/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.sandbox.security.trust.issue;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.sandbox.security.trust.STSUtil;
import org.apache.ws.sandbox.security.trust.WSTrustException;
import org.apache.ws.sandbox.security.trust.message.token.BaseToken;
import org.apache.ws.sandbox.security.trust.message.token.Lifetime;
import org.apache.ws.sandbox.security.trust.message.token.RequestSecurityTokenResponse;
import org.apache.ws.sandbox.security.trust.message.token.RequestType;
import org.apache.ws.sandbox.security.trust.message.token.RequestedSecurityToken;
import org.apache.ws.sandbox.security.trust.message.token.TokenType;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
* @author Malinda Kaushalye
*
* Issue SCTs based on X509 certificates.
* Developers have to override the method getSecuritContextToken()
* @see org.apache.ws.sandbox.security.trust.STIssuer#issue(org.w3c.dom.Document, org.w3c.dom.Document)
*/
public abstract class X509ToSCTIssuer implements STIssuer {
X509Security x509;
int lifeTime = 2*60;//default in minutes
Crypto crypto;
protected String alias="";
/**
*
*/
public X509ToSCTIssuer() {
super();
}
/* (non-Javadoc)
* @see org.apache.ws.security.trust.STIssuer#issue(org.w3c.dom.Document, org.w3c.dom.Document)
*/
public Document issue(Document req, Document res) throws Exception {
Element elemTokenType=(Element)WSSecurityUtil.findElement(req,TokenType.TOKEN.getLocalPart(),TokenType.TOKEN.getNamespaceURI());
TokenType tokenType=new TokenType(elemTokenType);
Element elemRequestType=(Element)WSSecurityUtil.findElement(req,RequestType.TOKEN.getLocalPart(),RequestType.TOKEN.getNamespaceURI());
RequestType requestType=new RequestType(elemRequestType);
Element elemBase=(Element)WSSecurityUtil.findElement(req,BaseToken.TOKEN.getLocalPart(),BaseToken.TOKEN.getNamespaceURI());
BaseToken base=new BaseToken(elemBase);
BinarySecurity binarySecurity=STSUtil.findBinarySecurityToken(req);
//x509=new X509Security(binarySecurity.getElement());
Element sct=this.getSecuritContextToken(res,x509);
/////////////////////////////////////////////////////////////////////////////
//Now we build the response
RequestSecurityTokenResponse requestSecurityTokenResponse=new RequestSecurityTokenResponse(res);
RequestedSecurityToken requestedSecurityToken=new RequestedSecurityToken(res);
//Token Type
TokenType tokenTypeRes=new TokenType(res);
tokenTypeRes.setValue(tokenType.getValue());
//Request Type
RequestType requestTypeRes=new RequestType(res);
requestTypeRes.setValue(requestType.getValue());
//It is RECOMMENDED that the issuer return this element with issued tokens so the
//requestor knows the actual validity period without having to parse the
//returned token.
Lifetime lt=new Lifetime(res,this.getLifeTime());
// Element elemLifeTime = lt.getElement();
//
// //append to req'ed token
//// requestedSecurityToken.addToken(tokenTypeRes.getElement());
//// requestedSecurityToken.addToken(requestTypeRes.getElement());
// requestedSecurityToken.addToken(sct);
//
//
// RequestedProofToken requestedProofToken=new RequestedProofToken(res);
// if(!this.alias.equals("")){
// requestedProofToken.build(res, this.crypto, this.alias, requestedProofToken.getElement());
// }
//
// // append to response
// requestSecurityTokenResponse.addToken(tokenTypeRes.getElement());
// requestSecurityTokenResponse.addToken(requestTypeRes.getElement());
// requestSecurityTokenResponse.addToken(elemLifeTime);
//
// requestSecurityTokenResponse.addToken(requestedSecurityToken.getElement());
// requestSecurityTokenResponse.addToken(requestedProofToken.getElement());
// requestSecurityTokenResponse.setContext(TrustConstants.ISSUE_SECURITY_TOKEN);
//
//
//append to the body
Element elemEnv=res.getDocumentElement();
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(elemEnv);
Element elemBody=WSSecurityUtil.findBodyElement(elemEnv.getOwnerDocument(),soapConstants);
//Option1: Use the exisiting response element
//Element cld1=(Element)elemBody.getFirstChild().appendChild(requestedSecurityToken.getElement());
//Option2:remove old and create new response element
Element cld0=(Element)elemBody.removeChild((Element)elemBody.getFirstChild());
//Element cld1=(Element)elemBody.appendChild(requestSecurityTokenResponse.getElement());
return res;
}
/**
* Override this method to generate the SCT.
* Application developers can verify the requester
* according to their own mechanism (e.g. Searching a database)
* The whole request is handed over to the end user to make the process more flexible.
*/
public abstract Element getSecuritContextToken(Document doc,X509Security x509Sec)throws WSTrustException;
/**
* @return Duration in minutes
*/
public int getLifeTime() {
return lifeTime;
}
/**
* @return
*/
public X509Security getX509() {
return x509;
}
/**
*
* @param time Duration in minutes
*/
public void setLifeTime(int time) {
lifeTime = time;
}
/**
* @return
*/
public Crypto getCrypto() {
return crypto;
}
/**
* @param crypto
*/
public void setCrypto(Crypto crypto) {
this.crypto = crypto;
}
/**
* @return
*/
public String getAlias() {
return alias;
}
/**
* @param string
*/
public void setAlias(String string) {
alias = string;
}
}