId == null) ? true : strId.equals(sBinding.getSTRID());
if (!b7) {
return false;
}
boolean b8 = (assertionId == null) ? true : assertionId.equals(sBinding.getAssertionId());
if (!b8) {
return false;
}
} catch (Exception e) {
}
return true;
}
/*
* Equality comparision ignoring the Targets
* @param binding the policy to be compared for equality
* @return true if the argument binding is equal to this
*/
public boolean equalsIgnoreTargets(WSSPolicy binding) {
return equals(binding);
}
/**
*@return clone of this SAML Policy
*/
public Object clone() {
SAMLAssertionBinding samlBinding = new SAMLAssertionBinding();
try {
samlBinding.setAssertionType(_type);
samlBinding.setKeyAlgorithm(_keyAlgorithm);
samlBinding.setKeyIdentifier(_keyIdentifier);
samlBinding.setReferenceType(_referenceType);
samlBinding.setAuthorityIdentifier(_authorityIdentifier);
samlBinding.setAssertion(_assertion);
samlBinding.setAssertion(this.samlAssertion);
samlBinding.setAuthorityBinding(_authorityBinding);
samlBinding.setSTRID(this.strId);
samlBinding.setAssertionId(this.assertionId);
//samlBinding.setPolicyToken(this.getPolicyToken());
samlBinding.setIncludeToken(this.getIncludeToken());
samlBinding.setPolicyTokenFlag(this.policyTokenWasSet());
samlBinding.isOptional(_isOptional);
} catch (Exception e) {
}
return samlBinding;
}
/**
* @return the type of the policy
*/
public String getType() {
return PolicyTypeUtil.SAMLASSERTION_TYPE;
}
/*
* @param id the wsu:id of the wsse:SecurityTokenReference to
* be generated for this X509Certificate Token. Applicable while
* sending a message (sender side policy)
*/
public void setSTRID(String id) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAML STRID : Policy is ReadOnly");
}
this.strId = id;
}
/*
* @return the wsu:id of the wsse:SecurityTokenReference to
* be generated for this X509Certificate Token, if specified,
* null otherwise.
*/
public String getSTRID() {
return this.strId;
}
/**
* set the AssertionId for the possibly remote assertion
* A CallbackHandler can choose to just set the
* AuthorityBinding and the AssertionId, and not set
* the actual assertion
* @param id the Assertion Id of the possibly remote SAML Assertion
*/
public void setAssertionId(String id) {
if (isReadOnly()) {
throw new RuntimeException("Can not set SAML AssertionID : Policy is ReadOnly");
}
this.assertionId = id;
}
/**
* A CallbackHandler can choose to just set the
* AuthorityBinding and the AssertionId, and not set
* the actual assertion
* @return the Assertion ID of the SAML Assertion represented by this Policy
*/
public String getAssertionId() {
return this.assertionId;
}
public String toString() {
return PolicyTypeUtil.SAMLASSERTION_TYPE + "::" + getReferenceType() + "::" + this._type;
}
public Element get_assertion() {
return _assertion;
}
public String getRealId() {
return assertionId;
}
public void setRealId(String realId) {
// do nothing, real id is assertion id
}
}
/**
* A policy representing a RSAKeyPair. An instance of
* this class can be used as concrete feature binding for an
* AuthenticationTokenPolicy.
*/
public static class KeyValueTokenBinding extends KeyBindingBase {
/**
* Feature Bindings
*
* Key Bindings
*
* (1) PrivateKeyBinding
*/
String _valueType = MessageConstants._EMPTY;
String _encodingType = MessageConstants._EMPTY;
String _referenceType = MessageConstants._EMPTY;
/**
* Default Constructor
*/
public KeyValueTokenBinding() {
setPolicyIdentifier(PolicyTypeUtil.RSATOKEN_TYPE);
}
/**
* Create and set the KeyBinding for this WSSPolicy to a PrivateKeyBinding
* @return a new PrivateKeyBinding as a KeyBinding for this WSSPolicy
*/
public MLSPolicy newPrivateKeyBinding() {
if (isReadOnly()) {
throw new RuntimeException("Can not create PrivateKeyBinding : Policy is Readonly");
}
this._keyBinding = new PrivateKeyBinding();
return _keyBinding;
}
/**
* set the ValueType
* @param valueType Token type like X509v3, X509PKIPathv1, PKCS7
*/
public void setValueType(String valueType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set ValueType of X509Certificate : Policy is ReadOnly");
}
this._valueType = valueType;
}
/**
* set the EncodingType
* @param encodingType encoding type like base64
*/
public void setEncodingType(String encodingType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set EncodingType of X509Certificate : Policy is ReadOnly");
}
this._encodingType = encodingType;
}
/**
* set the ReferenceType
* @param referenceType KeyIdentifier, Direct etc.,.
*/
public void setReferenceType(String referenceType) {
if (isReadOnly()) {
throw new RuntimeException("Can not set ReferenceType of X509Certificate : Policy is ReadOnly");
}
this._referenceType = referenceType;
}
/**
* @return valueType
*/
public String getValueType() {
return this._valueType;
}
/**
* @return encodingType
*/
public String getEncodingType() {
return this._encodingType;
}
/**
* @return referenceType
*/
public String getReferenceType() {
return this._referenceType;
}
/**
* @param policy the policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equals(WSSPolicy policy) {
boolean assrt = false;
try {
if (!PolicyTypeUtil.keyValueTokenBinding(policy)) {
return false;
}
KeyValueTokenBinding rsaTokenBinding = (KeyValueTokenBinding) policy;
boolean b1 = _valueType.equals("") ? true : _valueType.equals(rsaTokenBinding.getValueType());
if (!b1) {
return false;
}
boolean b2 = _encodingType.equals("") ? true : _encodingType.equals(rsaTokenBinding.getEncodingType());
if (!b2) {
return false;
}
boolean b3 = _referenceType.equals("") ? true : _referenceType.equals(rsaTokenBinding.getReferenceType());
if (!b3) {
return false;
}
} catch (Exception e) {
}
return false;
}
/*
* Equality comparision ignoring the Targets
* @param policy the policy to be compared for equality
* @return true if the argument policy is equal to this
*/
public boolean equalsIgnoreTargets(WSSPolicy policy) {
return equals(policy);
}
/**
* Clone operator
* @return clone of this policy
*/
public Object clone() {
KeyValueTokenBinding rsaTokenBinding = new KeyValueTokenBinding();
try {
rsaTokenBinding.setValueType(_valueType);
rsaTokenBinding.setEncodingType(_encodingType);
rsaTokenBinding.setReferenceType(_referenceType);
rsaTokenBinding.setUUID(UUID);
WSSPolicy kBinding = (WSSPolicy) this.getKeyBinding();
if (kBinding != null) {
rsaTokenBinding.setKeyBinding((MLSPolicy) kBinding.clone());
}
//x509Binding.setPolicyToken(this.getPolicyToken());
rsaTokenBinding.setIncludeToken(this.getIncludeToken());
rsaTokenBinding.setPolicyTokenFlag(this.policyTokenWasSet());
} catch (Exception e) {
}
return rsaTokenBinding;
}
/**
* @return the type of the policy
*/
public String getType() {
//return PolicyTypeUtil.RSATOKEN_TYPE;
return getPolicyIdentifier();
}
public String toString() {
//return PolicyTypeUtil.RSATOKEN_TYPE + "::" + _referenceType;
return getPolicyIdentifier() + "::" + _referenceType;
}
}
}