org.apache.cxf.ws.security.trust

Class AbstractSTSClient

java.lang.Object

org.apache.cxf.ws.security.trust.AbstractSTSClient

All Implemented Interfaces:

Configurable, InterceptorProvider

Direct Known Subclasses:

STSClient

public abstract class AbstractSTSClient
extends Object
implements Configurable, InterceptorProvider

An abstract class with some functionality to invoke on a SecurityTokenService (STS) via the WS-Trust protocol.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static class	AbstractSTSClient.STSResponse

Field Summary

Fields

Modifier and Type	Field and Description
protected Object	actAs
protected String	addressingNamespace
protected org.apache.wss4j.policy.model.AlgorithmSuite	algorithmSuite
protected boolean	allowRenewing
protected boolean	allowRenewingAfterExpiry
protected Bus	bus
protected Object	claims
protected CallbackHandler	claimsCallbackHandler
protected Client	client
protected String	context
protected Map<String,Object>	ctx
protected Object	customContent
protected boolean	enableAppliesTo
protected boolean	enableLifetime
protected QName	endpointName
protected List<Feature>	features
protected List<Interceptor<? extends Message>>	in
protected List<Interceptor<? extends Message>>	inFault
protected boolean	isSecureConv
protected boolean	isSpnego
protected int	keySize
protected String	keyType
protected String	location
protected Message	message
protected String	name
protected String	namespace
protected Object	onBehalfOf
protected List<Interceptor<? extends Message>>	out
protected List<Interceptor<? extends Message>>	outFault
protected org.apache.neethi.Policy	policy
protected boolean	requiresEntropy
protected boolean	sendKeyType
protected boolean	sendRenewing
protected QName	serviceName
protected String	soapVersion
protected Element	template
protected TLSClientParameters	tlsClientParameters
protected String	tokenType
protected int	ttl
protected boolean	useCertificateForConfirmationKeyInfo
protected X509Certificate	useKeyCertificate
protected String	wsdlLocation
protected String	wspNamespace

Constructor Summary

Constructors

Constructor and Description
AbstractSTSClient(Bus b)

Method Summary

Modifier and Type	Method and Description
protected void	addAppliesTo(XMLStreamWriter writer, String appliesTo)
protected void	addBinaryExchange(String binaryExchange, W3CDOMStreamWriter writer)
protected void	addClaims(XMLStreamWriter writer)
protected void	addKeySize(int keysize, W3CDOMStreamWriter writer)
protected void	addLifetime(XMLStreamWriter writer)
protected void	addRequestType(String requestType, W3CDOMStreamWriter writer)
protected void	addTokenType(XMLStreamWriter writer)
protected AbstractSTSClient.STSResponse	cancel(SecurityToken token) Make an "Cancel" invocation and return the response as a STSResponse Object
void	configureViaEPR(org.apache.cxf.ws.addressing.EndpointReferenceType ref, boolean useEPRWSAAddrAsMEXLocation)
protected void	createClient()
protected org.apache.wss4j.common.crypto.Crypto	createCrypto(boolean decrypt)
protected CallbackHandler	createHandler()
protected SecurityToken	createSecurityToken(Element el, byte[] requestorEntropy)
protected byte[]	decryptKey(Element child)
protected String	findID(Element rar, Element rur, Element rst)
protected String	findMEXLocation(Element ref)
protected String	findMEXLocation(org.apache.cxf.ws.addressing.EndpointReferenceType ref, boolean useEPRWSAAddrAsMEXLocation)
protected BindingOperationInfo	findOperation(String suffix)
Element	getActAsToken() Get the "ActAs" element to be sent to the STS.
protected PrimitiveAssertion	getAddressingAssertion()
String	getBeanName() Get the configurable object's Bean name
protected X509Certificate	getCert(org.apache.wss4j.common.crypto.Crypto crypto)
CallbackHandler	getClaimsCallbackHandler()
Client	getClient()
String	getContext()
Element	getCustomContent() Get some custom Element to be inserted into the RequestSecurityToken
protected Element	getDelegationSecurityToken(Object delegationObject)
protected Element	getDocumentElement(DOMSource ds)
QName	getEndpointQName()
List<Feature>	getFeatures()
protected String	getIDFromSTR(Element el)
List<Interceptor<? extends Message>>	getInFaultInterceptors() Returns the list of interceptors attached to the incoming fault interceptor chain of the object.
List<Interceptor<? extends Message>>	getInInterceptors() Returns the list of interceptors attached to the incoming interceptor chain of the object.
int	getKeySize()
String	getLocation()
Element	getOnBehalfOfToken() Get the "OnBehalfOf" element to be sent to the STS.
List<Interceptor<? extends Message>>	getOutFaultInterceptors() Returns the list of interceptors attached to the outgoing fault interceptor chain of the object.
List<Interceptor<? extends Message>>	getOutInterceptors() Returns the list of interceptors attached to the outgoing interceptor chain of the object.
Map<String,Object>	getProperties()
protected Object	getProperty(String s)
Map<String,Object>	getRequestContext()
QName	getServiceQName()
String	getTokenType()
X509Certificate	getUseKeyCertificate()
String	getWsdlLocation()
String	getWspNamespace()
boolean	isAllowRenewing()
boolean	isAllowRenewingAfterExpiry()
boolean	isEnableAppliesTo()
boolean	isRequiresEntropy()
boolean	isSecureConv()
boolean	isSpnego()
protected AbstractSTSClient.STSResponse	issue(String appliesTo, String action, String requestType, String binaryExchange) Make an "Issue" invocation and return the response as a STSResponse Object
boolean	isUseCertificateForConfirmationKeyInfo()
AbstractSTSClient.STSResponse	renew(SecurityToken tok) Make an "Renew" invocation and return the response as a STSResponse Object
void	setActAs(Object actAs)
void	setAddressingNamespace(String ad)
void	setAlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite ag)
void	setAllowRenewing(boolean allowRenewing)
void	setAllowRenewingAfterExpiry(boolean allowRenewingAfterExpiry)
void	setBeanName(String s)
void	setClaims(Object rstClaims) Set a Claims Object to be included in the request.
void	setClaimsCallbackHandler(CallbackHandler claimsCallbackHandler)
void	setContext(String context)
void	setCustomContent(Object customContent)
void	setEnableAppliesTo(boolean enableAppliesTo)
void	setEnableLifetime(boolean enableLifetime)
void	setEndpointName(String qn)
void	setEndpointQName(QName qn)
void	setFeatures(List<? extends Feature> f)
void	setInFaultInterceptors(List<Interceptor<? extends Message>> interceptors)
void	setInInterceptors(List<Interceptor<? extends Message>> interceptors)
void	setKeySize(int i)
void	setKeyType(String keyType)
void	setLocation(String location)
void	setMessage(Message message)
void	setNamespace(String namespace)
void	setOnBehalfOf(Object onBehalfOf)
void	setOutFaultInterceptors(List<Interceptor<? extends Message>> interceptors)
void	setOutInterceptors(List<Interceptor<? extends Message>> interceptors)
void	setPolicy(Object newPolicy) Sets the WS-P policy that is applied to communications between this client and the remote server if no value is supplied for setWsdlLocation(String).
protected void	setPolicyInternal(Element newPolicy)
protected void	setPolicyInternal(org.apache.neethi.Policy newPolicy)
protected void	setPolicyInternal(String policyReference)
void	setProperties(Map<String,Object> p)
void	setRequiresEntropy(boolean requiresEntropy)
void	setSecureConv(boolean secureConv)
void	setSendKeyType(boolean sendKeyType)
void	setSendRenewing(boolean sendRenewing)
void	setServiceName(String qn)
void	setServiceQName(QName qn)
void	setSoap11()
void	setSoap11(boolean b)
void	setSoap12()
void	setSpnego(boolean spnego)
void	setTemplate(Element rstTemplate)
void	setTlsClientParameters(TLSClientParameters tlsClientParameters)
void	setTokenType(String tokenType)
void	setTrust(org.apache.wss4j.policy.model.Trust10 trust)
void	setTtl(int ttl)
void	setUseCertificateForConfirmationKeyInfo(boolean useCertificate) Indicate whether to use the signer's public X509 certificate for the subject confirmation key info when creating a RequestsSecurityToken message.
void	setUseKeyCertificate(X509Certificate useKeyCertificate)
void	setWsdlLocation(String wsdl)
void	setWspNamespace(String wspNamespace)
protected boolean	useSecondaryParameters()
protected AbstractSTSClient.STSResponse	validate(SecurityToken tok, String tokentype) Make an "Validate" invocation and return the response as a STSResponse Object
protected void	writeElementsForRSTPublicKey(W3CDOMStreamWriter writer, X509Certificate cert)
protected byte[]	writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer, boolean wroteKeySize)
protected String	writeKeyType(W3CDOMStreamWriter writer, String keyTypeToWrite)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

bus

protected Bus bus

name

protected String name

client

protected Client client

location

protected String location

wsdlLocation

protected String wsdlLocation

serviceName

protected QName serviceName

endpointName

protected QName endpointName

policy

protected org.apache.neethi.Policy policy

soapVersion

protected String soapVersion

keySize

protected int keySize

requiresEntropy

protected boolean requiresEntropy

template

protected Element template

customContent

protected Object customContent

claims

protected Object claims

claimsCallbackHandler

protected CallbackHandler claimsCallbackHandler

algorithmSuite

protected org.apache.wss4j.policy.model.AlgorithmSuite algorithmSuite

namespace

protected String namespace

addressingNamespace

protected String addressingNamespace

wspNamespace

protected String wspNamespace

onBehalfOf

protected Object onBehalfOf

enableAppliesTo

protected boolean enableAppliesTo

useCertificateForConfirmationKeyInfo

protected boolean useCertificateForConfirmationKeyInfo

isSecureConv

protected boolean isSecureConv

isSpnego

protected boolean isSpnego

enableLifetime

protected boolean enableLifetime

ttl

protected int ttl

sendRenewing

protected boolean sendRenewing

allowRenewing

protected boolean allowRenewing

allowRenewingAfterExpiry

protected boolean allowRenewingAfterExpiry

actAs

protected Object actAs

tokenType

protected String tokenType

keyType

protected String keyType

sendKeyType

protected boolean sendKeyType

message

protected Message message

context

protected String context

useKeyCertificate

protected X509Certificate useKeyCertificate

ctx

protected Map<String,Object> ctx

in

protected List<Interceptor<? extends Message>> in

out

protected List<Interceptor<? extends Message>> out

outFault

protected List<Interceptor<? extends Message>> outFault

inFault

protected List<Interceptor<? extends Message>> inFault

features

protected List<Feature> features

tlsClientParameters

protected TLSClientParameters tlsClientParameters

Constructor Detail

AbstractSTSClient

public AbstractSTSClient(Bus b)

Method Detail

getBeanName

public String getBeanName()

Description copied from interface: Configurable

Get the configurable object's Bean name

Specified by:

getBeanName in interface Configurable

Returns:

the bean name

setBeanName

public void setBeanName(String s)

getLocation

public String getLocation()

setLocation

public void setLocation(String location)

setMessage

public void setMessage(Message message)

setTtl

public void setTtl(int ttl)

setEnableLifetime

public void setEnableLifetime(boolean enableLifetime)

setSendRenewing

public void setSendRenewing(boolean sendRenewing)

setTlsClientParameters

public void setTlsClientParameters(TLSClientParameters tlsClientParameters)

setPolicy

public void setPolicy(Object newPolicy)

Sets the WS-P policy that is applied to communications between this client and the remote server if no value is supplied for setWsdlLocation(String).

Accepts Policy or Element as input.

Parameters:

newPolicy - the policy object

Throws:

IllegalArgumentException - if newPolicy is not one of the supported types.

setSoap12

public void setSoap12()

setSoap11

public void setSoap11()

setSoap11

public void setSoap11(boolean b)

setAddressingNamespace

public void setAddressingNamespace(String ad)

setTrust

public void setTrust(org.apache.wss4j.policy.model.Trust10 trust)

isRequiresEntropy

public boolean isRequiresEntropy()

setRequiresEntropy

public void setRequiresEntropy(boolean requiresEntropy)

isSecureConv

public boolean isSecureConv()

setSecureConv

public void setSecureConv(boolean secureConv)

isSpnego

public boolean isSpnego()

setSpnego

public void setSpnego(boolean spnego)

isAllowRenewing

public boolean isAllowRenewing()

setAllowRenewing

public void setAllowRenewing(boolean allowRenewing)

isAllowRenewingAfterExpiry

public boolean isAllowRenewingAfterExpiry()

setAllowRenewingAfterExpiry

public void setAllowRenewingAfterExpiry(boolean allowRenewingAfterExpiry)

isEnableAppliesTo

public boolean isEnableAppliesTo()

setEnableAppliesTo

public void setEnableAppliesTo(boolean enableAppliesTo)

getContext

public String getContext()

setContext

public void setContext(String context)

setAlgorithmSuite

public void setAlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite ag)

getRequestContext

public Map<String,Object> getRequestContext()

setProperties

public void setProperties(Map<String,Object> p)

getProperties

public Map<String,Object> getProperties()

setWsdlLocation

public void setWsdlLocation(String wsdl)

getWsdlLocation

public String getWsdlLocation()

setServiceName

public void setServiceName(String qn)

setEndpointName

public void setEndpointName(String qn)

setServiceQName

public void setServiceQName(QName qn)

getServiceQName

public QName getServiceQName()

setEndpointQName

public void setEndpointQName(QName qn)

getEndpointQName

public QName getEndpointQName()

setActAs

public void setActAs(Object actAs)

setCustomContent

public void setCustomContent(Object customContent)

setKeySize

public void setKeySize(int i)

getKeySize

public int getKeySize()

setTokenType

public void setTokenType(String tokenType)

getTokenType

public String getTokenType()

setSendKeyType

public void setSendKeyType(boolean sendKeyType)

setKeyType

public void setKeyType(String keyType)

setOnBehalfOf

public void setOnBehalfOf(Object onBehalfOf)

setUseCertificateForConfirmationKeyInfo

public void setUseCertificateForConfirmationKeyInfo(boolean useCertificate)

Indicate whether to use the signer's public X509 certificate for the subject confirmation key info when creating a RequestsSecurityToken message. If the property is set to 'false', only the public key value will be provided in the request. If the property is set to 'true' the complete certificate will be sent in the request. Note: this setting is only applicable for assertions that use an asymmetric proof key

isUseCertificateForConfirmationKeyInfo

public boolean isUseCertificateForConfirmationKeyInfo()

setPolicyInternal

protected void setPolicyInternal(org.apache.neethi.Policy newPolicy)

setPolicyInternal

protected void setPolicyInternal(Element newPolicy)

setPolicyInternal

protected void setPolicyInternal(String policyReference)

getClient

public Client getClient()
                 throws BusException,
                        EndpointException

Throws:

BusException

EndpointException

configureViaEPR

public void configureViaEPR(org.apache.cxf.ws.addressing.EndpointReferenceType ref,
                            boolean useEPRWSAAddrAsMEXLocation)

findMEXLocation

protected String findMEXLocation(org.apache.cxf.ws.addressing.EndpointReferenceType ref,
                                 boolean useEPRWSAAddrAsMEXLocation)

findMEXLocation

protected String findMEXLocation(Element ref)

createClient

protected void createClient()
                     throws BusException,
                            EndpointException

Throws:

BusException

EndpointException

findOperation

protected BindingOperationInfo findOperation(String suffix)

issue

protected AbstractSTSClient.STSResponse issue(String appliesTo,
                                              String action,
                                              String requestType,
                                              String binaryExchange)
                                       throws Exception

Make an "Issue" invocation and return the response as a STSResponse Object

Throws:

Exception

getOnBehalfOfToken

public Element getOnBehalfOfToken()
                           throws Exception

Get the "OnBehalfOf" element to be sent to the STS.

Throws:

Exception

getActAsToken

public Element getActAsToken()
                      throws Exception

Get the "ActAs" element to be sent to the STS.

Throws:

Exception

getCustomContent

public Element getCustomContent()
                         throws Exception

Get some custom Element to be inserted into the RequestSecurityToken

Throws:

Exception

getDelegationSecurityToken

protected Element getDelegationSecurityToken(Object delegationObject)
                                      throws Exception

Throws:

Exception

writeElementsForRSTSymmetricKey

protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer,
                                                 boolean wroteKeySize)
                                          throws Exception

Throws:

Exception

writeElementsForRSTPublicKey

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
                                            X509Certificate cert)
                                     throws Exception

Throws:

Exception

addBinaryExchange

protected void addBinaryExchange(String binaryExchange,
                                 W3CDOMStreamWriter writer)
                          throws XMLStreamException

Throws:

XMLStreamException

addKeySize

protected void addKeySize(int keysize,
                          W3CDOMStreamWriter writer)
                   throws XMLStreamException

Throws:

XMLStreamException

addRequestType

protected void addRequestType(String requestType,
                              W3CDOMStreamWriter writer)
                       throws XMLStreamException

Throws:

XMLStreamException

getDocumentElement

protected Element getDocumentElement(DOMSource ds)

renew

public AbstractSTSClient.STSResponse renew(SecurityToken tok)
                                    throws Exception

Make an "Renew" invocation and return the response as a STSResponse Object

Throws:

Exception

getAddressingAssertion

protected PrimitiveAssertion getAddressingAssertion()

validate

protected AbstractSTSClient.STSResponse validate(SecurityToken tok,
                                                 String tokentype)
                                          throws Exception

Make an "Validate" invocation and return the response as a STSResponse Object

Throws:

Exception

cancel

protected AbstractSTSClient.STSResponse cancel(SecurityToken token)
                                        throws Exception

Make an "Cancel" invocation and return the response as a STSResponse Object

Throws:

Exception

useSecondaryParameters

protected boolean useSecondaryParameters()

writeKeyType

protected String writeKeyType(W3CDOMStreamWriter writer,
                              String keyTypeToWrite)
                       throws XMLStreamException

Throws:

XMLStreamException

getCert

protected X509Certificate getCert(org.apache.wss4j.common.crypto.Crypto crypto)
                           throws Exception

Throws:

Exception

addLifetime

protected void addLifetime(XMLStreamWriter writer)
                    throws XMLStreamException

Throws:

XMLStreamException

addAppliesTo

protected void addAppliesTo(XMLStreamWriter writer,
                            String appliesTo)
                     throws XMLStreamException

Throws:

XMLStreamException

addTokenType

protected void addTokenType(XMLStreamWriter writer)
                     throws XMLStreamException

Throws:

XMLStreamException

addClaims

protected void addClaims(XMLStreamWriter writer)
                  throws Exception

Throws:

Exception

createSecurityToken

protected SecurityToken createSecurityToken(Element el,
                                            byte[] requestorEntropy)
                                     throws org.apache.wss4j.common.ext.WSSecurityException,
                                            org.apache.xml.security.exceptions.Base64DecodingException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

org.apache.xml.security.exceptions.Base64DecodingException

decryptKey

protected byte[] decryptKey(Element child)
                     throws TrustException,
                            org.apache.wss4j.common.ext.WSSecurityException,
                            org.apache.xml.security.exceptions.Base64DecodingException

Throws:

TrustException

org.apache.wss4j.common.ext.WSSecurityException

org.apache.xml.security.exceptions.Base64DecodingException

createHandler

protected CallbackHandler createHandler()

getProperty

protected Object getProperty(String s)

createCrypto

protected org.apache.wss4j.common.crypto.Crypto createCrypto(boolean decrypt)
                                                      throws IOException,
                                                             org.apache.wss4j.common.ext.WSSecurityException

Throws:

IOException

org.apache.wss4j.common.ext.WSSecurityException

findID

protected String findID(Element rar,
                        Element rur,
                        Element rst)

getIDFromSTR

protected String getIDFromSTR(Element el)

setTemplate

public void setTemplate(Element rstTemplate)

setClaims

public void setClaims(Object rstClaims)

Set a Claims Object to be included in the request. This Object can be either a DOM Element, which will be copied "as is" into the request, or else a org.apache.cxf.rt.security.claims.ClaimCollection Object.

getOutFaultInterceptors

public List<Interceptor<? extends Message>> getOutFaultInterceptors()

Description copied from interface: InterceptorProvider

Returns the list of interceptors attached to the outgoing fault interceptor chain of the object.

Specified by:

getOutFaultInterceptors in interface InterceptorProvider

Returns:

List outgoing fault interceptor chain

getInFaultInterceptors

public List<Interceptor<? extends Message>> getInFaultInterceptors()

Description copied from interface: InterceptorProvider

Returns the list of interceptors attached to the incoming fault interceptor chain of the object.

Specified by:

getInFaultInterceptors in interface InterceptorProvider

Returns:

List incoming fault interceptor chain

getInInterceptors

public List<Interceptor<? extends Message>> getInInterceptors()

Description copied from interface: InterceptorProvider

Returns the list of interceptors attached to the incoming interceptor chain of the object.

Specified by:

getInInterceptors in interface InterceptorProvider

Returns:

List incoming interceptor chain

getOutInterceptors

public List<Interceptor<? extends Message>> getOutInterceptors()

Description copied from interface: InterceptorProvider

Returns the list of interceptors attached to the outgoing interceptor chain of the object.

Specified by:

getOutInterceptors in interface InterceptorProvider

Returns:

List outgoing interceptor chain

setInInterceptors

public void setInInterceptors(List<Interceptor<? extends Message>> interceptors)

setInFaultInterceptors

public void setInFaultInterceptors(List<Interceptor<? extends Message>> interceptors)

setOutInterceptors

public void setOutInterceptors(List<Interceptor<? extends Message>> interceptors)

setOutFaultInterceptors

public void setOutFaultInterceptors(List<Interceptor<? extends Message>> interceptors)

setFeatures

public void setFeatures(List<? extends Feature> f)

getFeatures

public List<Feature> getFeatures()

getClaimsCallbackHandler

public CallbackHandler getClaimsCallbackHandler()

setClaimsCallbackHandler

public void setClaimsCallbackHandler(CallbackHandler claimsCallbackHandler)

getWspNamespace

public String getWspNamespace()

setWspNamespace

public void setWspNamespace(String wspNamespace)

getUseKeyCertificate

public X509Certificate getUseKeyCertificate()

setUseKeyCertificate

public void setUseKeyCertificate(X509Certificate useKeyCertificate)

setNamespace

public void setNamespace(String namespace)