|
1
19
20 package org.netbeans.modules.websvc.wsitconf.wsdlmodelext;
21
22 import java.util.List  ;
23 import org.netbeans.modules.websvc.wsitconf.ui.ComboConstants;
24 import org.netbeans.modules.websvc.wsitmodelext.addressing.Address;
25 import org.netbeans.modules.websvc.wsitmodelext.addressing.AddressingQName;
26 import org.netbeans.modules.websvc.wsitmodelext.mex.Metadata;
27 import org.netbeans.modules.websvc.wsitmodelext.mex.MetadataReference;
28 import org.netbeans.modules.websvc.wsitmodelext.mex.MetadataSection;
29 import org.netbeans.modules.websvc.wsitmodelext.mex.MexQName;
30 import org.netbeans.modules.websvc.wsitmodelext.policy.All;
31 import org.netbeans.modules.websvc.wsitmodelext.policy.Policy;
32 import org.netbeans.modules.websvc.wsitmodelext.policy.PolicyQName;
33 import org.netbeans.modules.websvc.wsitmodelext.security.RequestSecurityTokenTemplate;
34 import org.netbeans.modules.websvc.wsitmodelext.security.SecurityPolicyQName;
35 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.TransportToken;
36 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssGssKerberosV5ApReqToken11;
37 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssKerberosV5ApReqToken11;
38 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssSamlV10Token10;
39 import org.netbeans.modules.websvc.wsitmodelext.trust.KeySize;
40 import org.netbeans.modules.websvc.wsitmodelext.trust.KeyType;
41 import org.netbeans.modules.websvc.wsitmodelext.trust.TokenType;
42 import org.netbeans.modules.websvc.wsitmodelext.trust.TrustQName;
43 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.EncryptionToken;
44 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.EndorsingSupportingTokens;
45 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.HttpsToken;
46 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.InitiatorToken;
47 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.IssuedToken;
48 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.Issuer;
49 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.KerberosToken;
50 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.ProtectionToken;
51 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.RecipientToken;
52 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.RelToken;
53 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.SamlToken;
54 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.SecureConversationToken;
55 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.SecurityContextToken;
56 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.SignatureToken;
57 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.SignedEndorsingSupportingTokens;
58 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.SignedSupportingTokens;
59 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.SupportingTokens;
60 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.TokensQName;
61 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.UsernameToken;
62 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssSamlV10Token11;
63 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssSamlV11Token10;
64 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssSamlV11Token11;
65 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssSamlV20Token11;
66 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssUsernameToken10;
67 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssUsernameToken11;
68 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssX509Pkcs7Token10;
69 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssX509Pkcs7Token11;
70 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssX509PkiPathV1Token10;
71 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssX509PkiPathV1Token11;
72 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssX509V1Token10;
73 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssX509V1Token11;
74 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssX509V3Token10;
75 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.WssX509V3Token11;
76 import org.netbeans.modules.websvc.wsitmodelext.security.tokens.X509Token;
77 import org.netbeans.modules.xml.wsdl.model.Binding;
78 import org.netbeans.modules.xml.wsdl.model.BindingFault;
79 import org.netbeans.modules.xml.wsdl.model.BindingInput;
80 import org.netbeans.modules.xml.wsdl.model.BindingOperation;
81 import org.netbeans.modules.xml.wsdl.model.BindingOutput;
82 import org.netbeans.modules.xml.wsdl.model.ExtensibilityElement;
83 import org.netbeans.modules.xml.wsdl.model.WSDLComponent;
84 import org.netbeans.modules.xml.wsdl.model.WSDLComponentFactory;
85 import org.netbeans.modules.xml.wsdl.model.WSDLModel;
86 import org.openide.util.NbBundle;
87
88
92 public class SecurityTokensModelHelper {
93
94 public static final int SUPPORTING = 0;
95 public static final int SIGNED_SUPPORTING = 1;
96 public static final int ENDORSING = 2;
97 public static final int SIGNED_ENDORSING = 3;
98 public static final int NONE = 4;
99
100
103 public SecurityTokensModelHelper() { }
104
105 public static boolean isRequireClientCertificate(HttpsToken token) {
106 return token.getRequireClientCertificate();
107 }
108
109 public static void setRequireClientCertificate(HttpsToken token, boolean require) {
110 WSDLModel model = token.getModel();
111 boolean isTransaction = model.isIntransaction();
112 if (!isTransaction) {
113 model.startTransaction();
114 }
115 try {
116 token.setRequireClientCertificate(require);
117 } finally {
118 if (!isTransaction) {
119 model.endTransaction();
120 }
121 }
122 }
123
124 public static String getTokenType(WSDLComponent tokenKind) {
125 if (tokenKind != null) {
126 WSDLComponent wc = null;
127 wc = getTokenElement(tokenKind, UsernameToken.class);
128 if (wc != null) return ComboConstants.USERNAME;
129 wc = getTokenElement(tokenKind, X509Token.class);
130 if (wc != null) return ComboConstants.X509;
131 wc = getTokenElement(tokenKind, SamlToken.class);
132 if (wc != null) return ComboConstants.SAML;
133 wc = getTokenElement(tokenKind, RelToken.class);
134 if (wc != null) return ComboConstants.REL;
135 wc = getTokenElement(tokenKind, KerberosToken.class);
136 if (wc != null) return ComboConstants.KERBEROS;
137 wc = getTokenElement(tokenKind, SecurityContextToken.class);
138 if (wc != null) return ComboConstants.SECURITYCONTEXT;
139 wc = getTokenElement(tokenKind, SecureConversationToken.class);
140 if (wc != null) return ComboConstants.SECURECONVERSATION;
141 wc = getTokenElement(tokenKind, IssuedToken.class);
142 if (wc != null) return ComboConstants.ISSUED;
143 }
144 return null;
145 }
146
147 public static WSDLComponent getTokenTypeElement(WSDLComponent tokenKind) {
148 if (tokenKind == null) return null;
149 WSDLComponent wc = null;
150 wc = getTokenElement(tokenKind, HttpsToken.class);
151 if (wc != null) return wc;
152 wc = getTokenElement(tokenKind, UsernameToken.class);
153 if (wc != null) return wc;
154 wc = getTokenElement(tokenKind, X509Token.class);
155 if (wc != null) return wc;
156 wc = getTokenElement(tokenKind, SamlToken.class);
157 if (wc != null) return wc;
158 wc = getTokenElement(tokenKind, RelToken.class);
159 if (wc != null) return wc;
160 wc = getTokenElement(tokenKind, KerberosToken.class);
161 if (wc != null) return wc;
162 wc = getTokenElement(tokenKind, SecurityContextToken.class);
163 if (wc != null) return wc;
164 wc = getTokenElement(tokenKind, SecureConversationToken.class);
165 if (wc != null) return wc;
166 wc = getTokenElement(tokenKind, IssuedToken.class);
167 return wc;
168 }
169
170 public static String getTokenInclusionLevel(WSDLComponent tokenType) {
171 String incLevelStr = ((ExtensibilityElement)tokenType).getAnyAttribute(TokensQName.INCLUDETOKENATTRIBUTE.getQName());
172 if (incLevelStr != null) {
173 incLevelStr = incLevelStr.substring(incLevelStr.lastIndexOf("/")+1, incLevelStr.length()); return NbBundle.getMessage(ComboConstants.class, "COMBO_" + incLevelStr); } else {
176 return ComboConstants.NONE;
177 }
178 }
179
180 public static String getTokenProfileVersion(WSDLComponent tokenType) {
181 if (tokenType instanceof UsernameToken) {
182 if (SecurityPolicyModelHelper.isAttributeEnabled((ExtensibilityElement) tokenType, WssUsernameToken10.class)) {
183 return ComboConstants.WSS10;
184 }
185 if (SecurityPolicyModelHelper.isAttributeEnabled((ExtensibilityElement) tokenType, WssUsernameToken11.class)) {
186 return ComboConstants.WSS11;
187 }
188 }
189 if (tokenType instanceof SamlToken) {
190 ExtensibilityElement e = (ExtensibilityElement) tokenType;
191 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssSamlV10Token10.class)) return ComboConstants.SAML_V1010;
192 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssSamlV10Token11.class)) return ComboConstants.SAML_V1011;
193 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssSamlV11Token10.class)) return ComboConstants.SAML_V1110;
194 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssSamlV11Token11.class)) return ComboConstants.SAML_V1111;
195 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssSamlV20Token11.class)) return ComboConstants.SAML_V2011;
196 }
197 if (tokenType instanceof X509Token) {
198 ExtensibilityElement e = (ExtensibilityElement) tokenType;
199 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssX509V1Token10.class)) return ComboConstants.X509_V110;
200 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssX509V1Token11.class)) return ComboConstants.X509_V111;
201 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssX509V3Token10.class)) return ComboConstants.X509_V310;
202 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssX509V3Token11.class)) return ComboConstants.X509_V311;
203 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssX509Pkcs7Token10.class)) return ComboConstants.X509_PKCS710;
204 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssX509Pkcs7Token11.class)) return ComboConstants.X509_PKCS711;
205 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssX509PkiPathV1Token10.class)) return ComboConstants.X509_PKIPATHV110;
206 if (SecurityPolicyModelHelper.isAttributeEnabled(e, WssX509PkiPathV1Token11.class)) return ComboConstants.X509_PKIPATHV111;
207 }
208 return ComboConstants.NONE;
209 }
210
211 public static WSDLComponent getTokenElement(WSDLComponent e, Class tokenClass) {
212 if (e == null) return null;
213 List <Policy> policies = e.getExtensibilityElements(Policy.class);
214 if ((policies != null) && (!policies.isEmpty())) {
215 Policy p = policies.get(0);
216 List <WSDLComponent> ptokens = p.getExtensibilityElements(tokenClass);
217 if ((ptokens != null) && (!ptokens.isEmpty())) {
218 return ptokens.get(0);
219 }
220 }
221 return null;
222 }
223
224 public static WSDLComponent setTokenType(WSDLComponent secBinding, String tokenKindStr, String tokenTypeStr) {
225 WSDLModel model = secBinding.getModel();
226 WSDLComponentFactory wcf = model.getFactory();
227 WSDLComponent tokenType = null;
228 WSDLComponent tokenKind = null;
229
230 boolean isTransaction = model.isIntransaction();
231 if (!isTransaction) {
232 model.startTransaction();
233 }
234
235 try {
236 Policy p = PolicyModelHelper.createElement(secBinding, PolicyQName.POLICY.getQName(), Policy.class, false);
237 List <ExtensibilityElement> tokenKinds = p.getExtensibilityElements();
238 if ((tokenKinds != null) && (!tokenKinds.isEmpty())) {
239 for (ExtensibilityElement tkind : tokenKinds) {
240 if (ComboConstants.PROTECTION.equals(tokenKindStr) ||
241 ComboConstants.TRANSPORT.equals(tokenKindStr)) {
242 if (tkind instanceof SignatureToken ||
243 tkind instanceof TransportToken ||
244 tkind instanceof EncryptionToken ||
245 tkind instanceof InitiatorToken ||
246 tkind instanceof ProtectionToken ||
247 tkind instanceof RecipientToken) {
248 p.removeExtensibilityElement(tkind);
249 }
250 } else if (ComboConstants.ENCRYPTION.equals(tokenKindStr)) {
251 if (!(tkind instanceof SignatureToken)) {
252 p.removeExtensibilityElement(tkind);
253 }
254 } else if (ComboConstants.SIGNATURE.equals(tokenKindStr)) {
255 if (!(tkind instanceof EncryptionToken)) {
256 p.removeExtensibilityElement(tkind);
257 }
258 } else if (ComboConstants.INITIATOR.equals(tokenKindStr)) {
259 if (!(tkind instanceof RecipientToken)) {
260 p.removeExtensibilityElement(tkind);
261 }
262 } else if (ComboConstants.RECIPIENT.equals(tokenKindStr)) {
263 if (!(tkind instanceof InitiatorToken)) {
264 p.removeExtensibilityElement(tkind);
265 }
266 }
267 }
268 }
269
270 if (ComboConstants.PROTECTION.equals(tokenKindStr)) {
271 tokenKind = wcf.create(p, TokensQName.PROTECTIONTOKEN.getQName());
272 }
273 if (ComboConstants.SIGNATURE.equals(tokenKindStr)) {
274 tokenKind = wcf.create(p, TokensQName.SIGNATURETOKEN.getQName());
275 }
276 if (ComboConstants.ENCRYPTION.equals(tokenKindStr)) {
277 tokenKind = wcf.create(p, TokensQName.ENCRYPTIONTOKEN.getQName());
278 }
279 if (ComboConstants.INITIATOR.equals(tokenKindStr)) {
280 tokenKind = wcf.create(p, TokensQName.INITIATORTOKEN.getQName());
281 }
282 if (ComboConstants.RECIPIENT.equals(tokenKindStr)) {
283 tokenKind = wcf.create(p, TokensQName.RECIPIENTTOKEN.getQName());
284 }
285 if (ComboConstants.TRANSPORT.equals(tokenKindStr)) {
286 tokenKind = wcf.create(p, TokensQName.TRANSPORTTOKEN.getQName());
287 }
288
289 p.addExtensibilityElement((ExtensibilityElement) tokenKind);
290
291 Policy pinner = (Policy) wcf.create(tokenKind, PolicyQName.POLICY.getQName());
292 tokenKind.addExtensibilityElement(pinner);
293
294 if (ComboConstants.HTTPS.equals(tokenTypeStr)) {
295 tokenType = wcf.create(pinner, TokensQName.HTTPSTOKEN.getQName());
296 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
297 ((HttpsToken)tokenType).setRequireClientCertificate(false);
298 }
299 if (ComboConstants.X509.equals(tokenTypeStr)) {
300 tokenType = wcf.create(pinner, TokensQName.X509TOKEN.getQName());
301 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
302 setTokenProfileVersion(tokenType, ComboConstants.X509_V310);
303 }
304 if (ComboConstants.SAML.equals(tokenTypeStr)) {
305 tokenType = wcf.create(pinner, TokensQName.SAMLTOKEN.getQName());
306 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
307 setTokenProfileVersion(tokenType, ComboConstants.SAML_V1110);
308 }
309 if (ComboConstants.KERBEROS.equals(tokenTypeStr)) {
310 tokenType = wcf.create(pinner, TokensQName.KERBEROSTOKEN.getQName());
311 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
312 setTokenProfileVersion(tokenType, ComboConstants.KERBEROS_KERBEROSGSS);
313 }
314 if (ComboConstants.ISSUED.equals(tokenTypeStr)) {
315 tokenType = wcf.create(pinner, TokensQName.ISSUEDTOKEN.getQName());
316 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
317 RequestSecurityTokenTemplate template =
318 (RequestSecurityTokenTemplate) wcf.create(tokenType, SecurityPolicyQName.REQUESTSECURITYTOKENTEMPLATE.getQName());
319 tokenType.addExtensibilityElement(template);
320
321 TokenType trustTokenType = (TokenType) wcf.create(template, TrustQName.TOKENTYPE.getQName());
322 template.addExtensibilityElement(trustTokenType);
323 trustTokenType.setContent(ComboConstants.ISSUED_TOKENTYPE_SAML11_POLICYSTR);
324
325 KeyType trustKeyType = (KeyType) wcf.create(template, TrustQName.KEYTYPE.getQName());
326 template.addExtensibilityElement(trustKeyType);
327 trustKeyType.setContent(ComboConstants.ISSUED_KEYTYPE_SYMMETRIC_POLICYSTR);
328
329 KeySize trustKeySize = (KeySize) wcf.create(template, TrustQName.KEYSIZE.getQName());
330 template.addExtensibilityElement(trustKeySize);
331 trustKeySize.setContent(ComboConstants.ISSUED_KEYSIZE_256);
332
333 SecurityPolicyModelHelper.enableRequireInternalReference(tokenType, true);
334 }
335
336 if (ComboConstants.USERNAME.equals(tokenTypeStr)) {
337 tokenType = wcf.create(pinner, TokensQName.USERNAMETOKEN.getQName());
338 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
339 setTokenProfileVersion(tokenType, ComboConstants.WSS10);
340 }
341 if (ComboConstants.REL.equals(tokenTypeStr)) {
342 tokenType = wcf.create(pinner, TokensQName.RELTOKEN.getQName());
343 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
344 SecurityPolicyModelHelper.enableRequireDerivedKeys(tokenType, true);
345 }
346 if (ComboConstants.SECURECONVERSATION.equals(tokenTypeStr)) {
347 tokenType = wcf.create(pinner, TokensQName.SECURECONVERSATIONTOKEN.getQName());
348 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
349 SecurityPolicyModelHelper.enableRequireDerivedKeys(tokenType, true);
350 }
356 if (ComboConstants.SECURITYCONTEXT.equals(tokenTypeStr)) {
357 tokenType = wcf.create(pinner, TokensQName.SECURITYCONTEXTTOKEN.getQName());
358 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
359 SecurityPolicyModelHelper.enableRequireDerivedKeys(tokenType, true);
360 }
361 if (ComboConstants.SPNEGOCONTEXT.equals(tokenTypeStr)) {
362 tokenType = wcf.create(pinner, TokensQName.SPNEGOCONTEXTTOKEN.getQName());
363 pinner.addExtensibilityElement((ExtensibilityElement) tokenType);
364 SecurityPolicyModelHelper.enableRequireDerivedKeys(tokenType, true);
365 }
366
367
369 } finally {
370 if (!isTransaction) {
371 model.endTransaction();
372 }
373 }
374 return tokenType;
375 }
376
377 public static void setTokenInclusionLevel(WSDLComponent tokenType, String incLevel) {
378 WSDLModel model = tokenType.getModel();
379 WSDLComponentFactory wcf = model.getFactory();
380
381 boolean isTransaction = model.isIntransaction();
382 if (!isTransaction) {
383 model.startTransaction();
384 }
385
386 try {
387 String levelStr = null;
388 if (ComboConstants.NEVER.equals(incLevel)) {
389 levelStr = ComboConstants.NEVER_POLICYSTR;
390 } else if (ComboConstants.ALWAYS.equals(incLevel)) {
391 levelStr = ComboConstants.ALWAYS_POLICYSTR;
392 } else if (ComboConstants.ALWAYSRECIPIENT.equals(incLevel)) {
393 levelStr = ComboConstants.ALWAYSRECIPIENT_POLICYSTR;
394 } else if (ComboConstants.ONCE.equals(incLevel)) {
395 levelStr = ComboConstants.ONCE_POLICYSTR;
396 }
397 ((ExtensibilityElement)tokenType).setAnyAttribute(TokensQName.INCLUDETOKENATTRIBUTE.getQName(), levelStr);
398 } finally {
399 if (!isTransaction) {
400 model.endTransaction();
401 }
402 }
403 }
404
405 public static void setTokenProfileVersion(WSDLComponent tokenType, String profileVersion) {
406 WSDLModel model = tokenType.getModel();
407 WSDLComponentFactory wcf = model.getFactory();
408 boolean isTransaction = model.isIntransaction();
409 if (!isTransaction) {
410 model.startTransaction();
411 }
412 try {
413 Policy p = PolicyModelHelper.createElement(tokenType, PolicyQName.POLICY.getQName(), Policy.class, false);
414 WSDLComponent profileVersionAssertion = null;
415 List <ExtensibilityElement> tokenAssertions = p.getExtensibilityElements();
416
417 if (tokenType instanceof UsernameToken) {
418 if ((tokenAssertions != null) && (!tokenAssertions.isEmpty())) {
419 for (ExtensibilityElement e : tokenAssertions) {
420 if ((e instanceof WssUsernameToken10) ||
421 (e instanceof WssUsernameToken11)) {
422 p.removeExtensibilityElement(e);
423 }
424 }
425 }
426 if (ComboConstants.WSS10.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSUSERNAMETOKEN10.getQName());
427 if (ComboConstants.WSS11.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSUSERNAMETOKEN11.getQName());
428 }
429 if (tokenType instanceof SamlToken) {
430 if ((tokenAssertions != null) && (!tokenAssertions.isEmpty())) {
431 for (ExtensibilityElement e : tokenAssertions) {
432 if ((e instanceof WssSamlV10Token11) ||
433 (e instanceof WssSamlV10Token10) ||
434 (e instanceof WssSamlV11Token10) ||
435 (e instanceof WssSamlV11Token11) ||
436 (e instanceof WssSamlV20Token11)) {
437 p.removeExtensibilityElement(e);
438 }
439 }
440 }
441 if (ComboConstants.SAML_V1010.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSSAMLV10TOKEN10.getQName());
442 if (ComboConstants.SAML_V1011.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSSAMLV10TOKEN11.getQName());
443 if (ComboConstants.SAML_V1110.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSSAMLV11TOKEN10.getQName());
444 if (ComboConstants.SAML_V1111.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSSAMLV11TOKEN11.getQName());
445 if (ComboConstants.SAML_V2011.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSSAMLV20TOKEN11.getQName());
446 }
447
448 if (tokenType instanceof X509Token) {
449 if ((tokenAssertions != null) && (!tokenAssertions.isEmpty())) {
450 for (ExtensibilityElement e : tokenAssertions) {
451 if ((e instanceof WssX509V1Token10) ||
452 (e instanceof WssX509V3Token10) ||
453 (e instanceof WssX509V1Token11) ||
454 (e instanceof WssX509V3Token11) ||
455 (e instanceof WssX509Pkcs7Token10) ||
456 (e instanceof WssX509Pkcs7Token11) ||
457 (e instanceof WssX509PkiPathV1Token10) ||
458 (e instanceof WssX509PkiPathV1Token11)) {
459 p.removeExtensibilityElement(e);
460 }
461 }
462 }
463
464 if (ComboConstants.X509_V110.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSX509V1TOKEN10.getQName());
465 if (ComboConstants.X509_V310.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSX509V3TOKEN10.getQName());
466 if (ComboConstants.X509_V111.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSX509V1TOKEN11.getQName());
467 if (ComboConstants.X509_V311.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSX509V3TOKEN11.getQName());
468 if (ComboConstants.X509_PKCS710.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSX509PKCS7TOKEN10.getQName());
469 if (ComboConstants.X509_PKCS711.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSX509PKCS7TOKEN11.getQName());
470 if (ComboConstants.X509_PKIPATHV110.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSX509PKIPATHV1TOKEN10.getQName());
471 if (ComboConstants.X509_PKIPATHV111.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSX509PKIPATHV1TOKEN11.getQName());
472 }
473
474 if (tokenType instanceof KerberosToken) {
475 if ((tokenAssertions != null) && (!tokenAssertions.isEmpty())) {
476 for (ExtensibilityElement e : tokenAssertions) {
477 if ((e instanceof WssGssKerberosV5ApReqToken11) ||
478 (e instanceof WssKerberosV5ApReqToken11)) {
479 p.removeExtensibilityElement(e);
480 }
481 }
482 }
483 if (ComboConstants.KERBEROS_KERBEROS.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSKERBEROSV5APREQTOKEN11.getQName());
484 if (ComboConstants.KERBEROS_KERBEROSGSS.equals(profileVersion)) profileVersionAssertion = wcf.create(p, TokensQName.WSSGSSKERBEROSV5APREQTOKEN11.getQName());
485 }
486
487 if (profileVersionAssertion != null) p.addExtensibilityElement((ExtensibilityElement) profileVersionAssertion);
488 } finally {
489 if (!isTransaction) {
490 model.endTransaction();
491 }
492 }
493 }
494
495 public static WSDLComponent getSupportingToken(WSDLComponent c, int supportingType) {
496 if (c == null) return null;
497 WSDLComponent p = c;
498 if ((c instanceof Binding) || (c instanceof BindingOperation) ||
499 (c instanceof BindingInput) || (c instanceof BindingOutput) || (c instanceof BindingFault)) {
500 p = PolicyModelHelper.getPolicyForElement(c);
501 }
502 if (p == null) return null;
503 if (SUPPORTING == supportingType) {
504 return PolicyModelHelper.getTopLevelElement(p, SupportingTokens.class);
505 }
506 if (SIGNED_SUPPORTING == supportingType) {
507 return PolicyModelHelper.getTopLevelElement(p, SignedSupportingTokens.class);
508 }
509 if (ENDORSING == supportingType) {
510 return PolicyModelHelper.getTopLevelElement(p, EndorsingSupportingTokens.class);
511 }
512 if (SIGNED_ENDORSING == supportingType) {
513 return PolicyModelHelper.getTopLevelElement(p, SignedEndorsingSupportingTokens.class);
514 }
515 return null;
516 }
517
518 public static void removeSupportingTokens(WSDLComponent c) {
519 if (c == null) return;
520 WSDLComponent p = c;
521 if ((c instanceof Binding) || (c instanceof BindingOperation) ||
522 (c instanceof BindingInput) || (c instanceof BindingOutput) || (c instanceof BindingFault)) {
523 p = PolicyModelHelper.getPolicyForElement(c);
524 }
525
526 if (p == null) return;
527
528 ExtensibilityElement rem = null;
529
530 rem = PolicyModelHelper.getTopLevelElement(p, SupportingTokens.class);
531 if (rem != null) {
532 rem.getParent().removeExtensibilityElement(rem);
533 }
534
535 rem = PolicyModelHelper.getTopLevelElement(p, SignedSupportingTokens.class);
536 if (rem != null) {
537 rem.getParent().removeExtensibilityElement(rem);
538 }
539
540 rem = PolicyModelHelper.getTopLevelElement(p, EndorsingSupportingTokens.class);
541 if (rem != null) {
542 rem.getParent().removeExtensibilityElement(rem);
543 }
544
545 rem = PolicyModelHelper.getTopLevelElement(p, SignedEndorsingSupportingTokens.class);
546 if (rem != null) {
547 rem.getParent().removeExtensibilityElement(rem);
548 }
549 }
550
551 public static WSDLComponent setSupportingTokens(WSDLComponent c, String authToken, int supportingType) {
552 if (c == null) return null;
553
554 WSDLModel model = c.getModel();
555 WSDLComponentFactory wcf = model.getFactory();
556 WSDLComponent tokenType = null;
557 WSDLComponent tokenKind = null;
558
559 boolean isTransaction = model.isIntransaction();
560 if (!isTransaction) {
561 model.startTransaction();
562 }
563 try {
564 for (int i=0; i < 4; i++) {
565 tokenKind = getSupportingToken(c, i);
566 if (tokenKind != null) {
567 if (ComboConstants.NONE.equals(authToken) || (authToken == null)) {
568 if ((i == supportingType) || (supportingType == NONE)) {
569 tokenKind.getParent().removeExtensibilityElement((ExtensibilityElement) tokenKind);
570 }
571 if (supportingType != NONE) return null;
572 } else {
573 if (i == supportingType) {
574 tokenKind.getParent().removeExtensibilityElement((ExtensibilityElement) tokenKind);
575 }
576 }
577 }
578 }
579
580 if (supportingType == NONE) return null;
581
582 WSDLComponent topLevel = null;
583 if (c instanceof Policy) {
584 topLevel = c;
585 } else {
586 topLevel = PolicyModelHelper.createPolicy(c);
587 }
588
589 if (SUPPORTING == supportingType) {
590 tokenKind = wcf.create(topLevel, TokensQName.SUPPORTINGTOKENS.getQName());
591 }
592 if (SIGNED_SUPPORTING == supportingType) {
593 tokenKind = wcf.create(topLevel, TokensQName.SIGNEDSUPPORTINGTOKENS.getQName());
594 }
595 if (ENDORSING == supportingType) {
596 tokenKind = wcf.create(topLevel, TokensQName.ENDORSINGSUPPORTINGTOKENS.getQName());
597 }
598 if (SIGNED_ENDORSING == supportingType) {
599 tokenKind = wcf.create(topLevel, TokensQName.SIGNEDENDORSINGSUPPORTINGTOKENS.getQName());
600 }
601 topLevel.addExtensibilityElement((ExtensibilityElement) tokenKind);
602
603 if (ComboConstants.USERNAME.equals(authToken)) {
604 tokenType = PolicyModelHelper.createElement(tokenKind, TokensQName.USERNAMETOKEN.getQName(), UsernameToken.class, true);
605 setTokenProfileVersion(tokenType, ComboConstants.WSS10);
606 setTokenInclusionLevel(tokenType, ComboConstants.ALWAYSRECIPIENT);
607 }
608 if (ComboConstants.X509.equals(authToken)) {
609 tokenType = PolicyModelHelper.createElement(tokenKind, TokensQName.X509TOKEN.getQName(), X509Token.class, true);
610 setTokenProfileVersion(tokenType, ComboConstants.X509_V310);
611 setTokenInclusionLevel(tokenType, ComboConstants.ALWAYSRECIPIENT);
613 }
614 if (ComboConstants.SAML.equals(authToken)) {
615 tokenType = PolicyModelHelper.createElement(tokenKind, TokensQName.SAMLTOKEN.getQName(), SamlToken.class, true);
616 setTokenProfileVersion(tokenType, ComboConstants.SAML_V1110);
617 setTokenInclusionLevel(tokenType, ComboConstants.ALWAYSRECIPIENT);
618 }
619 if (ComboConstants.ISSUED.equals(authToken)) {
620 tokenType = PolicyModelHelper.createElement(tokenKind, TokensQName.ISSUEDTOKEN.getQName(), IssuedToken.class, true);
621 setTokenInclusionLevel(tokenType, ComboConstants.ALWAYSRECIPIENT);
622
623 RequestSecurityTokenTemplate template =
624 (RequestSecurityTokenTemplate) wcf.create(tokenType, SecurityPolicyQName.REQUESTSECURITYTOKENTEMPLATE.getQName());
625 tokenType.addExtensibilityElement(template);
626
627 TokenType trustTokenType = PolicyModelHelper.createElement(template, TrustQName.TOKENTYPE.getQName(), TokenType.class, false);
628 trustTokenType.setContent(ComboConstants.ISSUED_TOKENTYPE_SAML11_POLICYSTR);
629
630 KeyType trustKeyType = PolicyModelHelper.createElement(template, TrustQName.KEYTYPE.getQName(), KeyType.class, false);
631 trustKeyType.setContent(ComboConstants.ISSUED_KEYTYPE_SYMMETRIC_POLICYSTR);
632
633 KeySize trustKeySize = PolicyModelHelper.createElement(template, TrustQName.KEYSIZE.getQName(), KeySize.class, false);
634 trustKeySize.setContent(ComboConstants.ISSUED_KEYSIZE_256);
635
636 SecurityPolicyModelHelper.enableRequireInternalReference(tokenType, true);
637 }
638 } finally {
639 if (!isTransaction) {
640 model.endTransaction();
641 }
642 }
643 return tokenType;
644 }
645
646 public static String getIssuedIssuerAddress(WSDLComponent tokenType) {
647 if (tokenType != null) {
648 List <Issuer> issuerList = tokenType.getExtensibilityElements(Issuer.class);
649 if ((issuerList != null) && (!issuerList.isEmpty())) {
650 Issuer issuer = issuerList.get(0);
651 List <Address> addrs = issuer.getExtensibilityElements(Address.class);
652 if ((addrs != null) && (!addrs.isEmpty())) {
653 Address a = addrs.get(0);
654 if (a != null) {
655 return a.getAddress();
656 }
657 }
658 }
659 }
660 return null;
661 }
662
663 public static String getIssuedTokenType(WSDLComponent tokenType) {
664 if (tokenType != null) {
665 List <RequestSecurityTokenTemplate> rstList = tokenType.getExtensibilityElements(RequestSecurityTokenTemplate.class);
666 if ((rstList != null) && (!rstList.isEmpty())) {
667 RequestSecurityTokenTemplate rst = rstList.get(0);
668 TokenType tType = rst.getTokenType();
669 if (tType != null) {
670 String type = tType.getContent();
671 if (ComboConstants.ISSUED_TOKENTYPE_SAML10_POLICYSTR.equals(type)) {
672 return ComboConstants.ISSUED_TOKENTYPE_SAML10;
673 }
674 if (ComboConstants.ISSUED_TOKENTYPE_SAML11_POLICYSTR.equals(type)) {
675 return ComboConstants.ISSUED_TOKENTYPE_SAML11;
676 }
677 if (ComboConstants.ISSUED_TOKENTYPE_SAML20_POLICYSTR.equals(type)) {
678 return ComboConstants.ISSUED_TOKENTYPE_SAML20;
679 }
680 }
681 }
682 }
683 return null;
684 }
685
686 public static String getIssuedKeyType(WSDLComponent tokenType) {
687 if (tokenType != null) {
688 List <RequestSecurityTokenTemplate> rstList = tokenType.getExtensibilityElements(RequestSecurityTokenTemplate.class);
689 if ((rstList != null) && (!rstList.isEmpty())) {
690 RequestSecurityTokenTemplate rst = rstList.get(0);
691 KeyType kType = rst.getKeyType();
692 if (kType != null) {
693 String type = kType.getContent();
694 if (ComboConstants.ISSUED_KEYTYPE_PUBLIC_POLICYSTR.equals(type)) {
695 return ComboConstants.ISSUED_KEYTYPE_PUBLIC;
696 }
697 if (ComboConstants.ISSUED_KEYTYPE_SYMMETRIC_POLICYSTR.equals(type)) {
698 return ComboConstants.ISSUED_KEYTYPE_SYMMETRIC;
699 }
700 }
701 }
702 }
703 return null;
704 }
705
706 public static String getIssuedKeySize(WSDLComponent tokenType) {
707 if (tokenType != null) {
708 List <RequestSecurityTokenTemplate> rstList = tokenType.getExtensibilityElements(RequestSecurityTokenTemplate.class);
709 if ((rstList != null) && (!rstList.isEmpty())) {
710 RequestSecurityTokenTemplate rst = rstList.get(0);
711 KeySize kSize = rst.getKeySize();
712 if (kSize != null) {
713 return kSize.getContent();
714 }
715 }
716 }
717 return null;
718 }
719
720 public static String getIssuedIssuerMetadataAddress(WSDLComponent tokenType) {
721 if (tokenType != null) {
722 List <Issuer> issuerList = tokenType.getExtensibilityElements(Issuer.class);
723 if ((issuerList != null) && (!issuerList.isEmpty())) {
724 Issuer issuer = issuerList.get(0);
725 List <Metadata> mdata = issuer.getExtensibilityElements(Metadata.class);
726 if ((mdata != null) && (!mdata.isEmpty())) {
727 Metadata m = mdata.get(0);
728 if (m != null) {
729 MetadataSection ms = m.getMetadataSection();
730 if (ms != null) {
731 MetadataReference mr = ms.getMetadataReference();
732 if (mr != null) {
733 Address a = mr.getAddress();
734 if (a != null) {
735 return a.getAddress();
736 }
737 }
738 }
739 }
740 }
741 }
742 }
743 return null;
744 }
745
746 public static void setIssuedTokenAddressAttributes(WSDLComponent token, String address, String metaAddress) {
747 WSDLModel model = token.getModel();
748 WSDLComponentFactory wcf = model.getFactory();
749
750 boolean isTransaction = model.isIntransaction();
751 if (!isTransaction) {
752 model.startTransaction();
753 }
754
755 try {
756 Issuer i = PolicyModelHelper.createElement(token, TokensQName.ISSUER.getQName(), Issuer.class, false);
757 Address a = PolicyModelHelper.createElement(i, AddressingQName.ADDRESS.getQName(), Address.class, false);
758 a.setAddress(address);
759
760 Metadata m = PolicyModelHelper.createElement(i, MexQName.METADATA.getQName(), Metadata.class, false);
761 MetadataSection ms = PolicyModelHelper.createElement(m, MexQName.METADATASECTION.getQName(), MetadataSection.class, false);
762 MetadataReference mr = PolicyModelHelper.createElement(ms, MexQName.METADATAREFERENCE.getQName(), MetadataReference.class, false);
763 Address ma = PolicyModelHelper.createElement(mr, AddressingQName.ADDRESS.getQName(), Address.class, false);
764 ma.setAddress(metaAddress);
765 } finally {
766 if (!isTransaction) {
767 model.endTransaction();
768 }
769 }
770 }
771
772 public static void setIssuedTokenRSTAttributes(WSDLComponent token, String tokenType, String keyType, String keySize) {
773 WSDLModel model = token.getModel();
774 WSDLComponentFactory wcf = model.getFactory();
775
776 boolean isTransaction = model.isIntransaction();
777 if (!isTransaction) {
778 model.startTransaction();
779 }
780
781 try {
782 RequestSecurityTokenTemplate rst = PolicyModelHelper.createElement(token,
783 SecurityPolicyQName.REQUESTSECURITYTOKENTEMPLATE.getQName(),
784 RequestSecurityTokenTemplate.class, false);
785
786 TokenType t = PolicyModelHelper.createElement(rst, TrustQName.TOKENTYPE.getQName(), TokenType.class, false);
787 if (tokenType.equals(ComboConstants.ISSUED_TOKENTYPE_SAML20)) {
788 t.setContent(ComboConstants.ISSUED_TOKENTYPE_SAML20_POLICYSTR);
789 }
790 if (tokenType.equals(ComboConstants.ISSUED_TOKENTYPE_SAML11)) {
791 t.setContent(ComboConstants.ISSUED_TOKENTYPE_SAML11_POLICYSTR);
792 }
793 if (tokenType.equals(ComboConstants.ISSUED_TOKENTYPE_SAML10)) {
794 t.setContent(ComboConstants.ISSUED_TOKENTYPE_SAML10_POLICYSTR);
795 }
796
797 KeyType k = PolicyModelHelper.createElement(rst, TrustQName.KEYTYPE.getQName(), KeyType.class, false);
798 if (keyType.equals(ComboConstants.ISSUED_KEYTYPE_PUBLIC)) {
799 k.setContent(ComboConstants.ISSUED_KEYTYPE_PUBLIC_POLICYSTR);
800 }
801 if (keyType.equals(ComboConstants.ISSUED_KEYTYPE_SYMMETRIC)) {
802 k.setContent(ComboConstants.ISSUED_KEYTYPE_SYMMETRIC_POLICYSTR);
803 }
804
805 KeySize s = PolicyModelHelper.createElement(rst, TrustQName.KEYSIZE.getQName(), KeySize.class, false);
806 s.setContent(keySize);
807
808 } finally {
809 if (!isTransaction) {
810 model.endTransaction();
811 }
812 }
813 }
814 }
815 |
Popular Tags |
Java API By Example, From Geeks To Geeks.