IDPConfig idpConfig = (IDPConfig) WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG);
Bus cxfBus = getBus();
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace(HTTP_WWW_W3_ORG_2005_08_ADDRESSING);
ServiceConfig serviceConfig = idpConfig.getServices().get(wtrealm);
if (serviceConfig == null) {
LOG.warn("No service config found for " + wtrealm);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
// Parse wreq parameter - we only support parsing TokenType and KeyType for now
String wreq = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REQUEST);
String stsTokenType = null;
String stsKeyType = keyType;
if (wreq != null) {
Element wreqElement = getRSTFromWReq(wreq);
if (wreqElement != null) {
Element tokenTypeElement =
DOMUtils.getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "TokenType");
if (tokenTypeElement != null) {
stsTokenType = tokenTypeElement.getTextContent();
}
Element keyTypeElement =
DOMUtils.getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "KeyType");
if (keyTypeElement != null) {
stsKeyType = keyTypeElement.getTextContent();
}
}
}
if (stsTokenType != null) {
sts.setTokenType(stsTokenType);
} else if (serviceConfig.getTokenType() != null && serviceConfig.getTokenType().length() > 0) {
sts.setTokenType(serviceConfig.getTokenType());
} else {
sts.setTokenType(getTokenType());
}
if (serviceConfig.getPolicyNamespace() != null && serviceConfig.getPolicyNamespace().length() > 0) {
sts.setWspNamespace(serviceConfig.getPolicyNamespace());
}
if (LOG.isDebugEnabled()) {
LOG.debug("TokenType " + sts.getTokenType() + " set for " + wtrealm);
}
sts.setKeyType(stsKeyType);
if (HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY.equals(stsKeyType)) {
HttpServletRequest servletRequest = WebUtils.getHttpServletRequest(context);
if (servletRequest != null) {
X509Certificate certs[] =
(X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");
if (certs != null && certs.length > 0) {
sts.setUseCertificateForConfirmationKeyInfo(true);
sts.setUseKeyCertificate(certs[0]);
} else {
LOG.info("Can't send a PublicKey KeyType as no client certs are available");
sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
}
}
}
processWsdlLocation(context);
sts.setWsdlLocation(wsdlLocation);
sts.setServiceQName(new QName(
HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512,
SECURITY_TOKEN_SERVICE));
sts.setEndpointQName(new QName(
HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512, wsdlEndpoint));
if (serviceConfig.getRequestedClaims() != null && serviceConfig.getRequestedClaims().size() > 0) {
addClaims(sts, serviceConfig.getRequestedClaims());
if (LOG.isDebugEnabled()) {
LOG.debug("Requested claims set for " + wtrealm);
}
}
sts.setEnableLifetime(true);
if (serviceConfig.getLifeTime() != null && serviceConfig.getLifeTime().length() > 0) {
try {
int lifetime = Integer.parseInt(serviceConfig.getLifeTime());
sts.setTtl(lifetime);
sts.setEnableLifetime(lifetime > 0);
if (LOG.isDebugEnabled()) {
LOG.debug("Lifetime set to " + serviceConfig.getLifeTime() + " seconds for " + wtrealm);
}
} catch (NumberFormatException ex) {
LOG.warn("Invalid lifetime configured for service provider " + wtrealm);
sts.setTtl(this.ttl);
sts.setEnableLifetime(this.ttl > 0);
}
} else {
sts.setTtl(this.ttl);
sts.setEnableLifetime(this.ttl > 0);
if (LOG.isDebugEnabled()) {
LOG.debug("Lifetime set to " + this.ttl + " seconds for " + wtrealm);
}
}
sts.setOnBehalfOf(idpToken.getToken());
if (!(serviceConfig.getProtocol() == null
|| FederationConstants.WS_FEDERATION_NS.equals(serviceConfig.getProtocol()))) {
LOG.error("Protocol " + serviceConfig.getProtocol() + " not supported for " + wtrealm);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
String rpToken = sts.requestSecurityTokenResponse(wtrealm);
InputStream is = new ByteArrayInputStream(rpToken.getBytes());
Document doc = DOMUtils.readXml(is);
NodeList nd = doc.getElementsByTagName("saml2:Assertion");
if (nd.getLength() == 0) {