/
WSTrustElementFactory.java
523 lines (431 loc) · 19.4 KB
/
WSTrustElementFactory.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
/*
* Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0, which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package com.sun.xml.ws.security.trust;
import com.sun.xml.ws.security.trust.elements.OnBehalfOf;
import com.sun.xml.ws.security.trust.elements.str.DirectReference;
import com.sun.xml.ws.security.trust.elements.str.KeyIdentifier;
import com.sun.xml.ws.api.security.trust.Claims;
import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.security.trust.elements.ActAs;
import com.sun.xml.ws.security.trust.elements.AllowPostdating;
import com.sun.xml.ws.security.trust.elements.BinarySecret;
import com.sun.xml.ws.security.trust.elements.BaseSTSRequest;
import com.sun.xml.ws.security.trust.elements.BaseSTSResponse;
import com.sun.xml.ws.security.trust.elements.CancelTarget;
import com.sun.xml.ws.security.trust.elements.Entropy;
import com.sun.xml.ws.security.trust.elements.IssuedTokens;
import com.sun.xml.ws.security.trust.elements.Lifetime;
import com.sun.xml.ws.security.trust.elements.RenewTarget;
import com.sun.xml.ws.security.trust.elements.Renewing;
import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponseCollection;
import com.sun.xml.ws.security.trust.elements.RequestedProofToken;
import com.sun.xml.ws.security.trust.elements.RequestedAttachedReference;
import com.sun.xml.ws.security.trust.elements.RequestedUnattachedReference;
import com.sun.xml.ws.security.trust.elements.RequestedSecurityToken;
import com.sun.xml.ws.security.trust.elements.SecondaryParameters;
import com.sun.xml.ws.api.security.trust.Status;
import com.sun.xml.ws.security.trust.elements.UseKey;
import com.sun.xml.ws.security.trust.elements.ValidateTarget;
import java.net.URI;
import com.sun.xml.ws.policy.impl.bindings.AppliesTo;
import com.sun.xml.ws.security.EncryptedKey;
import com.sun.xml.ws.security.trust.elements.str.Reference;
import com.sun.xml.ws.security.trust.elements.str.SecurityTokenReference;
import com.sun.xml.ws.security.Token;
import com.sun.xml.ws.security.SecurityContextToken;
import com.sun.xml.ws.security.secconv.WSSCVersion;
import com.sun.xml.ws.security.wsu10.AttributedDateTime;
import java.util.List;
import java.util.Map;
import java.util.HashMap;
import javax.xml.transform.Source;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
/**
* A Factory for creating the WS-Trust schema elements, and marshalling/un-marshalling them
* <p>
* The default Implementation classes for all these WS-Trust schema Elements would assume
* that JAXB Bindings were generated for ws-trust.xsd schema in a particular fixed namespace/package.
* The default implementation classes for all these WS-Trust Element Interfaces would hence wrap
* the schema generated classes.
* </p>
* <p>
* An STS Service can create a RequestSecurityToken from the JAXBBean(i.e RequestSecurityTokenType)
* it receives, as an SEI method parameter, in the following manner
* </P>
* <PRE>
* RequestSecurityTokenType tok=...//obtained as JAXWS SEI method paramater
* ObjectFactory factory = new ObjectFactory();
* JAXBElement<RequestSecurityTokenType> rst= factory.createRequestSecurityToken(tok);
* WSTrustElementFactory fact= ..
* RequestSecurityToken requestSecurityToken= fact.createRSTFrom(rst);
* </PRE>
* <p>
* To get back a JAXB Bean from an instance of RequestSecurityToken the following can be done
* <PRE>
* JAXBElement<RequestSecurityTokenType> elem = fact.toJAXBElement(requestSecurityToken);
* RequestSecurityTokenType tok = elem.getValue();
* </PRE>
*
* @author Kumar Jayanti
*/
public abstract class WSTrustElementFactory {
private static JAXBContext jaxbContext = null;
private static JAXBContext jaxbContext13 = null;
private static Map<String, WSTrustElementFactory> intMap = new HashMap<String, WSTrustElementFactory>();
static {
try {
jaxbContext = JAXBContext.newInstance("com.sun.xml.ws.security.trust.impl.bindings:com.sun.xml.ws.security.secconv.impl.bindings:com.sun.xml.ws.security.secext10:com.sun.xml.security.core.ai:com.sun.xml.security.core.dsig:com.sun.xml.ws.policy.impl.bindings");
jaxbContext13 = JAXBContext.newInstance("com.sun.xml.ws.security.trust.impl.wssx.bindings:com.sun.xml.ws.security.secconv.impl.wssx.bindings:com.sun.xml.ws.security.secext10:com.sun.xml.security.core.ai:com.sun.xml.security.core.dsig:com.sun.xml.ws.policy.impl.bindings");
} catch (JAXBException jbe) {
throw new RuntimeException(jbe.getMessage(),jbe);
}
}
public static JAXBContext getContext() {
return jaxbContext;
}
public static JAXBContext getContext(WSTrustVersion wstVer) {
if (wstVer instanceof com.sun.xml.ws.security.trust.impl.wssx.WSTrustVersion13){
return jaxbContext13;
}
return jaxbContext;
}
public static WSTrustElementFactory newInstance() {
return newInstance(WSTrustVersion.WS_TRUST_10_NS_URI);
}
public static WSTrustElementFactory newInstance(String nsUri){
WSTrustElementFactory fac = intMap.get(nsUri);
if (fac != null){
return fac;
}
String type = getInstanceClassName(nsUri);
try {
Class<?> clazz = null;
final ClassLoader loader = Thread.currentThread().getContextClassLoader();
if (loader == null) {
clazz = Class.forName(type);
} else {
clazz = loader.loadClass(type);
}
if (clazz != null) {
@SuppressWarnings("unchecked")
Class<WSTrustElementFactory> typedClass = (Class<WSTrustElementFactory>) clazz;
fac = typedClass.newInstance();
}
} catch (Exception ex) {
throw new RuntimeException("unable to initialize the WSTrustElementFactory for the protocol " + nsUri, ex);
}
intMap.put(nsUri, fac);
return fac;
}
public static WSTrustElementFactory newInstance(WSTrustVersion wstVer) {
return newInstance(wstVer.getNamespaceURI());
}
public static WSTrustElementFactory newInstance(WSSCVersion wsscVer) {
return newInstance(wsscVer.getNamespaceURI());
}
private static String getInstanceClassName(String nsUri) {
if (WSTrustVersion.WS_TRUST_10_NS_URI.equals(nsUri)){
return "com.sun.xml.ws.security.trust.impl.WSTrustElementFactoryImpl";
} else if (WSTrustVersion.WS_TRUST_13_NS_URI.equals(nsUri)){
return "com.sun.xml.ws.security.trust.impl.wssx.WSTrustElementFactoryImpl";
} else if (WSSCVersion.WSSC_10_NS_URI.equals(nsUri)){
return "com.sun.xml.ws.security.secconv.WSSCElementFactory";
}else if (WSSCVersion.WSSC_13_NS_URI.equals(nsUri)){
return "com.sun.xml.ws.security.secconv.WSSCElementFactory13";
}
return "com.sun.xml.ws.security.trust.impl.WSTrustElementFactoryImpl";
}
/**
* Create an RST for Issue from the given arguments
* Any of the arguments can be null since they are all optional, but one of tokenType and AppliesTo must be present
*/
public abstract RequestSecurityToken createRSTForIssue(URI tokenType, URI requestType, URI context, AppliesTo scopes, Claims claims, Entropy entropy, Lifetime lifetime) throws WSTrustException;
/**
* create an RSTR for Issue from the given arguments
* Any of the arguments can be null since they are all optional, but one of RequestedSecurityToken or RequestedProofToken should be returned
*/
public abstract RequestSecurityTokenResponse createRSTRForIssue(URI tokenType, URI context, RequestedSecurityToken token, AppliesTo scopes, RequestedAttachedReference attachedRef, RequestedUnattachedReference unattachedRef, RequestedProofToken proofToken, Entropy entropy, Lifetime lifetime) throws WSTrustException;
/**
*Create a collection of RequestSecurityTokenResponse(s)
*/
public abstract RequestSecurityTokenResponseCollection createRSTRCollectionForIssue(URI tokenType, URI context, RequestedSecurityToken token, AppliesTo scopes, RequestedAttachedReference attachedRef, RequestedUnattachedReference unattachedRef, RequestedProofToken proofToken, Entropy entropy, Lifetime lifetime) throws WSTrustException;
/**
* Create a wst:IssuedTokens object
*/
public abstract IssuedTokens createIssuedTokens(RequestSecurityTokenResponseCollection issuedTokens);
/**
* Create an Entropy with a BinarySecret
*/
public abstract Entropy createEntropy(BinarySecret secret);
/**
* Create an Entropy with an xenc:EncryptedKey
*/
public abstract Entropy createEntropy(EncryptedKey key);
/**
* Create SecondaryParameters
*/
public abstract SecondaryParameters createSecondaryParameters();
/**
* Create a BinarySecret
*/
public abstract BinarySecret createBinarySecret(byte[] rawValue, String type);
/**
* Create a BinarySecret
*/
public abstract BinarySecret createBinarySecret(Element elem) throws WSTrustException;
public abstract UseKey createUseKey(Token token, String sig);
public abstract OnBehalfOf createOnBehalfOf(Token oboToken);
public abstract ActAs createActAs(Token token);
public abstract ValidateTarget createValidateTarget(Token token);
public abstract Status createStatus(String code, String reason);
/**
* Create a Lifetime.
*/
public abstract Lifetime createLifetime(AttributedDateTime created, AttributedDateTime expires);
/**
* Create a RequestedProofToken.
*/
public abstract RequestedProofToken createRequestedProofToken();
/**
* Create a RequestedSecurityToken.
*/
public abstract RequestedSecurityToken createRequestedSecurityToken(Token token);
public abstract RequestedSecurityToken createRequestedSecurityToken();
public abstract DirectReference createDirectReference(String valueType, String uri);
public abstract KeyIdentifier createKeyIdentifier(String valueType, String encodingType);
public abstract SecurityTokenReference createSecurityTokenReference(Reference ref);
public abstract SecurityContextToken createSecurityContextToken(final URI identifier, final String instance, final String wsuId);
/**
* Create a RequestedAttachedReference.
*/
public abstract RequestedAttachedReference createRequestedAttachedReference(SecurityTokenReference str);
/**
* Create a RequestedUnattachedReference.
*/
public abstract RequestedUnattachedReference createRequestedUnattachedReference(SecurityTokenReference str);
/**
*Create an RST for a Renewal Request
*/
public abstract RequestSecurityToken createRSTForRenew(URI tokenType, URI requestType, URI context, RenewTarget target, AllowPostdating apd, Renewing renewingInfo);
/**
*Create an RSTR for a Renewal Response
*/
public abstract RequestSecurityTokenResponse createRSTRForRenew(URI tokenType, URI context, RequestedSecurityToken token, RequestedAttachedReference attachedReference, RequestedUnattachedReference unattachedRef, RequestedProofToken proofToken, Entropy entropy, Lifetime lifetime) throws WSTrustException;;
public abstract RenewTarget createRenewTarget(SecurityTokenReference str);
public abstract CancelTarget createCancelTarget(SecurityTokenReference str);
/**
*Create an RST for Token Cancellation
*/
public abstract RequestSecurityToken createRSTForCancel(URI requestType, CancelTarget target);
/**
*Create an RSTR for a Successful Token Cancellation
*/
public abstract RequestSecurityTokenResponse createRSTRForCancel();
/**
*Create an RST for Token Validation
*<p>
*TODO: Not clear from Spec whether the Token to be validated is ever sent ?
*TODO: There is a mention of special case where a SOAPEnvelope may be specified as
* a security token if the requestor desires the envelope to be validated.
*</p>
*/
public abstract RequestSecurityToken createRSTForValidate(URI tokenType, URI requestType);
/**
* create an RSTR for validate request.
*/
public abstract RequestSecurityTokenResponse createRSTRForValidate(URI tokenType, RequestedSecurityToken token, Status status);
public abstract RequestSecurityTokenResponseCollection createRSTRC(List<RequestSecurityTokenResponse> rstrs);
/**
* Create an Empty RST
*/
public abstract RequestSecurityToken createRST();
/**
* Create an Empty RSTR
*/
public abstract RequestSecurityTokenResponse createRSTR();
/**
* create an RST from a Source
*/
public abstract RequestSecurityToken createRSTFrom(Source src);
/**
* create an RST from DOM Element
*/
public abstract RequestSecurityToken createRSTFrom(Element elem);
/**
* create an RSTR from a Source
*/
public abstract RequestSecurityTokenResponse createRSTRFrom(Source src);
/**
* create an RSTR from DOM Element
*/
public abstract RequestSecurityTokenResponse createRSTRFrom(Element elem);
/**
* Create RSTR Collection from Source
*/
public abstract RequestSecurityTokenResponseCollection createRSTRCollectionFrom(Source src);
/**
* Create RSTR Collection from Element
*/
public abstract RequestSecurityTokenResponseCollection createRSTRCollectionFrom(Element elem);
public abstract Claims createClaims(Element elem)throws WSTrustException;
public abstract Claims createClaims(Claims claims) throws WSTrustException;
public abstract Claims createClaims() throws WSTrustException;
/**
* create an RST from JAXBElement
* <p>
* NOTE: an STS Implementor can call
* <PRE>
* JAXBElement<RequestSecurityTokenType> elem=
* ObjectFactory.createRequestSecurityToken(<JAXBBean for RST>)
* </PRE>
* The JAXBBean for RST is the one generated from the ws-trust.xsd schema
* The default implementation expects the packagename of the generated JAXB Beans to be fixed.
*
*/
public abstract RequestSecurityToken createRSTFrom(JAXBElement elem);
/**
* create an RSTR from JAXBElement
* <p>
* NOTE: an STS Implementor can call
* <PRE>
* JAXBElement<RequestSecurityTokenResponseType> elem=
* ObjectFactory.createRequestSecurityTokenResponse(<JAXBBean for RSTR>);
* </PRE>
* The <JAXBBean for RSTR> is the one generated from the ws-trust.xsd schema
* The default implementation expects the packagename of the generated JAXB Beans to be fixed.
*
*/
public abstract RequestSecurityTokenResponse createRSTRFrom(JAXBElement elem);
/**
* create an RSTR Collection from JAXBElement
* <p>
* NOTE: an STS Implementor can call
* <PRE>
* JAXBElement<RequestSecurityTokenResponseCollectionType> elem=
* ObjectFactory.createRequestSecurityTokenResponseCollection(<JAXBBean for RSTR Collection>
* </PRE>
* The <JAXBBean for RSTR Collection> is the one generated from the ws-trust.xsd schema
* The default implementation expects the packagename of the generated JAXB Beans to be fixed.
*
*/
public abstract RequestSecurityTokenResponseCollection createRSTRCollectionFrom(JAXBElement elem);
public abstract SecurityTokenReference createSecurityTokenReference(JAXBElement elem);
public abstract JAXBElement toJAXBElement(BaseSTSRequest request);
public abstract JAXBElement toJAXBElement(BaseSTSResponse response);
/**
* convert an SecurityTokenReference to a JAXBElement
*/
public abstract JAXBElement toJAXBElement(SecurityTokenReference str);
/**
* convert an RST to a JAXBElement
*/
public abstract JAXBElement toJAXBElement(RequestSecurityToken rst);
/**
* convert an RSTR to a JAXBElement
*/
public abstract JAXBElement toJAXBElement(RequestSecurityTokenResponse rstr);
/**
* convert an RSTR Collection to a JAXBElement
*/
public abstract JAXBElement toJAXBElement(RequestSecurityTokenResponseCollection rstrCollection);
public abstract Source toSource(BaseSTSRequest request);
public abstract Source toSource(BaseSTSResponse response);
/**
* Marshal an RST to a Source.
* <p>
* Note: Useful for Dispatch Client implementations
* </p>
*/
public abstract Source toSource(RequestSecurityToken rst);
/**
* Marshal an RSTR to a Source
* <p>
* Note: Useful for STS implementations which are JAXWS Providers
* </p>
*/
public abstract Source toSource(RequestSecurityTokenResponse rstr);
/**
* Marshal an RSTR Collection to a Source
* <p>
* Note: Useful for STS implementations which are JAXWS Providers
* </p>
*/
public abstract Source toSource(RequestSecurityTokenResponseCollection rstrCollection);
public abstract Element toElement(BaseSTSRequest request);
public abstract Element toElement(BaseSTSResponse response);
/**
* Marshal an RST to a DOM Element.
* <p>
* Note: Useful for Dispatch Client implementations
* </p>
*/
public abstract Element toElement(RequestSecurityToken rst);
/**
* Marshal an RSTR to DOM Element
* <p>
* Note: Useful for STS implementations which are JAXWS Providers
* </p>
*/
public abstract Element toElement(RequestSecurityTokenResponse rstr);
public abstract Element toElement(RequestSecurityTokenResponse rstr, Document doc);
/**
* Marshal an RSTR Collection to a DOM Element
* <p>
* Note: Useful for STS implementations which are JAXWS Providers
* </p>
*/
public abstract Element toElement(RequestSecurityTokenResponseCollection rstrCollection);
/**
* Marshal an BinarySecret to a DOM Element
* <p>
* Note: Useful for STS implementations which are JAXWS Providers
* </p>
*/
public abstract Element toElement(BinarySecret binarySecret);
/**
* Marshal an STR to a DOM Element.
* <p>
* Note: Useful for Dispatch Client implementations
* </p>
*/
public abstract Element toElement(SecurityTokenReference str, Document doc);
/**
* Marshal an BinarySecret to a DOM Element.
* <p>
* Note: Useful for Dispatch Client implementations
* </p>
*/
public abstract Element toElement(BinarySecret binarySecret, Document doc);
public Element toElement(Object jaxbEle){
if (jaxbEle instanceof Element){
return (Element)jaxbEle;
}
try{
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.newDocument();
getMarshaller().marshal((JAXBElement)jaxbEle, doc);
return doc.getDocumentElement();
} catch (Exception ex) {
throw new RuntimeException(ex.getMessage(), ex);
}
}
public abstract Marshaller getMarshaller();
}