/*
* Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.sts;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.AxisServiceGroup;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.engine.AxisEvent;
import org.apache.axis2.engine.AxisObserver;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.impl.SAMLTokenIssuerConfig;
import org.apache.rahas.impl.TokenIssuerUtil;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.core.deployment.DeploymentInterceptor;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.security.keystore.KeyStoreAdmin;
import org.wso2.carbon.security.keystore.service.KeyStoreData;
import org.wso2.carbon.security.util.RampartConfigUtil;
import org.wso2.carbon.security.util.ServerCrypto;
import org.wso2.carbon.sts.internal.STSServiceDataHolder;
import org.wso2.carbon.utils.ServerConstants;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map.Entry;
import java.util.Properties;
/**
* This deployment interceptor will be called whenever STS service being deployed.
*
* @see AxisObserver
*/
public class STSDeploymentInterceptor implements AxisObserver {
private static final Log log = LogFactory.getLog(DeploymentInterceptor.class);
/**
* {@inheritDoc}
*/
public void serviceUpdate(AxisEvent event, AxisService service) {
if (event.getEventType() == AxisEvent.SERVICE_DEPLOY
&& ServerConstants.STS_NAME.equals(service.getName())) {
try {
updateSTSService(service.getAxisConfiguration());
} catch (Exception e) {
log.error("Error while updating " + ServerConstants.STS_NAME
+ " in STSDeploymentInterceptor", e);
}
}
}
/**
* Updates STS service during deployment
*
* @param config AxisConfiguration
* @throws Exception
*/
public static void updateSTSService(AxisConfiguration config) throws Exception {
AxisService service = null;
Registry configRegistry = null;
Registry governRegistry = null;
String keyAlias = null;
String keyPassword = null;
KeyStoreAdmin admin = null;
KeyStoreData[] keystores = null;
String privateKeyAlias = null;
String keyStoreName = null;
String issuerName = null;
ServerConfiguration serverConfig = null;
configRegistry = STSServiceDataHolder.getInstance().getRegistryService()
.getConfigSystemRegistry();
governRegistry = STSServiceDataHolder.getInstance().getRegistryService()
.getGovernanceSystemRegistry();
if (configRegistry == null || config.getService(ServerConstants.STS_NAME) == null) {
if (log.isDebugEnabled()) {
log.debug("configRegistry not set or STS service is unavailable");
}
return;
}
serverConfig = ServerConfiguration.getInstance();
keyAlias = serverConfig.getFirstProperty("Security.KeyStore.KeyAlias");
keyPassword = serverConfig.getFirstProperty("Security.KeyStore.KeyPassword");
issuerName = serverConfig.getFirstProperty("HostName");
if (issuerName == null) {
// HostName not set :-( use wso2wsas-sts
issuerName = ServerConstants.STS_NAME;
}
admin = new KeyStoreAdmin(governRegistry);
keystores = admin.getKeyStores();
for (int i = 0; i < keystores.length; i++) {
if (KeyStoreUtil.isPrimaryStore(keystores[i].getKeyStoreName())) {
keyStoreName = keystores[i].getKeyStoreName();
privateKeyAlias = KeyStoreUtil.getPrivateKeyAlias(KeyStoreManager.getInstance(
STSServiceDataHolder.getInstance().getRegistryService().getGovernanceSystemRegistry())
.getKeyStore(keyStoreName));
break;
}
}
if (privateKeyAlias != null) {
service = config.getService(ServerConstants.STS_NAME);
String cryptoProvider = ServerCrypto.class.getName();
Properties props = RampartConfigUtil.getServerCryptoProperties(
new String[]{keyStoreName}, keyStoreName, privateKeyAlias);
SAMLTokenIssuerConfig stsSamlConfig = new SAMLTokenIssuerConfig(issuerName,
cryptoProvider, props);
stsSamlConfig.setIssuerKeyAlias(keyAlias);
stsSamlConfig.setIssuerKeyPassword(keyPassword);
stsSamlConfig.setAddRequestedAttachedRef(true);
stsSamlConfig.setAddRequestedUnattachedRef(true);
stsSamlConfig.setKeyComputation(2);
stsSamlConfig.setProofKeyType(TokenIssuerUtil.BINARY_SECRET);
String resourcePath = null;
resourcePath = RegistryResources.SERVICE_GROUPS + ServerConstants.STS_NAME
+ RegistryResources.SERVICES + ServerConstants.STS_NAME + "/trustedServices";
if (configRegistry.resourceExists(resourcePath)) {
Resource trustedService = null;
Properties properties = null;
Iterator iterator = null;
trustedService = configRegistry.get(resourcePath);
properties = trustedService.getProperties();
if (properties != null && !properties.isEmpty()) {
iterator = properties.entrySet().iterator();
while (iterator.hasNext()) {
Entry entry = (Entry) iterator.next();
stsSamlConfig.addTrustedServiceEndpointAddress((String) entry.getKey(),
(String) ((List) entry.getValue()).get(0));
}
}
}
//Set the TTL value read from the carbon.xml
String ttl = serverConfig.getFirstProperty("STSTimeToLive");
if (ttl != null && ttl.length() > 0) {
try {
stsSamlConfig.setTtl(Long.parseLong(ttl));
if (log.isDebugEnabled()) {
log.debug("STSTimeToLive read from carbon.xml " + ttl);
}
} catch (NumberFormatException e) {
log.error("Error while reading STSTimeToLive from carbon.xml", e);
}
}
try {
// remove param is exists
Parameter param = service.getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG
.getLocalPart());
if (param == null) {
// Add new parameter
service.addParameter(stsSamlConfig.getParameter());
service.addParameter(new Parameter(CarbonConstants.SKIP_PARAM_INIT, new Boolean("true")));
}
} catch (AxisFault e) {
log.error("Error while updating " + ServerConstants.STS_NAME
+ " in STSDeploymentInterceptor", e);
}
}
}
/**
* {@inheritDoc}
*/
public void init(AxisConfiguration arg0) {
// TODO Auto-generated method stub
}
/**
* {@inheritDoc}
*/
public void moduleUpdate(AxisEvent arg0, AxisModule arg1) {
// TODO Auto-generated method stub
}
/**
* {@inheritDoc}
*/
public void serviceGroupUpdate(AxisEvent event, AxisServiceGroup group) {
// TODO Auto-generated method stub
}
/**
* {@inheritDoc}
*/
public void addParameter(Parameter arg0) throws AxisFault {
// TODO Auto-generated method stub
}
/**
* {@inheritDoc}
*/
public void deserializeParameters(OMElement arg0) throws AxisFault {
// TODO Auto-generated method stub
}
/**
* {@inheritDoc}
*/
public Parameter getParameter(String arg0) {
// TODO Auto-generated method stub
return null;
}
/**
* {@inheritDoc}
*/
public ArrayList getParameters() {
// TODO Auto-generated method stub
return null;
}
/**
* {@inheritDoc}
*/
public boolean isParameterLocked(String arg0) {
// TODO Auto-generated method stub
return false;
}
/**
* {@inheritDoc}
*/
public void removeParameter(Parameter arg0) throws AxisFault {
// TODO Auto-generated method stub
}
}