View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security;
21  
22  import org.apache.ws.security.message.token.BinarySecurity;
23  import org.apache.ws.security.message.token.SecurityContextToken;
24  import org.apache.ws.security.message.token.SignatureConfirmation;
25  import org.apache.ws.security.message.token.Timestamp;
26  import org.apache.ws.security.message.token.UsernameToken;
27  import org.apache.ws.security.saml.ext.AssertionWrapper;
28  
29  import java.security.Principal;
30  import java.security.cert.X509Certificate;
31  import java.util.List;
32  
33  /**
34   * @author Werner Dittmann (Werner.Dittmann@t-online.de)
35   */
36  public class WSSecurityEngineResult extends java.util.HashMap<String, Object> {
37      
38      //
39      // Tokens
40      //
41      
42      /**
43       * 
44       */
45      private static final long serialVersionUID = 8877354445092724300L;
46  
47      /**
48       * Tag denoting the SAML Assertion found, if applicable.
49       *
50       * The value under this tag is of type AssertionWrapper.
51       */
52      public static final String TAG_SAML_ASSERTION = "saml-assertion";
53      
54      /**
55       * Tag denoting the timestamp found, if applicable.
56       *
57       * The value under this tag is of type
58       * org.apache.ws.security.message.token.Timestamp.
59       */
60      public static final String TAG_TIMESTAMP = "timestamp";
61  
62      /**
63       * Tag denoting references to the DOM elements that have been
64       * cryptographically protected.
65       *
66       * The value under this tag is of type SecurityContextToken.
67       */
68      public static final String TAG_SECURITY_CONTEXT_TOKEN = "security-context-token";
69      
70      /**
71       * Tag denoting a UsernameToken object
72       */
73      public static final String TAG_USERNAME_TOKEN = "username-token";
74      
75      /**
76       * Tag denoting a DerivedKeyToken object
77       */
78      public static final String TAG_DERIVED_KEY_TOKEN = "derived-key-token";
79      
80      /**
81       * Tag denoting the signature confirmation of a signed element,
82       * if applicable.
83       *
84       * The value under this tag is of type
85       * org.apache.ws.security.message.token.SignatureConfirmation.
86       */
87      public static final java.lang.String TAG_SIGNATURE_CONFIRMATION = "signature-confirmation";
88  
89      /**
90       * Tag denoting the BinarySecurityToken found, if applicable.
91       *
92       * The value under this tag is of type BinarySecurity.
93       */
94      public static final String TAG_BINARY_SECURITY_TOKEN = "binary-security-token";
95      
96      /**
97       * Tag denoting a Transformed Token. For certain tokens, the Validator may return
98       * an AssertionWrapper instance which corresponds to a transformed version of the
99       * initial token. For example, a Username Token credential might be validated
100      * by an STS and transformed into a SAML Assertion. This tag then holds the 
101      * transformed AssertionWrapper instance, as a component of the Result corresponding
102      * to the Username Token.
103      * 
104      * The value under this tag is of type AssertionWrapper.
105      */
106     public static final String TAG_TRANSFORMED_TOKEN = "transformed-token";
107     
108     /**
109      * Tag denoting that the TAG_*_TOKEN result has been validated by a Validator 
110      * implementation. Some of the processors do not have a default validator implementation,
111      * and so this is not set. Note that this is set for the NoOpValidator if it is 
112      * configured.
113      * 
114      * The value under this tag is a Boolean instance.
115      */
116     public static final String TAG_VALIDATED_TOKEN = "validated-token";
117     
118     /**
119      * Tag denoting the DOM Element of the processed token (if a token has been processed).
120      * 
121      * The value under this tag is of type org.w3c.dom.Element
122      */
123     public static final String TAG_TOKEN_ELEMENT = "token-element";
124     
125     //
126     // Keys and certs
127     //
128     
129     /**
130      * Tag denoting the X.509 certificate found, if applicable.
131      *
132      * The value under this tag is of type java.security.cert.X509Certificate.
133      */
134     public static final String TAG_X509_CERTIFICATE = "x509-certificate";
135 
136     /**
137      * Tag denoting the signature value of a signed element, if applicable.
138      *
139      * The value under this tag is of type byte[].
140      */
141     public static final String TAG_SIGNATURE_VALUE = "signature-value";
142     
143     /**
144      * Tag denoting the X.509 certificate chain found, if applicable.
145      *
146      * The value under this tag is of type java.security.cert.X509Certificate[].
147      */
148     public static final String TAG_X509_CERTIFICATES = "x509-certificates";
149     
150     /**
151      * Tag denoting how the X.509 certificate (chain) was referenced, if applicable.
152      * 
153      * The value under this tag is of type STRParser.REFERENCE_TYPE.
154      */
155     public static final String TAG_X509_REFERENCE_TYPE  = "x509-reference-type";
156 
157     /**
158      * Tag denoting the encrypted key bytes
159      *
160      * The value under this tag is a byte array 
161      */
162     public static final String TAG_ENCRYPTED_EPHEMERAL_KEY = "encrypted-ephemeral-key-bytes";
163     
164     /**
165      * Tag denoting a byte[] secret associated with this token
166      */
167     public static final String TAG_SECRET = "secret";
168     
169     /**
170      * Tag denoting a PublicKey associated with this token
171      */
172     public static final String TAG_PUBLIC_KEY = "public-key";
173     
174     //
175     // General tags
176     //
177 
178     /**
179      * Tag denoting the cryptographic operation performed
180      *
181      * The value under this tag is of type java.lang.Integer
182      */
183     public static final String TAG_ACTION = "action";
184 
185     /**
186      * Tag denoting the security principal found, if applicable.
187      *
188      * The value under this tag is of type java.security.Principal.
189      */
190     public static final String TAG_PRINCIPAL = "principal";
191     
192     /**
193      * Tag denoting the security subject found, if applicable.
194      *
195      * The value under this tag is of type javax.security.auth.Subject.
196      */
197     public static final String TAG_SUBJECT = "subject";
198     
199     /**
200      * Tag denoting references to a List of Data ref URIs.
201      *
202      * The value under this tag is of type List.
203      */
204     public static final String TAG_DATA_REF_URIS = "data-ref-uris";
205 
206     /**
207      * Tag denoting the encrypted key transport algorithm.
208      *
209      * The value under this tag is of type String.
210      */
211     public static final String TAG_ENCRYPTED_KEY_TRANSPORT_METHOD = "encrypted-key-transport-method";
212     
213     /**
214      * Tag denoting the algorithm that was used to sign the message
215      *
216      * The value under this tag is of type String.
217      */
218     public static final String TAG_SIGNATURE_METHOD = "signature-method";
219 
220     /**
221      * Tag denoting the algorithm that was used to do canonicalization
222      *
223      * The value under this tag is of type String.
224      */
225     public static final String TAG_CANONICALIZATION_METHOD = "canonicalization-method";
226     
227     /**
228      * The (wsu) Id of the token corresponding to this result.
229      */
230     public static final String TAG_ID = "id";
231     
232     public WSSecurityEngineResult(int act) {
233         put(TAG_ACTION, Integer.valueOf(act));
234     }
235     
236     public WSSecurityEngineResult(
237         int act, 
238         AssertionWrapper ass
239     ) {
240         put(TAG_ACTION, Integer.valueOf(act));
241         put(TAG_SAML_ASSERTION, ass);
242         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
243         put(TAG_TOKEN_ELEMENT, ass.getElement());
244     }
245 
246     public WSSecurityEngineResult(
247         int act, 
248         Principal princ,
249         X509Certificate[] certs, 
250         byte[] sv
251     ) {
252         put(TAG_ACTION, Integer.valueOf(act));
253         put(TAG_PRINCIPAL, princ);
254         put(TAG_X509_CERTIFICATES, certs);
255         put(TAG_SIGNATURE_VALUE, sv);
256         if (certs != null) {
257             put(TAG_X509_CERTIFICATE, certs[0]);
258         }
259         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
260     }
261 
262     public
263     WSSecurityEngineResult(
264         int act,
265         Principal princ,
266         X509Certificate[] certs,
267         List<WSDataRef> dataRefs,
268         byte[] sv
269     ) {
270         this(act, princ, certs, sv);
271         put(TAG_DATA_REF_URIS, dataRefs);
272     }
273     
274     public WSSecurityEngineResult(
275         int act, 
276         byte[] decryptedKey, 
277         byte[] encryptedKeyBytes,
278         List<WSDataRef> dataRefUris
279     ) {
280         put(TAG_ACTION, Integer.valueOf(act));
281         put(TAG_SECRET, decryptedKey);
282         put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
283         put(TAG_DATA_REF_URIS, dataRefUris);
284         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
285     }
286     
287     public WSSecurityEngineResult(
288         int act, 
289         byte[] decryptedKey, 
290         byte[] encryptedKeyBytes,
291         List<WSDataRef> dataRefUris,
292         X509Certificate[] certs
293     ) {
294         put(TAG_ACTION, Integer.valueOf(act));
295         put(TAG_SECRET, decryptedKey);
296         put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
297         put(TAG_DATA_REF_URIS, dataRefUris);
298         put(TAG_X509_CERTIFICATES, certs);
299         if (certs != null) {
300             put(TAG_X509_CERTIFICATE, certs[0]);
301         }
302         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
303     }
304     
305     public WSSecurityEngineResult(int act, List<WSDataRef> dataRefUris) {
306         put(TAG_ACTION, Integer.valueOf(act));
307         put(TAG_DATA_REF_URIS, dataRefUris);
308         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
309     }
310     
311     public WSSecurityEngineResult(int act, Timestamp tstamp) {
312         put(TAG_ACTION, Integer.valueOf(act));
313         put(TAG_TIMESTAMP, tstamp);
314         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
315         put(TAG_TOKEN_ELEMENT, tstamp.getElement());
316     }
317     
318     public WSSecurityEngineResult(int act, SecurityContextToken sct) {
319         put(TAG_ACTION, Integer.valueOf(act));
320         put(TAG_SECURITY_CONTEXT_TOKEN, sct);
321         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
322         put(TAG_TOKEN_ELEMENT, sct.getElement());
323     }
324     
325     public WSSecurityEngineResult(int act, SignatureConfirmation sc) {
326         put(TAG_ACTION, Integer.valueOf(act));
327         put(TAG_SIGNATURE_CONFIRMATION, sc);
328         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
329         put(TAG_TOKEN_ELEMENT, sc.getElement());
330     }
331     
332     public WSSecurityEngineResult(int act, UsernameToken usernameToken) {
333         this(act, usernameToken, null);
334     }
335     
336     public WSSecurityEngineResult(int act, UsernameToken usernameToken, Principal principal) {
337         put(TAG_ACTION, Integer.valueOf(act));
338         put(TAG_USERNAME_TOKEN, usernameToken);
339         put(TAG_PRINCIPAL, principal);
340         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
341         put(TAG_TOKEN_ELEMENT, usernameToken.getElement());
342     }
343 
344     public WSSecurityEngineResult(int act, BinarySecurity token, X509Certificate[] certs) {
345         put(TAG_ACTION, Integer.valueOf(act));
346         put(TAG_BINARY_SECURITY_TOKEN, token);
347         put(TAG_X509_CERTIFICATES, certs);
348         if (certs != null) {
349             put(TAG_X509_CERTIFICATE, certs[0]);
350         }
351         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
352         put(TAG_TOKEN_ELEMENT, token.getElement());
353     }
354 
355     
356 }