[jboss-svn-commits] JBL Code SVN: r38019 - in labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta: tests/src/org/jboss/soa/esb/services/security/auth/ws and 1 other directory.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Apr 13 21:50:17 EDT 2012
Author: tcunning
Date: 2012-04-13 21:50:16 -0400 (Fri, 13 Apr 2012)
New Revision: 38019
Added:
labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenImpl.java
Modified:
labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityToken.java
labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java
labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractor.java
labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java
Log:
JBESB-3780
Make BinarySecurityToken pluggable.
Modified: labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityToken.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityToken.java 2012-04-14 01:44:19 UTC (rev 38018)
+++ labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityToken.java 2012-04-14 01:50:16 UTC (rev 38019)
@@ -1,121 +1,29 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
package org.jboss.soa.esb.services.security.auth.ws;
import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
+import java.util.ArrayList;
+import java.util.List;
-import org.apache.commons.codec.binary.Base64;
+public interface BinarySecurityToken {
+ public String getEncodingType();
-/**
- * Represents a WS-Security BinarySecurityToken.
- * <p/>
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class BinarySecurityToken
-{
- private String encodingType;
- private String valueType;
- private Certificate cert;
- private enum EncodingType { Base64Binary, HexBinary }
+ public void setEncodingType(String encodingType);
- public String getEncodingType()
- {
- return encodingType;
- }
+ public String getValueType();
- public void setEncodingType(String encodingType)
- {
- this.encodingType = stripNS(encodingType);
- }
+ public void setValueType(String valueType);
- public String getValueType()
- {
- return valueType;
- }
+ public List<Certificate> getKeys();
- public void setValueType(String valueType)
- {
- this.valueType = stripNS(valueType);
- }
+ public void setKey(final String key);
- public Certificate getKey()
- {
- return cert;
- }
+ public String certificateMatch(final String valueType);
- public void setKey(final String key)
- {
- try
- {
- byte[] keyBytes = null;
- if ( encodingType.equalsIgnoreCase( EncodingType.Base64Binary.toString() ) )
- {
- Base64 decoder = new Base64();
- keyBytes = decoder.decode(key.getBytes());
- }
- else
- {
- keyBytes = key.getBytes();
- }
-
- CertificateFactory factory = CertificateFactory.getInstance( certificateMatch( valueType ) );
- cert = factory.generateCertificate( new ByteArrayInputStream( keyBytes ));
- }
- catch (CertificateException e)
- {
- throw new IllegalStateException("Could not create certificate: ", e);
- }
- }
-
- private String certificateMatch(final String valueType)
- {
- if ( valueType.startsWith("X509") )
- return "X.509";
-
- return valueType;
- }
-
- private String stripNS(String value)
- {
- if ( value != null )
- {
- if ( value.startsWith("http"))
- {
- final int idx = value.indexOf('#');
- if ( idx > 0 )
- value = value.substring( idx + 1 );
- }
- else
- {
- final int idx = value.indexOf(':');
- if ( idx > 0 )
- value = value.substring( idx + 1 );
- }
- }
- return value;
- }
-
+ public String pathMatch(final String valueType);
+
}
Modified: labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java 2012-04-14 01:44:19 UTC (rev 38018)
+++ labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java 2012-04-14 01:50:16 UTC (rev 38019)
@@ -25,7 +25,10 @@
import static org.jboss.soa.esb.services.security.auth.ws.SoapExtractionUtil.isStartOfHeader;
import java.io.StringReader;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import javax.xml.namespace.QName;
@@ -39,10 +42,13 @@
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
+import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.services.security.auth.ExtractionException;
import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
+import org.jboss.soa.esb.util.ClassUtil;
/**
* This SecurityInfoExtractor implementation will extract data from a
@@ -107,7 +113,11 @@
return null;
final Set<Object> credentials = new HashSet<Object>();
- credentials.add(binarySecurityToken.getKey());
+ List<Certificate> list = binarySecurityToken.getKeys();
+ for (Certificate c : list) {
+ credentials.add(c);
+ }
+
return new AuthenticationRequestImpl.Builder(null, credentials).build();
}
@@ -129,7 +139,23 @@
if (isStartOfBinarySecurityToken(xmlEvent))
{
final StartElement bstElement = (StartElement) xmlEvent;
- BinarySecurityToken bst = new BinarySecurityToken();
+
+ BinarySecurityToken bst = null;
+ String className = Configuration.getBinarySecurityTokenImplClass();
+ if (className == null) {
+ throw new ExtractionException("No BinarySecurityToken Implementation "
+ + "has been set");
+ }
+ try {
+ Class<?> tokenClass = ClassUtil.forName(className, BinarySecurityToken.class);
+ bst = (BinarySecurityToken) tokenClass.newInstance();
+ } catch (ClassNotFoundException cnfe) {
+ throw new ExtractionException("BinarySecurityToken Implementation = "
+ + className + " not found ", cnfe);
+ } catch (Exception e) {
+ throw new ExtractionException("Invocation exception. " + e.getLocalizedMessage(), e);
+ }
+
bst.setEncodingType(bstElement.getAttributeByName(encodingTypeQName).getValue());
bst.setValueType(bstElement.getAttributeByName(valueTypeQName).getValue());
Added: labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenImpl.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenImpl.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenImpl.java 2012-04-14 01:50:16 UTC (rev 38019)
@@ -0,0 +1,155 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.cert.CertPath;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.codec.binary.Base64;
+
+/**
+ * Represents a WS-Security BinarySecurityToken.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ * @author <a href="mailto:tcunning at redhat.com">Tom Cunningham</a>
+ */
+public class BinarySecurityTokenImpl implements BinarySecurityToken
+{
+ public static final String X509V3 = "X509v3";
+ public static final String X509PKIPATHV1 = "X509PKIPathv1";
+ public static final String PKCS7 = "PKCS7";
+
+ private String encodingType;
+ private String valueType;
+ private List<Certificate> cert;
+ private enum EncodingType { Base64Binary, HexBinary }
+
+ public String getEncodingType()
+ {
+ return encodingType;
+ }
+
+ public void setEncodingType(String encodingType)
+ {
+ this.encodingType = stripNS(encodingType);
+ }
+
+ public String getValueType()
+ {
+ return valueType;
+ }
+
+ public void setValueType(String valueType)
+ {
+ this.valueType = stripNS(valueType);
+ }
+
+ public List<Certificate> getKeys()
+ {
+ return cert;
+ }
+
+ public void setKey(final String key)
+ {
+ cert = new ArrayList<Certificate>();
+ try
+ {
+ byte[] keyBytes = null;
+ if ( encodingType.equalsIgnoreCase( EncodingType.Base64Binary.toString() ) )
+ {
+ Base64 decoder = new Base64();
+ keyBytes = decoder.decode(key.getBytes());
+ }
+ else
+ {
+ keyBytes = key.getBytes();
+ }
+
+ CertificateFactory factory = CertificateFactory.getInstance( certificateMatch( valueType ) );
+ InputStream in = new ByteArrayInputStream(keyBytes);
+
+ if (X509PKIPATHV1.equals(getValueType())) {
+ CertPath path = null;
+ try {
+ path = factory.generateCertPath(in);
+ } catch (CertificateException ce) {
+ throw new IllegalStateException("Could not create certificate: ", ce);
+ }
+
+ List certs = path.getCertificates();
+ cert = certs;
+ } else if (X509V3.equals(getValueType())) {
+ Certificate certificate = factory.generateCertificate(in);
+ cert.add(certificate);
+ } else if (PKCS7.equals(getValueType())) {
+ throw new IllegalStateException(getValueType() + " not implemented.");
+ } else {
+ throw new IllegalStateException(getValueType() + " not implemented.");
+ }
+ }
+ catch (CertificateException e)
+ {
+ throw new IllegalStateException("Could not create certificate: ", e);
+ }
+ }
+
+ public String certificateMatch(final String valueType)
+ {
+ if ( valueType.startsWith("X509") )
+ return "X.509";
+ return valueType;
+ }
+
+ public String pathMatch(final String valueType)
+ {
+ if (valueType.startsWith(""))
+ return "PkiPath";
+ return "PKCS7";
+ }
+
+
+ private String stripNS(String value)
+ {
+ if ( value != null )
+ {
+ if ( value.startsWith("http"))
+ {
+ final int idx = value.indexOf('#');
+ if ( idx > 0 )
+ value = value.substring( idx + 1 );
+ }
+ else
+ {
+ final int idx = value.indexOf(':');
+ if ( idx > 0 )
+ value = value.substring( idx + 1 );
+ }
+ }
+ return value;
+ }
+}
Modified: labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractor.java 2012-04-14 01:44:19 UTC (rev 38018)
+++ labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractor.java 2012-04-14 01:50:16 UTC (rev 38019)
@@ -20,8 +20,10 @@
*/
package org.jboss.soa.esb.services.security.auth.ws;
+import java.security.cert.Certificate;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.List;
import java.util.Set;
import javax.xml.soap.SOAPException;
@@ -29,10 +31,13 @@
import javax.xml.soap.SOAPMessage;
import org.apache.log4j.Logger;
+import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
import org.jboss.soa.esb.services.security.principals.User;
+import org.jboss.soa.esb.util.ClassUtil;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -101,9 +106,17 @@
if ( "BinarySecurityToken".equalsIgnoreCase( localName ) )
{
// create a BinarySecurityToken (does some filtering and checking)
- final BinarySecurityToken binaryToken = createBinarySecurityToken(securityNode);
+ BinarySecurityToken binaryToken = null;
+ try {
+ binaryToken = createBinarySecurityToken(securityNode);
+ } catch (ConfigurationException e) {
+ throw new RuntimeException(e);
+ }
// add the key(cert) as a credential
- credentials.add(binaryToken.getKey());
+ List<Certificate> list = binaryToken.getKeys();
+ for (Certificate c : list) {
+ credentials.add(c);
+ }
}
else if ( "UsernameToken".equalsIgnoreCase(localName) )
{
@@ -135,6 +148,7 @@
}
private BinarySecurityToken createBinarySecurityToken( final Node node )
+ throws ConfigurationException
{
final NamedNodeMap attributes = node.getAttributes();;
@@ -150,7 +164,21 @@
final String certString = node.getFirstChild().getNodeValue();
// create a BinarySecurityToken (does some filtering and checking for us
- final BinarySecurityToken binaryToken = new BinarySecurityToken();
+ BinarySecurityToken binaryToken = null;
+ String className = Configuration.getBinarySecurityTokenImplClass();
+ if (className == null) {
+ throw new ConfigurationException("No BinarySecurityToken Implementation "
+ + "has been set");
+ }
+ try {
+ Class<?> tokenClass = ClassUtil.forName(className, BinarySecurityToken.class);
+ binaryToken = (BinarySecurityToken) tokenClass.newInstance();
+ } catch (ClassNotFoundException cnfe) {
+ throw new ConfigurationException("BinarySecurityToken Implementation = "
+ + className + " not found ", cnfe);
+ } catch (Exception e) {
+ throw new ConfigurationException("Invocation exception. " + e.getLocalizedMessage(), e);
+ }
binaryToken.setEncodingType(encodingType);
binaryToken.setValueType(valueType);
binaryToken.setKey(certString);
Modified: labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java 2012-04-14 01:44:19 UTC (rev 38018)
+++ labs/jbossesb/branches/JBESB_4_10_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java 2012-04-14 01:50:16 UTC (rev 38019)
@@ -23,9 +23,11 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import java.io.InputStream;
import java.security.cert.Certificate;
+import java.util.List;
import junit.framework.JUnit4TestAdapter;
@@ -34,7 +36,7 @@
import org.junit.Test;
/**
- * Unittest for {@link BinarySecurityToken}
+ * Unittest for {@link BinarySecurityTokenImpl}
*
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
*
@@ -42,8 +44,7 @@
public class BinarySecurityTokenUnitTest
{
private String expectedEncoding = "Base64Binary";
- private String expectedValueType = "X509v3";
- private BinarySecurityToken token = new BinarySecurityToken();
+ private BinarySecurityTokenImpl token = new BinarySecurityTokenImpl();
@Test
public void setEncodingTypeWithNSPrefix()
@@ -79,7 +80,7 @@
{
String url = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
token.setValueType(url);
- assertEquals( expectedValueType, token.getValueType() );
+ assertEquals( BinarySecurityTokenImpl.X509V3, token.getValueType() );
}
@Test
@@ -100,18 +101,39 @@
public void setKey() throws Exception
{
token.setEncodingType(expectedEncoding);
- token.setValueType(expectedValueType);
+ token.setValueType(BinarySecurityTokenImpl.X509V3);
token.setKey(getExampleCert());
- Certificate key = token.getKey();
- assertNotNull(key);
+ List keys = token.getKeys();
+ assertTrue(keys.size() > 0);
}
private String getExampleCert() throws Exception
{
InputStream inputStream = ClassUtil.getResourceAsStream("cert-example.xml", getClass() );
return new String(StreamUtils.readStream(inputStream));
+
}
-
+
+ /*
+ * Need to generate a test cert for this
+ *
+ @Test
+ public void setPKIPATHV1Key() throws Exception
+ {
+ token.setEncodingType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
+ token.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1");
+ token.setKey(getPKIPATHV1Cert());
+ List keys = token.getKeys();
+ assertTrue(keys.size() > 0);
+ }
+
+ private String getPKIPATHV1Cert() throws Exception
+ {
+ InputStream inputStream = ClassUtil.getResourceAsStream("pkipathv1-cert-example.xml", getClass() );
+ return new String(StreamUtils.readStream(inputStream));
+ }
+ */
+
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter(BinarySecurityTokenUnitTest.class);
More information about the jboss-svn-commits
mailing list