Author: darran.lofthouse(a)jboss.com
Date: 2010-06-16 10:39:27 -0400 (Wed, 16 Jun 2010)
New Revision: 12486
Added:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java
Removed:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/core/utils/ThreadLocalAssociation.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/Constants.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/Util.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/element/UsernameToken.java
Log:
Changes from -r 5925
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/core/utils/ThreadLocalAssociation.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/core/utils/ThreadLocalAssociation.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/core/utils/ThreadLocalAssociation.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -25,6 +25,7 @@
import java.util.Stack;
+import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.ws.core.CommonMessageContext;
import org.jboss.ws.extensions.security.SecurityStore;
@@ -47,7 +48,7 @@
* @see org.jboss.ws.extensions.security.STRTransform
*/
private static ThreadLocal<SecurityStore> strTransformAssoc = new
ThreadLocal<SecurityStore>();
-
+
public static ThreadLocal<Stack<CommonMessageContext>>
localMsgContextAssoc()
{
return msgContextAssoc;
@@ -57,10 +58,15 @@
{
return strTransformAssoc;
}
-
+
public static void clear()
{
msgContextAssoc.remove();
strTransformAssoc.remove();
+ //This removes a custom callback security handler that might have
+ //been set if using UsernameTokenProfile with digest; doing this
+ //here won't be required anymore once our custom security manager
+ //will be used in our wsse implementation.
+ CallbackHandlerPolicyContextHandler.setCallbackHandler(null);
}
}
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/Constants.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/Constants.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/Constants.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -57,6 +57,10 @@
public static final String WSU_ID = WSU_PREFIX + ":" + ID;
public static final String BASE64_ENCODING_TYPE = WSS_SOAP_NS +
"#Base64Binary";
+
+ public static final String PASSWORD_TEXT_TYPE = WSSE_NS + "#PasswordText";
+
+ public static final String PASSWORD_DIGEST_TYPE = WSSE_NS +
"#PasswordDigest";
public static final String WSSE_HEADER = WSSE_PREFIX + ":Security";
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -35,5 +35,5 @@
*/
public interface EncodingOperation extends Operation
{
- public void process(Document message, List<Target> targets, String alias, String
credential, String algorithm) throws WSSecurityException;
+ public void process(Document message, List<Target> targets, String alias, String
credential, String algorithm, boolean digest, boolean useNonce, boolean useTimestamp)
throws WSSecurityException;
}
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -39,15 +39,29 @@
private String credential;
private String algorithm;
+
+ private boolean digest;
+
+ private boolean useNonce;
+
+ private boolean useTimestamp;
- public OperationDescription(Class<? extends T> operation, List<Target>
targets, String certicateAlias, String credential, String algorithm)
+ public OperationDescription(Class<? extends T> operation, List<Target>
targets, String certicateAlias, String credential, String algorithm, boolean digest,
boolean useNonce, boolean useTimestamp)
{
this.operation = operation;
this.targets = targets;
this.certificateAlias = certicateAlias;
this.credential = credential;
this.algorithm = algorithm;
+ this.digest = digest;
+ this.useNonce = useNonce;
+ this.useTimestamp = useTimestamp;
}
+
+ public OperationDescription(Class<? extends T> operation, List<Target>
targets, String certicateAlias, String credential, String algorithm)
+ {
+ this(operation, targets, certicateAlias, credential, algorithm, false, false,
false);
+ }
public Class<? extends T> getOperation()
{
@@ -102,4 +116,34 @@
this.algorithm = algorithm;
}
+ public boolean isDigest()
+ {
+ return digest;
+ }
+
+ public void setDigest(boolean digest)
+ {
+ this.digest = digest;
+ }
+
+ public boolean isUseNonce()
+ {
+ return useNonce;
+ }
+
+ public void setUseNonce(boolean useNonce)
+ {
+ this.useNonce = useNonce;
+ }
+
+ public boolean isUseTimestamp()
+ {
+ return useTimestamp;
+ }
+
+ public void setUseTimestamp(boolean useTimestamp)
+ {
+ this.useTimestamp = useTimestamp;
+ }
+
}
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -23,6 +23,10 @@
// $Id$
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
+import org.jboss.ws.extensions.security.auth.callback.UsernameTokenCallbackHandler;
import org.jboss.ws.extensions.security.element.SecurityHeader;
import org.jboss.ws.extensions.security.element.Token;
import org.jboss.ws.extensions.security.element.UsernameToken;
@@ -53,6 +57,11 @@
UsernameToken user = (UsernameToken)token;
SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
+ if (user.isDigest())
+ {
+ CallbackHandler handler = new UsernameTokenCallbackHandler(user.getNonce(),
user.getCreated());
+ CallbackHandlerPolicyContextHandler.setCallbackHandler(handler);
+ }
securityAdaptor.setPrincipal(new SimplePrincipal(user.getUsername()));
securityAdaptor.setCredential(user.getPassword());
}
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -79,7 +79,7 @@
throw new WSSecurityException("Error constructing operation: " +
op.getOperation());
}
- operation.process(message, op.getTargets(), op.getCertificateAlias(),
op.getCredential(), op.getAlgorithm());
+ operation.process(message, op.getTargets(), op.getCertificateAlias(),
op.getCredential(), op.getAlgorithm(), op.isDigest(), op.isUseNonce(),
op.isUseTimestamp());
}
attachHeader(header, message);
}
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -21,14 +21,32 @@
*/
package org.jboss.ws.extensions.security;
+//$Id$
+
+import java.security.MessageDigest;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
+import java.util.TimeZone;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.Base64Encoder;
+import org.jboss.ws.extensions.security.auth.callback.UsernameTokenCallback;
+import org.jboss.ws.extensions.security.auth.callback.UsernameTokenCallbackHandler;
import org.jboss.ws.extensions.security.element.SecurityHeader;
import org.jboss.ws.extensions.security.element.UsernameToken;
+import org.jboss.xb.binding.SimpleTypeBindings;
import org.w3c.dom.Document;
public class SendUsernameOperation implements EncodingOperation
{
+ private static Logger log = Logger.getLogger(SendUsernameOperation.class);
+
private SecurityHeader header;
private SecurityStore store;
@@ -39,8 +57,51 @@
this.store = store;
}
- public void process(Document message, List<Target> targets, String username,
String credential, String algorithm) throws WSSecurityException
+ public void process(Document message, List<Target> targets, String username,
String credential, String algorithm, boolean digest, boolean useNonce, boolean
useTimestamp) throws WSSecurityException
{
- header.addToken(new UsernameToken(username, credential, message));
+ String created = useTimestamp ? getCurrentTimestampAsString() : null;
+ String nonce = useNonce ? Util.generateNonce() : null;
+ String password = digest ? createPasswordDigest(nonce, created, credential) :
credential;
+ header.addToken(new UsernameToken(username, password, message, digest, nonce,
created));
}
+
+
+ private static String getCurrentTimestampAsString()
+ {
+ Calendar timestamp = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
+ return SimpleTypeBindings.marshalDateTime(timestamp);
+ }
+
+ /**
+ * Calculate the password digest using a MessageDigest and the
UsernameTokenCallback/CallbackHandler
+ */
+ @SuppressWarnings("unchecked")
+ public static String createPasswordDigest(String nonce, String created, String
password)
+ {
+ String passwordHash = null;
+ try
+ {
+ // convert password to byte data
+ byte[] passBytes = password.getBytes("UTF-8");
+ // prepare the username token digest callback
+ UsernameTokenCallback callback = new UsernameTokenCallback();
+ Map options = new HashMap();
+ callback.init(options);
+ // add the username token callback handler to provide the parameters
+ CallbackHandler handler = new UsernameTokenCallbackHandler(nonce, created);
+ handler.handle((Callback[])options.get("callbacks"));
+ // calculate the hash and apply the encoding.
+ MessageDigest md = MessageDigest.getInstance("SHA");
+ callback.preDigest(md);
+ md.update(passBytes);
+ callback.postDigest(md);
+ byte[] hash = md.digest();
+ passwordHash = Base64Encoder.encode(hash);
+ }
+ catch(Exception e)
+ {
+ log.error("Password hash calculation failed ", e);
+ }
+ return passwordHash;
+ }
}
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/Util.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/Util.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/Util.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -21,11 +21,16 @@
*/
package org.jboss.ws.extensions.security;
+//$Id$
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
+import org.jboss.util.Base64;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -36,7 +41,20 @@
public class Util
{
public static int count = 0;
-
+ private static SecureRandom pseudoRng;
+
+ static
+ {
+ try
+ {
+ pseudoRng = SecureRandom.getInstance("SHA1PRNG");
+ pseudoRng.setSeed(System.currentTimeMillis());
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ }
+ }
+
public static String assignWsuId(Element element)
{
String id = element.getAttributeNS(Constants.WSU_NS, Constants.ID);
@@ -214,4 +232,11 @@
return id.toString();
}
+
+ public static String generateNonce()
+ {
+ byte[] bytes = new byte[32];
+ pseudoRng.nextBytes(bytes);
+ return Base64.encodeBytes(bytes);
+ }
}
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -55,6 +55,7 @@
import org.jboss.ws.metadata.wsse.Requires;
import org.jboss.ws.metadata.wsse.Sign;
import org.jboss.ws.metadata.wsse.Timestamp;
+import org.jboss.ws.metadata.wsse.Username;
import org.jboss.ws.metadata.wsse.WSSecurityConfiguration;
import org.jboss.wsf.common.DOMWriter;
import org.w3c.dom.Element;
@@ -380,7 +381,8 @@
operations.add(new
OperationDescription<EncodingOperation>(TimestampOperation.class, null, null,
timestamp.getTtl(), null));
}
- if (opConfig.getUsername() != null)
+ Username username = opConfig.getUsername();
+ if (username != null)
{
Object user = ctx.get(Stub.USERNAME_PROPERTY);
Object pass = ctx.get(Stub.PASSWORD_PROPERTY);
@@ -393,7 +395,7 @@
if (user != null && pass != null)
{
- operations.add(new
OperationDescription<EncodingOperation>(SendUsernameOperation.class, null,
user.toString(), pass.toString(), null));
+ operations.add(new
OperationDescription<EncodingOperation>(SendUsernameOperation.class, null,
user.toString(), pass.toString(), null,username.isDigestPassword(), username.isUseNonce(),
username.isUseCreated()));
ctx.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
}
}
Copied:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth
(from rev 5925, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/auth)
Copied:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback
(from rev 5925,
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/auth/callback)
Deleted:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java
===================================================================
---
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java 2008-03-12
00:35:29 UTC (rev 5925)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -1,113 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.ws.extensions.security.auth.callback;
-
-//$Id$
-
-import java.io.UnsupportedEncodingException;
-import java.security.MessageDigest;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-
-import org.jboss.crypto.digest.DigestCallback;
-import org.jboss.security.Base64Encoder;
-import org.jboss.security.auth.callback.MapCallback;
-import org.jboss.ws.WSException;
-
-/**
- * An implementation of DigestCallback that generates password
- * digests according to the UsernameTokenProfile 1.0 specification.
- *
- * @author alessio.soldano(a)jboss.com
- * @since 12-Mar-2008
- *
- */
-public class UsernameTokenCallback implements DigestCallback
-{
- public static final String NONCE = "nonce";
- public static final String CREATED = "created";
-
- private MapCallback info;
-
- @SuppressWarnings("unchecked")
- public void init(Map options)
- {
- //System.out.println("Chiamato init!!!");
- // Ask for MapCallback to obtain the digest parameters
- info = new MapCallback();
- Callback[] callbacks = { info };
- options.put("callbacks", callbacks);
- }
-
- public void preDigest(MessageDigest digest)
- {
- //System.out.println("Chiamato pre!!!");
- try
- {
- String nonce = (String)info.getInfo(NONCE);
- if (nonce != null)
- digest.update(nonce.getBytes("UTF-8"));
- String created = (String)info.getInfo(CREATED);
- if (created != null)
- digest.update(created.getBytes("UTF-8"));
- }
- catch (UnsupportedEncodingException e)
- {
- throw new WSException(e);
- }
- }
-
- public void postDigest(MessageDigest digest)
- {
-// System.out.println("Chiamato post!!!");
- }
-
- @SuppressWarnings("unchecked")
- public static void main(String[] args) throws Exception
- {
- if (args.length != 3)
- {
- System.err.println("Usage: UsernameTokenCallback nonce created
password");
- System.err.println(" - nonce : the nonce");
- System.err.println(" - created : the creation timestamp");
- System.err.println(" - password : the plain text password");
- System.exit(1);
- }
- String nonce = args[0];
- String created = args[1];
- String password = args[2];
-
- MessageDigest digest = MessageDigest.getInstance("SHA");
- UsernameTokenCallback utc = new UsernameTokenCallback();
- Map options = new HashMap();
- utc.init(options);
- CallbackHandler cbh = new UsernameTokenCallbackHandler(nonce, created);
- cbh.handle((Callback[])options.get("callbacks"));
- utc.preDigest(digest);
- byte[] result = digest.digest(password.getBytes("UTF-8"));
- System.out.println("UsernameToken password digest: " +
Base64Encoder.encode(result));
- }
-
-}
Copied:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java
(from rev 5925,
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java)
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java
(rev 0)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallback.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -0,0 +1,113 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.security.auth.callback;
+
+//$Id$
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.crypto.digest.DigestCallback;
+import org.jboss.security.Base64Encoder;
+import org.jboss.security.auth.callback.MapCallback;
+import org.jboss.ws.WSException;
+
+/**
+ * An implementation of DigestCallback that generates password
+ * digests according to the UsernameTokenProfile 1.0 specification.
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 12-Mar-2008
+ *
+ */
+public class UsernameTokenCallback implements DigestCallback
+{
+ public static final String NONCE = "nonce";
+ public static final String CREATED = "created";
+
+ private MapCallback info;
+
+ @SuppressWarnings("unchecked")
+ public void init(Map options)
+ {
+ //System.out.println("Chiamato init!!!");
+ // Ask for MapCallback to obtain the digest parameters
+ info = new MapCallback();
+ Callback[] callbacks = { info };
+ options.put("callbacks", callbacks);
+ }
+
+ public void preDigest(MessageDigest digest)
+ {
+ //System.out.println("Chiamato pre!!!");
+ try
+ {
+ String nonce = (String)info.getInfo(NONCE);
+ if (nonce != null)
+ digest.update(nonce.getBytes("UTF-8"));
+ String created = (String)info.getInfo(CREATED);
+ if (created != null)
+ digest.update(created.getBytes("UTF-8"));
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new WSException(e);
+ }
+ }
+
+ public void postDigest(MessageDigest digest)
+ {
+// System.out.println("Chiamato post!!!");
+ }
+
+ @SuppressWarnings("unchecked")
+ public static void main(String[] args) throws Exception
+ {
+ if (args.length != 3)
+ {
+ System.err.println("Usage: UsernameTokenCallback nonce created
password");
+ System.err.println(" - nonce : the nonce");
+ System.err.println(" - created : the creation timestamp");
+ System.err.println(" - password : the plain text password");
+ System.exit(1);
+ }
+ String nonce = args[0];
+ String created = args[1];
+ String password = args[2];
+
+ MessageDigest digest = MessageDigest.getInstance("SHA");
+ UsernameTokenCallback utc = new UsernameTokenCallback();
+ Map options = new HashMap();
+ utc.init(options);
+ CallbackHandler cbh = new UsernameTokenCallbackHandler(nonce, created);
+ cbh.handle((Callback[])options.get("callbacks"));
+ utc.preDigest(digest);
+ byte[] result = digest.digest(password.getBytes("UTF-8"));
+ System.out.println("UsernameToken password digest: " +
Base64Encoder.encode(result));
+ }
+
+}
Deleted:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java
===================================================================
---
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java 2008-03-12
00:35:29 UTC (rev 5925)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -1,79 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.ws.extensions.security.auth.callback;
-
-//$Id$
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.jboss.security.auth.callback.MapCallback;
-
-/**
- * A callback handler to be used to pass parameters to the
- * UsernameTokenCallback.
- *
- * @author alessio.soldano(a)jboss.com
- * @since 12-Mar-2008
- *
- */
-public class UsernameTokenCallbackHandler implements CallbackHandler
-{
- private String nonce;
- private String created;
-
- public UsernameTokenCallbackHandler(String nonce, String created)
- {
- this.created = created;
- this.nonce = nonce;
- }
-
- public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
- {
- boolean foundCallback = false;
- Callback firstUnknown = null;
- int count = callbacks != null ? callbacks.length : 0;
- for(int n = 0; n < count; n ++)
- {
- Callback c = callbacks[n];
- if( c instanceof MapCallback )
- {
- //set parameters to the MapCallback the UsernameTokenCallback
- //created and set up in the init method
- MapCallback mc = (MapCallback) c;
- mc.setInfo(UsernameTokenCallback.NONCE, nonce);
- mc.setInfo(UsernameTokenCallback.CREATED, created);
- foundCallback = true;
- }
- else if( firstUnknown == null )
- {
- firstUnknown = c;
- }
- }
- if( foundCallback == false )
- throw new UnsupportedCallbackException(firstUnknown, "Unrecognized
Callback");
- }
-
-}
Copied:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java
(from rev 5925,
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java)
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java
(rev 0)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/auth/callback/UsernameTokenCallbackHandler.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.security.auth.callback;
+
+//$Id$
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.jboss.security.auth.callback.MapCallback;
+
+/**
+ * A callback handler to be used to pass parameters to the
+ * UsernameTokenCallback.
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 12-Mar-2008
+ *
+ */
+public class UsernameTokenCallbackHandler implements CallbackHandler
+{
+ private String nonce;
+ private String created;
+
+ public UsernameTokenCallbackHandler(String nonce, String created)
+ {
+ this.created = created;
+ this.nonce = nonce;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
+ {
+ boolean foundCallback = false;
+ Callback firstUnknown = null;
+ int count = callbacks != null ? callbacks.length : 0;
+ for(int n = 0; n < count; n ++)
+ {
+ Callback c = callbacks[n];
+ if( c instanceof MapCallback )
+ {
+ //set parameters to the MapCallback the UsernameTokenCallback
+ //created and set up in the init method
+ MapCallback mc = (MapCallback) c;
+ mc.setInfo(UsernameTokenCallback.NONCE, nonce);
+ mc.setInfo(UsernameTokenCallback.CREATED, created);
+ foundCallback = true;
+ }
+ else if( firstUnknown == null )
+ {
+ firstUnknown = c;
+ }
+ }
+ if( foundCallback == false )
+ throw new UnsupportedCallbackException(firstUnknown, "Unrecognized
Callback");
+ }
+
+}
Modified:
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/element/UsernameToken.java
===================================================================
---
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/element/UsernameToken.java 2010-06-16
12:40:22 UTC (rev 12485)
+++
stack/native/branches/dlofthouse/JBPAPP-4447/src/main/java/org/jboss/ws/extensions/security/element/UsernameToken.java 2010-06-16
14:39:27 UTC (rev 12486)
@@ -21,10 +21,15 @@
*/
package org.jboss.ws.extensions.security.element;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
import org.apache.xml.security.utils.XMLUtils;
import org.jboss.ws.extensions.security.Constants;
import org.jboss.ws.extensions.security.Util;
import org.jboss.ws.extensions.security.WSSecurityException;
+import org.jboss.wsf.common.DOMUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -38,6 +43,12 @@
private String username;
private String password;
+
+ private boolean digest;
+
+ private String nonce;
+
+ private String created;
private Document doc;
@@ -45,13 +56,17 @@
private Element cachedElement;
- public UsernameToken(String username, String password, Document doc)
+ public UsernameToken(String username, String password, Document doc, boolean digest,
String nonce, String created)
{
this.username = username;
this.password = password;
this.doc = doc;
+ this.digest = digest;
+ this.nonce = nonce;
+ this.created = created;
}
+ @SuppressWarnings("unchecked")
public UsernameToken(Element element) throws WSSecurityException
{
this.doc = element.getOwnerDocument();
@@ -70,6 +85,24 @@
throw new WSSecurityException("Password child expected in UsernameToken
element");
this.password = XMLUtils.getFullTextChildrenFromElement(child);
+ String passwordType = child.getAttribute("Type");
+ this.digest = Constants.PASSWORD_DIGEST_TYPE.equals(passwordType);
+
+ Iterator<Element> itNonce = DOMUtils.getChildElements(element, new
QName(Constants.WSSE_NS, "Nonce"));
+ if (itNonce != null && itNonce.hasNext())
+ {
+ Element elem = itNonce.next();
+ String encodingType = elem.getAttribute("EncodingType");
+ if (encodingType != null &&
!Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
+ throw new WSSecurityException("Unsupported nonce encoding type: " +
encodingType);
+ this.nonce = XMLUtils.getFullTextChildrenFromElement(elem);
+ }
+
+ Iterator<Element> itCreated = DOMUtils.getChildElements(element, new
QName(Constants.WSSE_NS, "Created"));
+ if (itCreated != null && itCreated.hasNext())
+ {
+ this.created = XMLUtils.getFullTextChildrenFromElement(itCreated.next());
+ }
}
public String getId()
@@ -119,8 +152,24 @@
element.appendChild(child);
child = doc.createElementNS(Constants.WSSE_NS, Constants.WSSE_PREFIX +
":" + "Password");
child.appendChild(doc.createTextNode(password));
+ child.setAttribute("Type", digest ? Constants.PASSWORD_DIGEST_TYPE :
Constants.PASSWORD_TEXT_TYPE);
element.appendChild(child);
-
+ if (digest)
+ {
+ if (nonce != null)
+ {
+ child = doc.createElementNS(Constants.WSSE_NS, Constants.WSSE_PREFIX +
":" + "Nonce");
+ child.appendChild(doc.createTextNode(nonce));
+ child.setAttribute("EncodingType",
Constants.BASE64_ENCODING_TYPE);
+ element.appendChild(child);
+ }
+ if (created != null)
+ {
+ child = doc.createElementNS(Constants.WSSE_NS, Constants.WSSE_PREFIX +
":" + "Created");
+ child.appendChild(doc.createTextNode(created));
+ element.appendChild(child);
+ }
+ }
cachedElement = element;
return cachedElement;
}
@@ -129,4 +178,19 @@
{
return null;
}
+
+ public boolean isDigest()
+ {
+ return digest;
+ }
+
+ public String getNonce()
+ {
+ return nonce;
+ }
+
+ public String getCreated()
+ {
+ return created;
+ }
}